summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLukas Fleischer <lfleischer@archlinux.org>2016-08-02 20:07:36 +0200
committerLukas Fleischer <lfleischer@archlinux.org>2016-08-04 21:37:52 +0200
commit12ab89b78c51fcd7b2b73049ac78922c9b238cc5 (patch)
treeaf5bed7124511f863915a42efba344d4fce06763
parent0c1187caa46ba2b5d159a88c9301356b56ef0637 (diff)
downloadaurweb-12ab89b78c51fcd7b2b73049ac78922c9b238cc5.tar.xz
Change default SSH options to "restrict"
From the sshd(8) man page: Enable all restrictions, i.e. disable port, agent and X11 forwarding, as well as disabling PTY allocation and execution of ~/.ssh/rc. If any future restriction capabilities are added to authorized_keys files they will be included in this set. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-rw-r--r--conf/config.proto2
1 files changed, 1 insertions, 1 deletions
diff --git a/conf/config.proto b/conf/config.proto
index 64af774..d5778a0 100644
--- a/conf/config.proto
+++ b/conf/config.proto
@@ -47,7 +47,7 @@ RSA = SHA256:Ju+yWiMb/2O+gKQ9RJCDqvRg7l+Q95KFAeqM5sr6l2s
valid-keytypes = ssh-rsa ssh-dss ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-ed25519
username-regex = [a-zA-Z0-9]+[.\-_]?[a-zA-Z0-9]+$
git-serve-cmd = /srv/http/aurweb/git-interface/git-serve.py
-ssh-options = no-port-forwarding,no-X11-forwarding,no-pty
+ssh-options = restrict
[serve]
repo-path = /srv/http/aurweb/aur.git/