expand the section on ssh tunnelling machanisms;

from michael knudsen
author: jmc <jmc@openbsd.org> 2006-01-07 16:42:16 +0000
committer: jmc <jmc@openbsd.org> 2006-01-07 16:42:16 +0000
commit: 76fa9c97a44c2f1e7613e8c486b979ec9fe33b25 (patch)
tree: de0fa6c903f9b462328bd78e5aa3cd7ff545cf47 /usr.sbin/authpf
parent: kill trailing whitespace; (diff)
download: wireguard-openbsd-76fa9c97a44c2f1e7613e8c486b979ec9fe33b25.tar.xz
wireguard-openbsd-76fa9c97a44c2f1e7613e8c486b979ec9fe33b25.zip
1 files changed, 5 insertions, 2 deletions
diff --git a/usr.sbin/authpf/authpf.8 b/usr.sbin/authpf/authpf.8
index 2e95e37d980..5a15b8c8e07 100644
--- a/usr.sbin/authpf/authpf.8
+++ b/usr.sbin/authpf/authpf.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: authpf.8,v 1.40 2005/09/23 14:36:46 jmc Exp $
+.\" $OpenBSD: authpf.8,v 1.41 2006/01/07 16:42:16 jmc Exp $
 .\"
 .\" Copyright (c) 2002 Bob Beck (beck@openbsd.org>.  All rights reserved.
 .\"
@@ -225,8 +225,11 @@ it becomes unresponsive, or if arp or address spoofing is used to
 hijack the session.
 Note that TCP keepalives are not sufficient for
 this, since they are not secure.
-Also note that
+Also note that the various SSH tunnelling mechanisms,
+such as
 .Ar AllowTcpForwarding
+and
+.Ar PermitTunnel ,
 should be disabled for
 .Nm
 users to prevent them from circumventing restrictions imposed by the
author	jmc <jmc@openbsd.org>	2006-01-07 16:42:16 +0000
committer	jmc <jmc@openbsd.org>	2006-01-07 16:42:16 +0000
commit	76fa9c97a44c2f1e7613e8c486b979ec9fe33b25 (patch)
tree	de0fa6c903f9b462328bd78e5aa3cd7ff545cf47 /usr.sbin/authpf
parent	kill trailing whitespace; (diff)
download	wireguard-openbsd-76fa9c97a44c2f1e7613e8c486b979ec9fe33b25.tar.xz wireguard-openbsd-76fa9c97a44c2f1e7613e8c486b979ec9fe33b25.zip