From: djm@openbsd.org Date: Sat, 25 Jan 2020 06:03:10 +0000 (+0000) Subject: upstream: mention that permitopen=/PermitOpen do no name to address X-Git-Tag: V_8_2_P1~64 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=734f2f83f5ff86f2967a99d67be9ce22dd0394dd;p=thirdparty%2Fopenssh-portable.git upstream: mention that permitopen=/PermitOpen do no name to address translation; prompted by bz3099 OpenBSD-Commit-ID: 0dda8e54d566b29855e76bebf9cfecce573f5c23 --- diff --git a/sshd.8 b/sshd.8 index b7042cb5e..c5f8987d2 100644 --- a/sshd.8 +++ b/sshd.8 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.311 2019/12/21 20:22:34 naddy Exp $ -.Dd $Mdocdate: December 21 2019 $ +.\" $OpenBSD: sshd.8,v 1.312 2020/01/25 06:03:10 djm Exp $ +.Dd $Mdocdate: January 25 2020 $ .Dt SSHD 8 .Os .Sh NAME @@ -600,8 +600,8 @@ IPv6 addresses can be specified by enclosing the address in square brackets. Multiple .Cm permitopen options may be applied separated by commas. -No pattern matching is performed on the specified hostnames, -they must be literal domains or addresses. +No pattern matching or name lookup is performed on the +specified hostnames, they must be literal host names and/or addresses. A port specification of .Cm * matches any port. diff --git a/sshd_config.5 b/sshd_config.5 index 3a64317a6..53d943760 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.298 2020/01/21 06:09:56 dtucker Exp $ -.Dd $Mdocdate: January 21 2020 $ +.\" $OpenBSD: sshd_config.5,v 1.299 2020/01/25 06:03:11 djm Exp $ +.Dd $Mdocdate: January 25 2020 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -1299,7 +1299,9 @@ An argument of can be used to prohibit all forwarding requests. The wildcard .Sq * -can be used for host or port to allow all hosts or ports, respectively. +can be used for host or port to allow all hosts or ports respectively. +Otherwise, no pattern matching or address lookups are performed on supplied +names. By default all port forwarding requests are permitted. .It Cm PermitRootLogin Specifies whether root can log in using