restrict,pty is a better way to get pty and disable everything else than listing...

author Peter Palfrader <peter@palfrader.org>

Tue, 10 Sep 2019 06:56:54 +0000 (08:56 +0200)

committer Peter Palfrader <peter@palfrader.org>

Tue, 10 Sep 2019 06:56:54 +0000 (08:56 +0200)
author Peter Palfrader <peter@palfrader.org>
Tue, 10 Sep 2019 06:56:54 +0000 (08:56 +0200)
committer Peter Palfrader <peter@palfrader.org>
Tue, 10 Sep 2019 06:56:54 +0000 (08:56 +0200)
diff --git a/modules/roles/manifests/static/ssh.pp b/modules/roles/manifests/static/ssh.pp

index 0023543..35cf603 100644 (file)
--- a/modules/roles/manifests/static/ssh.pp
+++ b/modules/roles/manifests/static/ssh.pp
@@ -10,7 +10,7 @@ class roles::static::ssh(
      target_user => 'staticsync',
      command     => "/usr/local/bin/staticsync-ssh-wrap ${::fqdn}",
      key         => $facts['staticsync_key'],
-    restrict    => 'no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-user-rc',
+    restrict    => 'restrict,pty',
      collect_tag => $add_tag,
    }
    ssh::authorized_key_collect { 'staticsync':
author	Peter Palfrader <peter@palfrader.org>
	Tue, 10 Sep 2019 06:56:54 +0000 (08:56 +0200)
committer	Peter Palfrader <peter@palfrader.org>
	Tue, 10 Sep 2019 06:56:54 +0000 (08:56 +0200)