upstream: mention that LocalForward and RemoteForward can accept Unix

domain socket paths; GHPR115 OpenBSD-Commit-ID: a8a34d0a0c51a9ddab3dfce615f9878fa76ef842
beldmit · Oct 18, 2024 · fe4305c · fe4305c
1 parent 9c97b6a
commit fe4305c
Showing 1 changed file with 20 additions and 7 deletions.
diff --git a/ssh_config.5 b/ssh_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.403 2024/09/25 06:13:01 jmc Exp $
-.Dd $Mdocdate: September 25 2024 $
+.\" $OpenBSD: ssh_config.5,v 1.404 2024/10/18 05:53:26 djm Exp $
+.Dd $Mdocdate: October 18 2024 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -1344,9 +1344,11 @@ This directive is ignored unless
 .Cm PermitLocalCommand
 has been enabled.
 .It Cm LocalForward
-Specifies that a TCP port on the local machine be forwarded over
-the secure channel to the specified host and port from the remote machine.
-The first argument specifies the listener and may be
+Specifies that a TCP port or Unix-domain socket on the local machine
+be forwarded over
+the secure channel to the specified host and port (or Unix-domain socket)
+from the remote machine.
+For a TCP port, the first argument must be
 .Sm off
 .Oo Ar bind_address : Oc Ar port
 .Sm on
@@ -1356,6 +1358,11 @@ The second argument is the destination and may be
 or a Unix domain socket path if the remote host supports it.
 .Pp
 IPv6 addresses can be specified by enclosing addresses in square brackets.
+.Pp
+If either argument contains a '/' in it, that argument will be
+interpreted as a Unix-domain socket (on the corresponding host) rather
+than a TCP port.
+.Pp
 Multiple forwardings may be specified, and additional forwardings can be
 given on the command line.
 Only the superuser can forward privileged ports.
@@ -1705,9 +1712,10 @@ accept the tokens described in the
 .Sx TOKENS
 section.
 .It Cm RemoteForward
-Specifies that a TCP port on the remote machine be forwarded over
-the secure channel.
+Specifies that a TCP port or Unix-domain socket on the remote machine
+be forwarded over the secure channel.
 The remote port may either be forwarded to a specified host and port
+or Unix-domain socket
 from the local machine, or may act as a SOCKS 4/5 proxy that allows a remote
 client to connect to arbitrary destinations from the local machine.
 The first argument is the listening specification and may be
@@ -1725,6 +1733,11 @@ restricted by
 .Cm PermitRemoteOpen .
 .Pp
 IPv6 addresses can be specified by enclosing addresses in square brackets.
+.Pp
+If either argument contains a '/' in it, that argument will be
+interpreted as a Unix-domain socket (on the corresponding host) rather
+than a TCP port.
+.Pp
 Multiple forwardings may be specified, and additional
 forwardings can be given on the command line.
 Privileged ports can be forwarded only when