From ba76a4552f2cce10bd79342bf4ff0830c3867f7f Mon Sep 17 00:00:00 2001 From: Ryo Ota Date: Wed, 9 Aug 2023 20:52:35 +0900 Subject: [PATCH] docs: permissions --- README.md | 37 ++++++++++++++++++++++++++++++------- 1 file changed, 30 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 849cc70..fbb4ec6 100644 --- a/README.md +++ b/README.md @@ -40,6 +40,25 @@ handy-sshd -p 2222 --user "john:" --user "alice:" handy-sshd --unix-socket /tmp/my-unix-socket --user "john:" ``` +## Permissions +There are some permissions. +* --allow-direct-tcpip +* --allow-execute +* --allow-sftp +* --allow-tcpip-forward + +All permissions are allowed when nothing is specified. + +Specifying `--allow-direct-tcpip` and `--allow-execute` allows only "direct-tcpip" and command executions. +The log shows "allowed: " and "NOT allowed: " permissions as follows. + +```console +$ handy-sshd --user "john:" --allow-direct-tcpip --allow-execute +2023/08/09 20:49:35 INFO listening on :2222... +2023/08/09 20:49:35 INFO allowed: "direct-tcpip", "execute" +2023/08/09 20:49:35 INFO NOT allowed: "tcpip-forward", "sftp" +``` + ## --help ``` @@ -49,11 +68,15 @@ Usage: handy-sshd [flags] Flags: - -h, --help help for handy-sshd - --host string SSH server host (e.g. 127.0.0.1) - -p, --port uint16 SSH server port (default 2222) - --shell string Shell - --unix-socket string Unix-domain socket - --user stringArray SSH user name (e.g. "john:mypassword") - -v, --version show version + --allow-direct-tcpip client can use local forwarding and SOCKS proxy + --allow-execute client can use shell/interactive shell + --allow-sftp client can use SFTP and SSHFS + --allow-tcpip-forward client can use remote forwarding + -h, --help help for handy-sshd + --host string SSH server host (e.g. 127.0.0.1) + -p, --port uint16 SSH server port (default 2222) + --shell string Shell + --unix-socket string Unix-domain socket + --user stringArray SSH user name (e.g. "john:mypassword") + -v, --version show version ```