From 12ab89b78c51fcd7b2b73049ac78922c9b238cc5 Mon Sep 17 00:00:00 2001 From: Lukas Fleischer Date: Tue, 2 Aug 2016 20:07:36 +0200 Subject: Change default SSH options to "restrict" From the sshd(8) man page: Enable all restrictions, i.e. disable port, agent and X11 forwarding, as well as disabling PTY allocation and execution of ~/.ssh/rc. If any future restriction capabilities are added to authorized_keys files they will be included in this set. Signed-off-by: Lukas Fleischer --- conf/config.proto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'conf') diff --git a/conf/config.proto b/conf/config.proto index 64af774..d5778a0 100644 --- a/conf/config.proto +++ b/conf/config.proto @@ -47,7 +47,7 @@ RSA = SHA256:Ju+yWiMb/2O+gKQ9RJCDqvRg7l+Q95KFAeqM5sr6l2s valid-keytypes = ssh-rsa ssh-dss ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-ed25519 username-regex = [a-zA-Z0-9]+[.\-_]?[a-zA-Z0-9]+$ git-serve-cmd = /srv/http/aurweb/git-interface/git-serve.py -ssh-options = no-port-forwarding,no-X11-forwarding,no-pty +ssh-options = restrict [serve] repo-path = /srv/http/aurweb/aur.git/ -- cgit v1.2.3-70-g09d2