docs: permissions

README.md

@@ -40,6 +40,25 @@ handy-sshd -p 2222 --user "john:" --user "alice:"
 handy-sshd --unix-socket /tmp/my-unix-socket --user "john:"
 ```
 
+## Permissions
+There are some permissions.
+* --allow-direct-tcpip
+* --allow-execute
+* --allow-sftp
+* --allow-tcpip-forward
+
+All permissions are allowed when nothing is specified.
+
+Specifying `--allow-direct-tcpip` and `--allow-execute` allows only "direct-tcpip" and command executions.
+The log shows "allowed: " and "NOT allowed: " permissions as follows.
+
+```console
+$ handy-sshd --user "john:" --allow-direct-tcpip --allow-execute
+2023/08/09 20:49:35 INFO listening on :2222...
+2023/08/09 20:49:35 INFO allowed: "direct-tcpip", "execute"
+2023/08/09 20:49:35 INFO NOT allowed: "tcpip-forward", "sftp"
+```
+
 ## --help
 
 ```
@@ -49,11 +68,15 @@ Usage:
   handy-sshd [flags]
 
 Flags:
-  -h, --help                 help for handy-sshd
-      --host string          SSH server host (e.g. 127.0.0.1)
-  -p, --port uint16          SSH server port (default 2222)
-      --shell string         Shell
-      --unix-socket string   Unix-domain socket
-      --user stringArray     SSH user name (e.g. "john:mypassword")
-  -v, --version              show version
+      --allow-direct-tcpip    client can use local forwarding and SOCKS proxy
+      --allow-execute         client can use shell/interactive shell
+      --allow-sftp            client can use SFTP and SSHFS
+      --allow-tcpip-forward   client can use remote forwarding
+  -h, --help                  help for handy-sshd
+      --host string           SSH server host (e.g. 127.0.0.1)
+  -p, --port uint16           SSH server port (default 2222)
+      --shell string          Shell
+      --unix-socket string    Unix-domain socket
+      --user stringArray      SSH user name (e.g. "john:mypassword")
+  -v, --version               show version
 ```