From 3b7e4d422e885644f867932a0cb9bab6cd54da12 Mon Sep 17 00:00:00 2001 From: Florian Schlegel Date: Fri, 15 Apr 2022 02:03:35 +0200 Subject: [PATCH] add description for crucial client parameters --- README.md | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 3a80841..5aad174 100644 --- a/README.md +++ b/README.md @@ -79,8 +79,7 @@ exit 0 Don't forget to mark the script as executable: `chmod +x /etc/rc.local` The client side ssh command looks like: -`ssh ssh-port-forwarding@myserver.example.com -TNnqakx -o "TCPKeepAlive yes" -o "ServerAliveInterval 5" -o "ServerAliveCountMax 3" -o "ExitOnForwardFailure yes" -L [...] -R [...]` - +`ssh ssh-port-forwarding@myserver.example.com -TNnqakx -o "TCPKeepAlive yes" -o "ServerAliveInterval 5" -o "ServerAliveCountMax 3" -o "ExitOnForwardFailure yes" -R [bind_address:]port:host:hostport -L [bind_address:]port:host:hostport` * `-T` disable pseudo terminal allocation * `-N` don't execute any command on the server * `-n` redirect stdin to /dev/null (necessary as we run this command in background) @@ -93,7 +92,15 @@ The client side ssh command looks like: * `-o "ServerAliveCountMax 3"` mark connection as failed after 3 lost test messages * `-o "ExitOnForwardFailure yes"` quit ssh process if self check or __any of the forwardings__ fail (this is a crucial feature missing in autossh) * `-4` (not shown above) is optional to foce ssh to use IPv4 only (in case of problems with IPv6) -* `-L` (can be repeated multiple times) -* `-R` (can be repeated multiple times) +* `-R [bind_address:]port:host:hostport` (see above -> `permitlisten`; can be repeated multiple times) + * `bind_address` usually `localhost` or `*` (optional but necessary) + * `port` port that the server should open for incoming connections + * `host` hostname or address that the client should forward the connection to (e.g. localhost) + * `hostport` existing port on the host that should be forwarded +* `-L [bind_address:]port:host:hostport` (see above -> `permitopen`; can be repeated multiple times) + * `bind_address` address on the client, that the port should be bound to (optional; usually left blank) + * `port` port that should be opened on the client + * `host` host that the client wants to access through the server (e.g. `localhost` on the server itself) + * `hostport` existing port that should be forwarded to the client Please beware that the hostname part in the `-L` and `-R` options must be spelled exactly the same as in the `permitlisten` and `permitopen` variables on the server ("Localhost", "localhost" and "127.0.0.1" are treated different).