| ssh.1 (162856) | ssh.1 (164149) |
|---|---|
| 1.\" -*- nroff -*- 2.\" 3.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5.\" All rights reserved 6.\" 7.\" As far as I am concerned, the code I have written for this software 8.\" can be used freely for any purpose. Any derived versions of this --- 20 unchanged lines hidden (view full) --- 29.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 30.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 31.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 32.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 33.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 36.\" | 1.\" -*- nroff -*- 2.\" 3.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5.\" All rights reserved 6.\" 7.\" As far as I am concerned, the code I have written for this software 8.\" can be used freely for any purpose. Any derived versions of this --- 20 unchanged lines hidden (view full) --- 29.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 30.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 31.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 32.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 33.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 36.\" |
| 37.\" $OpenBSD: ssh.1,v 1.263 2006/07/11 18:50:48 markus Exp $ 38.\" $FreeBSD: head/crypto/openssh/ssh.1 162856 2006-09-30 13:38:06Z des $ | 37.\" $OpenBSD: ssh.1,v 1.265 2006/10/28 18:08:10 otto Exp $ 38.\" $FreeBSD: head/crypto/openssh/ssh.1 164149 2006-11-10 16:52:41Z des $ |
| 39.Dd September 25, 1999 40.Dt SSH 1 41.Os 42.Sh NAME 43.Nm ssh 44.Nd OpenSSH SSH client (remote login program) 45.Sh SYNOPSIS 46.Nm ssh --- 1027 unchanged lines hidden (view full) --- 1074The 1075.Xr sshd_config 5 1076configuration option 1077.Cm PermitTunnel 1078controls whether the server supports this, 1079and at what level (layer 2 or 3 traffic). 1080.Pp 1081The following example would connect client network 10.0.50.0/24 | 39.Dd September 25, 1999 40.Dt SSH 1 41.Os 42.Sh NAME 43.Nm ssh 44.Nd OpenSSH SSH client (remote login program) 45.Sh SYNOPSIS 46.Nm ssh --- 1027 unchanged lines hidden (view full) --- 1074The 1075.Xr sshd_config 5 1076configuration option 1077.Cm PermitTunnel 1078controls whether the server supports this, 1079and at what level (layer 2 or 3 traffic). 1080.Pp 1081The following example would connect client network 10.0.50.0/24 |
| 1082with remote network 10.0.99.0/24, provided that the SSH server 1083running on the gateway to the remote network, 1084at 192.168.1.15, allows it: | 1082with remote network 10.0.99.0/24 using a point-to-point connection 1083from 10.1.1.1 to 10.1.1.2, 1084provided that the SSH server running on the gateway to the remote network, 1085at 192.168.1.15, allows it. 1086.Pp 1087On the client: |
| 1085.Bd -literal -offset indent 1086# ssh -f -w 0:1 192.168.1.15 true | 1088.Bd -literal -offset indent 1089# ssh -f -w 0:1 192.168.1.15 true |
| 1087# ifconfig tun0 10.0.50.1 10.0.99.1 netmask 255.255.255.252 | 1090# ifconfig tun0 10.1.1.1 10.1.1.2 netmask 255.255.255.252 1091# route add 10.0.99.0/24 10.1.1.2 |
| 1088.Ed 1089.Pp | 1092.Ed 1093.Pp |
| 1094On the server: 1095.Bd -literal -offset indent 1096# ifconfig tun1 10.1.1.2 10.1.1.1 netmask 255.255.255.252 1097# route add 10.0.50.0/24 10.1.1.1 1098.Ed 1099.Pp |
|
| 1090Client access may be more finely tuned via the 1091.Pa /root/.ssh/authorized_keys 1092file (see below) and the 1093.Cm PermitRootLogin 1094server option. 1095The following entry would permit connections on 1096.Xr tun 4 1097device 1 from user --- 4 unchanged lines hidden (view full) --- 1102.Cm PermitRootLogin 1103is set to 1104.Dq forced-commands-only : 1105.Bd -literal -offset 2n 1106tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... jane 1107tunnel="2",command="sh /etc/netstart tun2" ssh-rsa ... john 1108.Ed 1109.Pp | 1100Client access may be more finely tuned via the 1101.Pa /root/.ssh/authorized_keys 1102file (see below) and the 1103.Cm PermitRootLogin 1104server option. 1105The following entry would permit connections on 1106.Xr tun 4 1107device 1 from user --- 4 unchanged lines hidden (view full) --- 1112.Cm PermitRootLogin 1113is set to 1114.Dq forced-commands-only : 1115.Bd -literal -offset 2n 1116tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... jane 1117tunnel="2",command="sh /etc/netstart tun2" ssh-rsa ... john 1118.Ed 1119.Pp |
| 1110Since a SSH-based setup entails a fair amount of overhead, | 1120Since an SSH-based setup entails a fair amount of overhead, |
| 1111it may be more suited to temporary setups, 1112such as for wireless VPNs. 1113More permanent VPNs are better provided by tools such as 1114.Xr ipsecctl 8 1115and 1116.Xr isakmpd 8 . 1117.Sh ENVIRONMENT 1118.Nm --- 303 unchanged lines hidden --- | 1121it may be more suited to temporary setups, 1122such as for wireless VPNs. 1123More permanent VPNs are better provided by tools such as 1124.Xr ipsecctl 8 1125and 1126.Xr isakmpd 8 . 1127.Sh ENVIRONMENT 1128.Nm --- 303 unchanged lines hidden --- |