openssh bugs - Nov 2003 - [Bug 760] GatewayPorts clarification in _config man pages

http://bugzilla.mindrot.org/show_bug.cgi?id=760

           Summary: GatewayPorts clarification in _config man pages
           Product: Portable OpenSSH
           Version: 3.7p1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: minor
          Priority: P2
         Component: Documentation
        AssignedTo: openssh-bugs at mindrot.org
        ReportedBy: nathanst at ontko.com


I recently tried to use port forwarding and ran in to some confusion over the
GatewayPorts setting.  I think it would be helpful to update the _config man
pages with the following clarifications:

  ssh_config GatewayPorts section
    * (at least for "remote" port forwardings requested using
"ssh -R") this
      parameter doesn't directly control which address is used for the port 
      bindings, but instead controls whether or not the client requests
      that the remote server do this -- and that the remote server must
      be configured to allow this option or it will silently be ignored.

    * It might be good to mention that the "-g" option to ssh is
equivalent to
      GatewayPorts=yes .

   sshd_config GatewayPorts section

     * This should be reworded to make clear that GatewayPorts in the 
       server config controls whether or not clients are _allowed_ to 
       request wildcard fowardings, but even with this set to Yes
       the actual loopback v.s. wildcard setting will be based on the
       setting requested by the client.

     * If I my understanding of the port-forwarding process is correct,
       this setting only applies to "remote" port forwardings
("ssh -R")
       which are connecting in to this SSH daemon.

I looked in the WebCVS versions of ssh_config.5 and sshd_config.5 and it 
looks like these man page paragraphs still have the same text as the OpenSSH 3.4
release that I am using, so hopefully these changes haven't already been
made.

Thanks.

                                      Nathan



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=760

nathanst at ontko.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID



------- Additional Comments From nathanst at ontko.com  2003-11-16 10:22 -------
Hmm, after repeating some of my testing I see that I was wrong in my original 
comments. 

I guess it's not actually possible to control from the client which type of
address binding is used on the server side for a "remote" forward
request.
And with that in mind I see the man pages do actually say what they need to.

Sorry for the confusion.

                                               Nathan



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.