diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2016-07-15 00:24:30 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2016-07-15 14:20:10 +1000 |
| commit | ed877ef653847d056bb433975d731b7a1132a979 (patch) | |
| tree | 855230b944a0fc2eebdaa4c037f911e28ff21e17 /ssh.1 | |
| parent | 5c02dd126206a26785379e80f2d3848e4470b711 (diff) | |
upstream commit
Add a ProxyJump ssh_config(5) option and corresponding -J
ssh(1) command-line flag to allow simplified indirection through a SSH
bastion or "jump host".
These options construct a proxy command that connects to the
specified jump host(s) (more than one may be specified) and uses
port-forwarding to establish a connection to the next destination.
This codifies the safest way of indirecting connections through SSH
servers and makes it easy to use.
ok markus@
Upstream-ID: fa899cb8b26d889da8f142eb9774c1ea36b04397
Diffstat (limited to 'ssh.1')
| -rw-r--r-- | ssh.1 | 24 |
1 files changed, 22 insertions, 2 deletions
@@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.374 2016/06/29 17:14:28 jmc Exp $ -.Dd $Mdocdate: June 29 2016 $ +.\" $OpenBSD: ssh.1,v 1.375 2016/07/15 00:24:30 djm Exp $ +.Dd $Mdocdate: July 15 2016 $ .Dt SSH 1 .Os .Sh NAME @@ -52,6 +52,7 @@ .Op Fl F Ar configfile .Op Fl I Ar pkcs11 .Op Fl i Ar identity_file +.Oo Fl J Ar user Ns @ Oc Ns Ar host Ns Op : Ns Ar port .Op Fl L Ar address .Op Fl l Ar login_name .Op Fl m Ar mac_spec @@ -312,6 +313,24 @@ by appending .Pa -cert.pub to identity filenames. .Pp +.It Fl J Xo +.Sm off +.Oo Ar jump_user @ Oc +.Ar jump_host +.Ns Op : Ns Ar jump_port +.Sm on +.Xc +Connect to the target host by first making a +.Nm +connection to +.Ar jump_host +and then establishing a TCP forward to the ultimate destination from +there. +Multiple jump hops may be specified separated by comma characters. +This is a shortcut to specify a +.Cm ProxyJump +configuration directive. +.Pp .It Fl K Enables GSSAPI-based authentication and forwarding (delegation) of GSSAPI credentials to the server. @@ -523,6 +542,7 @@ For full details of the options listed below, and their possible values, see .It PreferredAuthentications .It Protocol .It ProxyCommand +.It ProxyJump .It ProxyUseFdpass .It PubkeyAcceptedKeyTypes .It PubkeyAuthentication |