From: Julien Cristau <jcristau@debian.org>
Date: Mon, 5 Feb 2018 16:28:21 +0000 (+0100)
Subject: Use "restrict" key option for buildd access to wanna-build
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=13d0c040e5079326837adef80e7af0fbb2cdbaf7;p=mirror%2Fdsa-puppet.git

Use "restrict" key option for buildd access to wanna-build
---

diff --git a/modules/roles/templates/buildd_master_wb-authorized_keys.erb b/modules/roles/templates/buildd_master_wb-authorized_keys.erb
index 1b1759576..ff9eebede 100644
--- a/modules/roles/templates/buildd_master_wb-authorized_keys.erb
+++ b/modules/roles/templates/buildd_master_wb-authorized_keys.erb
@@ -30,7 +30,7 @@ for m in buildds do
     lines << "## no key for node"
   else
     lines << "command=\"/srv/wanna-build/bin/wanna-build --ssh-wrapper #{m['node'].split('.')[0]}\"," +
-             'no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-user-rc,' +
+             'restrict,' +
              'from="' + m['addr'].join(',') + '" ' +
              m['key']
   end