projects / mirror / dsa-puppet.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c3c956b)
staticsync requires a pty
authorPeter Palfrader <peter@palfrader.org>
Sat, 7 Sep 2019 23:21:27 +0000 (01:21 +0200)
committerPeter Palfrader <peter@palfrader.org>
Sat, 7 Sep 2019 23:21:27 +0000 (01:21 +0200)
modules/roles/manifests/static_base.pp patch | blob | history
modules/ssh/manifests/authorized_key_add.pp patch | blob | history

diff --git a/modules/roles/manifests/static_base.pp b/modules/roles/manifests/static_base.pp
index 7527387..e598a6e 100644 (file)
--- a/modules/roles/manifests/static_base.pp
+++ b/modules/roles/manifests/static_base.pp
@@ -5,6 +5,7 @@ class roles::static_base {
     target_user => 'staticsync',
     command     => "/usr/local/bin/staticsync-ssh-wrap ${::fqdn}",
     key         => $facts['staticsync_key'],
+    restrict    => 'no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-user-rc',
     collect_tag => 'staticsync',
   }
   ssh::authorized_key_collect { 'staticsync':
diff --git a/modules/ssh/manifests/authorized_key_add.pp b/modules/ssh/manifests/authorized_key_add.pp
index 24a89d9..c1fdae3 100644 (file)
--- a/modules/ssh/manifests/authorized_key_add.pp
+++ b/modules/ssh/manifests/authorized_key_add.pp
@@ -6,6 +6,7 @@ define ssh::authorized_key_add(
   String $command,
   String $key,
   String $collect_tag,
+  String $restrict = 'restrict',
   Array[Stdlib::IP::Address] $from_hosts = $base::public_addresses,
 ) {
   $from = $from_hosts.join(',')
@@ -29,7 +30,7 @@ define ssh::authorized_key_add(
       order   => '200',
       content => @("EOF"),
                  # from ${::fqdn}
-                 command="${command}",from="${from}",restrict ${key}
+                 command="${command}",from="${from}",${restrict} ${key}
                  | EOF
     }
   } else {
Unnamed repository; edit this file 'description' to name the repository.