diff --git a/ssh/CHANGELOG.md b/ssh/CHANGELOG.md
index cac7681..66432f4 100644
--- a/ssh/CHANGELOG.md
+++ b/ssh/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Changelog
 
+## 8.6.0
+
+- Add support for local TCP forwarding
+
 ## 8.5.4
 
 - Update Home Assistant CLI to 4.3.0
diff --git a/ssh/DOCS.md b/ssh/DOCS.md
index d967548..98368b3 100644
--- a/ssh/DOCS.md
+++ b/ssh/DOCS.md
@@ -55,6 +55,16 @@ keys by adding multiple public keys to the list.
 
 Set a password for login. **We do NOT recommend this variant**.
 
+### Option group  `server`
+
+Some SSH server options.
+
+#### Option `tcp_forwarding`
+
+Specifies whether TCP forwarding is permitted or not.
+
+**Note**: _Enabling this option lowers the security of your SSH server! Nevertheless, this warning is debatable._
+
 ## Network
 To enable ssh access via the network, you need to enter the port number ‘22’ or the port you want to use. This will map that port from the hassio host into the running “Terminal & SSH” container.
 
@@ -80,4 +90,4 @@ In case you've found a bug, please [open an issue on our GitHub][issue].
 [issue]: https://github.com/home-assistant/hassio-addons/issues
 [keygen-windows]: https://www.digitalocean.com/community/tutorials/how-to-create-ssh-keys-with-putty-to-connect-to-a-vps
 [keygen]: https://help.github.com/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent/
-[reddit]: https://reddit.com/r/homeassistant
\ No newline at end of file
+[reddit]: https://reddit.com/r/homeassistant
diff --git a/ssh/config.json b/ssh/config.json
index b10ba52..476ce32 100644
--- a/ssh/config.json
+++ b/ssh/config.json
@@ -1,6 +1,6 @@
 {
   "name": "Terminal & SSH",
-  "version": "8.5.4",
+  "version": "8.6.0",
   "slug": "ssh",
   "description": "Allow logging in remotely to Home Assistant using SSH",
   "url": "https://github.com/home-assistant/hassio-addons/tree/master/ssh",
@@ -22,11 +22,17 @@
   "map": ["config:rw", "ssl:rw", "addons:rw", "share:rw", "backup:rw"],
   "options": {
     "authorized_keys": [],
-    "password": ""
+    "password": "",
+    "server": {
+      "tcp_forwarding": false
+    }
   },
   "schema": {
     "authorized_keys": ["str"],
-    "password": "str"
+    "password": "str",
+    "server": {
+      "tcp_forwarding": "bool"
+    }
   },
   "image": "homeassistant/{arch}-addon-ssh"
 }
diff --git a/ssh/rootfs/etc/cont-init.d/ssh.sh b/ssh/rootfs/etc/cont-init.d/ssh.sh
index d90439c..0b58ce8 100644
--- a/ssh/rootfs/etc/cont-init.d/ssh.sh
+++ b/ssh/rootfs/etc/cont-init.d/ssh.sh
@@ -29,3 +29,8 @@ elif bashio::config.has_value 'password'; then
 elif bashio::var.has_value "$(bashio::addon.port 22)"; then
     bashio::exit.nok "You need to setup a login!"
 fi
+
+# Allow TCP forwarding
+if bashio::config.true 'server.tcp_forwarding'; then
+    sed -i "s/AllowTcpForwarding.*/AllowTcpForwarding\\ yes/" /etc/ssh/sshd_config
+fi