From a433d0c70fc4870cc1a4cb4193d41bff2fc05945 Mon Sep 17 00:00:00 2001
From: Julien Cristau <jcristau@debian.org>
Date: Mon, 5 Feb 2018 16:03:51 +0100
Subject: [PATCH] Simplify portforwarder authorized_keys options

Replace "no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding" with
"restrict" since all hosts using this module are on stretch with new enough
sshd
---
 modules/portforwarder/templates/authorized_keys.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/portforwarder/templates/authorized_keys.erb b/modules/portforwarder/templates/authorized_keys.erb
index ec11e54f6..755f344b3 100644
--- a/modules/portforwarder/templates/authorized_keys.erb
+++ b/modules/portforwarder/templates/authorized_keys.erb
@@ -44,7 +44,7 @@ config.each_pair do |sourcehost, services|
 			lines << "# insufficient config values"
 		else
 			command = "/usr/bin/portforwarder-ssh-wrap #{sourcehost} #{local_bind} #{allowed_ports.join(' ')}"
-			lines << "from=\"#{remote_ip}\",command=\"#{command}\",no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding #{sshkey}"
+			lines << "from=\"#{remote_ip}\",command=\"#{command}\",restrict #{sshkey}"
 		end
 	end
 end
-- 
2.20.1