=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh.1,v retrieving revision 1.257.2.2 retrieving revision 1.258 diff -u -r1.257.2.2 -r1.258 --- src/usr.bin/ssh/ssh.1 2006/11/08 00:17:14 1.257.2.2 +++ src/usr.bin/ssh/ssh.1 2006/03/16 04:24:42 1.258 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.257.2.2 2006/11/08 00:17:14 brad Exp $ +.\" $OpenBSD: ssh.1,v 1.258 2006/03/16 04:24:42 djm Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -78,8 +78,7 @@ .Oc .Op Fl S Ar ctl_path .Bk -words -.Oo Fl w Ar local_tun Ns -.Op : Ns Ar remote_tun Oc +.Op Fl w Ar tunnel : Ns Ar tunnel .Oo Ar user Ns @ Oc Ns Ar hostname .Op Ar command .Ek @@ -449,7 +448,6 @@ .It ControlPath .It DynamicForward .It EscapeChar -.It ExitOnForwardFailure .It ForwardAgent .It ForwardX11 .It ForwardX11Trusted @@ -590,35 +588,24 @@ .Fl v options increase the verbosity. The maximum is 3. -.It Fl w Xo -.Ar local_tun Ns Op : Ns Ar remote_tun -.Xc -Requests -tunnel -device forwarding with the specified +.It Fl w Ar tunnel : Ns Ar tunnel +Requests a .Xr tun 4 -devices between the client -.Pq Ar local_tun -and the server -.Pq Ar remote_tun . -.Pp +device on the client +(first +.Ar tunnel +arg) +and server +(second +.Ar tunnel +arg). The devices may be specified by numerical ID or the keyword .Dq any , which uses the next available tunnel device. -If -.Ar remote_tun -is not specified, it defaults to -.Dq any . See also the .Cm Tunnel -and -.Cm TunnelDevice -directives in +directive in .Xr ssh_config 5 . -If the -.Cm Tunnel -directive is unset, it is set to the default tunnel mode, which is -.Dq point-to-point . .It Fl X Enables X11 forwarding. This can also be specified on a per-host basis in a configuration file. @@ -679,7 +666,6 @@ integrity of the connection. .Pp The methods available for authentication are: -GSSAPI-based authentication, host-based authentication, public key authentication, challenge-response authentication, @@ -886,9 +872,7 @@ options (see above). It also allows the cancellation of existing remote port-forwardings using -.Sm off -.Fl KR Oo Ar bind_address : Oc Ar port . -.Sm on +.Fl KR Ar hostport . .Ic !\& Ns Ar command allows the user to execute a local command if the .Ic PermitLocalCommand @@ -1041,7 +1025,8 @@ The SSHFP resource records should first be added to the zonefile for host.example.com: .Bd -literal -offset indent -$ ssh-keygen -r host.example.com. +$ ssh-keygen -f /etc/ssh/ssh_host_rsa_key.pub -r host.example.com. +$ ssh-keygen -f /etc/ssh/ssh_host_dsa_key.pub -r host.example.com. .Ed .Pp The output lines will have to be added to the zonefile. @@ -1077,24 +1062,14 @@ and at what level (layer 2 or 3 traffic). .Pp The following example would connect client network 10.0.50.0/24 -with remote network 10.0.99.0/24 using a point-to-point connection -from 10.1.1.1 to 10.1.1.2, -provided that the SSH server running on the gateway to the remote network, -at 192.168.1.15, allows it. -.Pp -On the client: +with remote network 10.0.99.0/24, provided that the SSH server +running on the gateway to the remote network, +at 192.168.1.15, allows it: .Bd -literal -offset indent # ssh -f -w 0:1 192.168.1.15 true -# ifconfig tun0 10.1.1.1 10.1.1.2 netmask 255.255.255.252 -# route add 10.0.99.0/24 10.1.1.2 +# ifconfig tun0 10.0.50.1 10.0.99.1 netmask 255.255.255.252 .Ed .Pp -On the server: -.Bd -literal -offset indent -# ifconfig tun1 10.1.1.2 10.1.1.1 netmask 255.255.255.252 -# route add 10.0.50.0/24 10.1.1.1 -.Ed -.Pp Client access may be more finely tuned via the .Pa /root/.ssh/authorized_keys file (see below) and the @@ -1115,7 +1090,7 @@ tunnel="2",command="sh /etc/netstart tun2" ssh-rsa ... john .Ed .Pp -Since an SSH-based setup entails a fair amount of overhead, +Since a SSH-based setup entails a fair amount of overhead, it may be more suited to temporary setups, such as for wireless VPNs. More permanent VPNs are better provided by tools such as