previous
next
Use the following keywords or command line options to configure port forwarding.
You can use the following options on the ssh command line.
|
Option |
Description |
|---|---|
|
-L listening_port:host:hostport |
Open the specified port on the Secure Shell client host (listening_port) and forward data to the destination host and hostport. |
|
-R listening_port:host:hostport |
Open the specified port on the Secure Shell server host (listening_port) and forward data to the destination host and hostport. |
|
-X |
Enables X11 connection forwarding and treats X11 clients as untrusted. Untrusted remote X11 clients are prevented from tampering with data belonging to trusted X11 clients. |
|
-x |
Disables X11 connection forwarding. |
|
-Y |
Enables X11 connection forwarding and treats X11 clients as trusted. |
You can configure the following settings in the client configuration file. (The global file is /etc/ssh2/ssh2_config; the user-specific file is ~/.ssh2/ssh2_config.)
|
Keyword |
Description |
|---|---|
|
ClearAllForwardings |
Clears any local, remote, or dynamically forwarded ports that have already been processed from either a configuration file or the command line. scp and sftp clear all forwarded ports automatically, regardless of the value of this setting. The default is no. |
|
ForwardX11 |
Equivalent to -X. |
|
GatewayPorts |
Controls whether forwarded ports on the Secure Shell client host are available to remote applications. The default is no, which prevents applications running on other computers from connecting to forwarded ports. |
|
LocalForward listening_port:host:hostport |
Equivalent to -L. |
|
RemoteForward listening_port:host:hostport |
Equivalent to -R. |
|
TrustX11Applications |
Specifies whether the X server treats forwarded X11 client applications as trusted. The default is no. |
|
XauthPath |
Specifies the full path of the xauth program. The default is /usr/bin/xauth. |
You can configure the following settings in the server configuration file (/etc/ssh2/sshd2_config).
|
Option |
Description |
|---|---|
|
AllowTCPForwarding |
Enables or disables all port forwarding. The default is yes. |
|
AllowX11Forwarding |
Specifies whether X11 forwarding is allowed. The default is yes. |
|
AllowTCPForwardingForGroups DenyTCPForwardingForGroups |
Allows or denies port forwarding for specified groups. Regular expressions are supported. |
|
AllowTCPForwardingForUsers DenyTCPForwardingForUsers |
Allows or denies port forwarding only for specified users. Regular expressions are supported. |
|
ForwardACL |
Provides detailed control over port forwarding. For details, see Server Configuration Keywords. |
|
GatewayPorts |
Specifies whether remote hosts are allowed to connect to ports forwarded for the client. The default is no. |
|
X11UseLocalHost |
Specifies whether the server should bind X11 forwarding to the loopback address. The default is yes. |