| version 1.245, 2006/01/06 13:29:10 |
version 1.246, 2006/01/12 14:44:12 |
|
|
| Request rekeying of the connection |
Request rekeying of the connection |
| (only useful for SSH protocol version 2 and if the peer supports it). |
(only useful for SSH protocol version 2 and if the peer supports it). |
| .El |
.El |
| .Sh X11 AND TCP FORWARDING |
.Sh TCP FORWARDING |
| |
Forwarding of arbitrary TCP connections over the secure channel can |
| |
be specified either on the command line or in a configuration file. |
| |
One possible application of TCP forwarding is a secure connection to a |
| |
mail server; another is going through firewalls. |
| |
.Pp |
| |
In the example below, we look at encrypting communication between |
| |
an IRC client and server, even though the IRC server does not directly |
| |
support encrypted communications. |
| |
This works as follows: |
| |
the user connects to the remote host using |
| |
.Nm , |
| |
specifying a port to be used to forward connections |
| |
to the remote server. |
| |
After that it is possible to start the service which is to be encrypted |
| |
on the client machine, |
| |
connecting to the same local port, |
| |
and |
| |
.Nm |
| |
will encrypt and forward the connection. |
| |
.Pp |
| |
The following example tunnels an IRC session from client machine |
| |
.Dq 127.0.0.1 |
| |
(localhost) |
| |
to remote server |
| |
.Dq server.example.com : |
| |
.Bd -literal -offset 4n |
| |
$ ssh -f -L 1234:localhost:6667 server.example.com sleep 10 |
| |
$ irc -c '#users' -p 1234 pinky 127.0.0.1 |
| |
.Ed |
| |
.Pp |
| |
This tunnels a connection to IRC server |
| |
.Dq server.example.com , |
| |
joining channel |
| |
.Dq #users , |
| |
nickname |
| |
.Dq pinky , |
| |
using port 1234. |
| |
It doesn't matter which port is used, |
| |
as long as it's greater than 1023 |
| |
(remember, only root can open sockets on privileged ports) |
| |
and doesn't conflict with any ports already in use. |
| |
The connection is forwarded to port 6667 on the remote server, |
| |
since that's the standard port for IRC services. |
| |
.Pp |
| |
The |
| |
.Fl f |
| |
option backgrounds |
| |
.Nm |
| |
and the remote command |
| |
.Dq sleep 10 |
| |
is specified to allow an amount of time |
| |
(10 seconds, in the example) |
| |
to start the service which is to be tunnelled. |
| |
If no connections are made within the time specified, |
| |
.Nm |
| |
will exit. |
| |
Once opened, |
| |
a SSH connection will remain active |
| |
until all actively forwarded connections have closed. |
| |
.Sh X11 FORWARDING |
| If the |
If the |
| .Cm ForwardX11 |
.Cm ForwardX11 |
| variable is set to |
variable is set to |
|
|
| options above) and |
options above) and |
| the user is using an authentication agent, the connection to the agent |
the user is using an authentication agent, the connection to the agent |
| is automatically forwarded to the remote side. |
is automatically forwarded to the remote side. |
| .Pp |
|
| Forwarding of arbitrary TCP/IP connections over the secure channel can |
|
| be specified either on the command line or in a configuration file. |
|
| One possible application of TCP/IP forwarding is a secure connection to an |
|
| electronic purse; another is going through firewalls. |
|
| .Sh ENVIRONMENT |
.Sh ENVIRONMENT |
| .Nm |
.Nm |
| will normally set the following environment variables: |
will normally set the following environment variables: |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh