From 734f2f83f5ff86f2967a99d67be9ce22dd0394dd Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sat, 25 Jan 2020 06:03:10 +0000 Subject: [PATCH] upstream: mention that permitopen=/PermitOpen do no name to address translation; prompted by bz3099 OpenBSD-Commit-ID: 0dda8e54d566b29855e76bebf9cfecce573f5c23 --- sshd.8 | 8 ++++---- sshd_config.5 | 8 +++++--- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/sshd.8 b/sshd.8 index b7042cb5ecdd..c5f8987d228f 100644 --- a/sshd.8 +++ b/sshd.8 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.311 2019/12/21 20:22:34 naddy Exp $ -.Dd $Mdocdate: December 21 2019 $ +.\" $OpenBSD: sshd.8,v 1.312 2020/01/25 06:03:10 djm Exp $ +.Dd $Mdocdate: January 25 2020 $ .Dt SSHD 8 .Os .Sh NAME @@ -600,8 +600,8 @@ IPv6 addresses can be specified by enclosing the address in square brackets. Multiple .Cm permitopen options may be applied separated by commas. -No pattern matching is performed on the specified hostnames, -they must be literal domains or addresses. +No pattern matching or name lookup is performed on the +specified hostnames, they must be literal host names and/or addresses. A port specification of .Cm * matches any port. diff --git a/sshd_config.5 b/sshd_config.5 index 3a64317a6afa..53d943760929 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.298 2020/01/21 06:09:56 dtucker Exp $ -.Dd $Mdocdate: January 21 2020 $ +.\" $OpenBSD: sshd_config.5,v 1.299 2020/01/25 06:03:11 djm Exp $ +.Dd $Mdocdate: January 25 2020 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -1299,7 +1299,9 @@ An argument of can be used to prohibit all forwarding requests. The wildcard .Sq * -can be used for host or port to allow all hosts or ports, respectively. +can be used for host or port to allow all hosts or ports respectively. +Otherwise, no pattern matching or address lookups are performed on supplied +names. By default all port forwarding requests are permitted. .It Cm PermitRootLogin Specifies whether root can log in using