From c0cfdd5901d4aae7b520e6be9637ff55d5295b37 Mon Sep 17 00:00:00 2001
From: Florz <florz@florz.net>
Date: Thu, 18 Feb 2021 23:01:43 +0100
Subject: [PATCH] add documentation for options in authorized_keys file

---
 README.md | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 8ea9b42..1597426 100644
--- a/README.md
+++ b/README.md
@@ -44,4 +44,10 @@ and `ls -lsha ~ssh-port-forwarding/.ssh/` should look like this:
 This is all done in `/home/ssh-port-forwarding/.ssh/authorized_keys`.
 
 First use the `ssh-keygen` command to create a private and public key pair on the client side. Don't type any password! Then use `cat ~/.ssh/id_rsa.pub` to display the content of your newly created public key. After that add a new line in the `authorized_keys` file on the server. Use the following line as an example. Your key starts at `AAAA...` and this all needs to be in a single line per key.  
-`restrict,command="",port-forwarding,permitlisten="localhost:22",permitopen="localhost:22" ssh-rsa AAAA...`
\ No newline at end of file
+`restrict,command="",port-forwarding,permitlisten="localhost:22",permitopen="localhost:22" ssh-rsa AAAA...`
+
+`restrict`: this restricts all current and future forwarding options 
+`command=""`: don't allow client to send a command, set an empty forced command instead  
+`port-forwarding`: allow port forwarding  
+`permitlisten="localhost:22"`: restrict client to access ssh port on server only (default for security reasons)  
+`permitopen="localhost:22"`: restrict client to create port 22 on the server only, which will fail (default for security reasons)  
\ No newline at end of file