upstream: man bits for permitlisten authorized_keys option

OpenBSD-Commit-ID: 86910af8f781a4ac5980fea125442eb25466dd78

sshd.8

@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.299 2018/03/14 06:56:20 jmc Exp $
+.\" $OpenBSD: sshd.8,v 1.300 2018/06/06 18:24:15 djm Exp $
-.Dd $Mdocdate: March 14 2018 $
+.Dd $Mdocdate: June 6 2018 $
 .Dt SSHD 8
 .Os
 .Sh NAME
@@ -554,11 +554,28 @@ Disables execution of
 .It Cm no-X11-forwarding
 Forbids X11 forwarding when this key is used for authentication.
 Any X11 forward requests by the client will return an error.
+.It Cm permitlisten="host:port"
+Limit remote port forwarding with
+.Xr ssh 1
+.Fl R
+option such that it may only listen on the specified host and port.
+IPv6 addresses can be specified by enclosing the address in square brackets.
+Multiple
+.Cm permitlisten
+options may be applied separated by commas.
+Hostnames may include wildcards as described in the PATTERNS section in
+.Xr ssh_config 5 .
+A port specification of
+.Cm *
+matches any port.
+Note that the setting of
+.Cm GatewayPorts
+may further restrict listen addresses.
 .It Cm permitopen="host:port"
 Limit local port forwarding with
 .Xr ssh 1
 .Fl L
-such that it may only connect to the specified host and port.
+option such that it may only connect to the specified host and port.
 IPv6 addresses can be specified by enclosing the address in square brackets.
 Multiple
 .Cm permitopen