diff options
author | Lukas Fleischer <lfleischer@archlinux.org> | 2016-08-02 20:07:36 +0200 |
---|---|---|
committer | Lukas Fleischer <lfleischer@archlinux.org> | 2016-08-04 21:37:52 +0200 |
commit | 12ab89b78c51fcd7b2b73049ac78922c9b238cc5 (patch) | |
tree | af5bed7124511f863915a42efba344d4fce06763 | |
parent | 0c1187caa46ba2b5d159a88c9301356b56ef0637 (diff) | |
download | aurweb-12ab89b78c51fcd7b2b73049ac78922c9b238cc5.tar.xz |
Change default SSH options to "restrict"
From the sshd(8) man page:
Enable all restrictions, i.e. disable port, agent and X11
forwarding, as well as disabling PTY allocation and execution of
~/.ssh/rc. If any future restriction capabilities are added to
authorized_keys files they will be included in this set.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-rw-r--r-- | conf/config.proto | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/conf/config.proto b/conf/config.proto index 64af774..d5778a0 100644 --- a/conf/config.proto +++ b/conf/config.proto @@ -47,7 +47,7 @@ RSA = SHA256:Ju+yWiMb/2O+gKQ9RJCDqvRg7l+Q95KFAeqM5sr6l2s valid-keytypes = ssh-rsa ssh-dss ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-ed25519 username-regex = [a-zA-Z0-9]+[.\-_]?[a-zA-Z0-9]+$ git-serve-cmd = /srv/http/aurweb/git-interface/git-serve.py -ssh-options = no-port-forwarding,no-X11-forwarding,no-pty +ssh-options = restrict [serve] repo-path = /srv/http/aurweb/aur.git/ |