Simplify portforwarder authorized_keys options

Replace "no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding" with
"restrict" since all hosts using this module are on stretch with new enough
sshd

diff --git a/modules/portforwarder/templates/authorized_keys.erb b/modules/portforwarder/templates/authorized_keys.erb
index ec11e54..755f344 100644 (file)
--- a/modules/portforwarder/templates/authorized_keys.erb
+++ b/modules/portforwarder/templates/authorized_keys.erb
@@ -44,7 +44,7 @@ config.each_pair do |sourcehost, services|
                        lines << "# insufficient config values"
                else
                        command = "/usr/bin/portforwarder-ssh-wrap #{sourcehost} #{local_bind} #{allowed_ports.join(' ')}"
-                       lines << "from=\"#{remote_ip}\",command=\"#{command}\",no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding #{sshkey}"
+                       lines << "from=\"#{remote_ip}\",command=\"#{command}\",restrict #{sshkey}"
                end
        end
 end