X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fssh%2Ftemplates%2Fsshd_config.erb;h=9b49f2fc8c8b2c4bea4596aaaba0a1377fc79046;hb=0e95fbdd080c4c7156bf2c4f938c0b85629a3981;hp=b0e690f2d79b7cf71904d1712ca336cc7adccdcb;hpb=6c9392a8bcffffef973686925f21b3fbec0353ce;p=mirror%2Fdsa-puppet.git

diff --git a/modules/ssh/templates/sshd_config.erb b/modules/ssh/templates/sshd_config.erb
index b0e690f2d..9b49f2fc8 100644
--- a/modules/ssh/templates/sshd_config.erb
+++ b/modules/ssh/templates/sshd_config.erb
@@ -85,3 +85,9 @@ UsePAM yes
 AuthorizedKeysFile /etc/ssh/userkeys/%u /var/lib/misc/userkeys/%u /etc/ssh/userkeys/%u.more
 
 PasswordAuthentication no
+
+Match Group sftponly
+  AllowStreamLocalForwarding no
+  AllowTCPForwarding no
+  X11Forwarding no
+  ForceCommand internal-sftp