From: Peter Palfrader <peter@palfrader.org>
Date: Tue, 10 Sep 2019 06:56:54 +0000 (+0200)
Subject: restrict,pty is a better way to get pty and disable everything else than listing... 
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=92f3de5dba7a9db8ead8e4c08fae114f5308f158;p=mirror%2Fdsa-puppet.git

restrict,pty is a better way to get pty and disable everything else than listing all the current else things now
---

diff --git a/modules/roles/manifests/static/ssh.pp b/modules/roles/manifests/static/ssh.pp
index 0023543a6..35cf603b8 100644
--- a/modules/roles/manifests/static/ssh.pp
+++ b/modules/roles/manifests/static/ssh.pp
@@ -10,7 +10,7 @@ class roles::static::ssh(
     target_user => 'staticsync',
     command     => "/usr/local/bin/staticsync-ssh-wrap ${::fqdn}",
     key         => $facts['staticsync_key'],
-    restrict    => 'no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-user-rc',
+    restrict    => 'restrict,pty',
     collect_tag => $add_tag,
   }
   ssh::authorized_key_collect { 'staticsync':