Use "restrict" key option for buildd access to upload hosts
authorJulien Cristau <jcristau@debian.org>
Mon, 5 Feb 2018 16:29:31 +0000 (17:29 +0100)
committerJulien Cristau <jcristau@debian.org>
Mon, 5 Feb 2018 16:29:31 +0000 (17:29 +0100)
modules/roles/templates/ssh_upload_buildd-uploader-authorized_keys.erb

index 8dccbfb..ad506d0 100644 (file)
@@ -30,7 +30,7 @@ for m in buildds do
     lines << "## no key for node"
   else
     lines << "command=\"/home/buildd-uploader/rsync-ssh-wrap #{m['node'].split('.')[0]}\"," +
     lines << "## no key for node"
   else
     lines << "command=\"/home/buildd-uploader/rsync-ssh-wrap #{m['node'].split('.')[0]}\"," +
-             'no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-user-rc,' +
+             'restrict,' +
              'from="' + m['addr'].join(',') + '" ' +
              m['key']
   end
              'from="' + m['addr'].join(',') + '" ' +
              m['key']
   end