From d24eb26dacc726e90597321a0f44c413a672ca92 Mon Sep 17 00:00:00 2001
From: Julien Cristau <jcristau@debian.org>
Date: Mon, 5 Feb 2018 17:27:10 +0100
Subject: [PATCH] Use "restrict" key option for storace's da-backup keys

---
 modules/ssh/templates/authorized_keys.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/ssh/templates/authorized_keys.erb b/modules/ssh/templates/authorized_keys.erb
index 769244128..3b774b681 100644
--- a/modules/ssh/templates/authorized_keys.erb
+++ b/modules/ssh/templates/authorized_keys.erb
@@ -52,7 +52,7 @@ case @fqdn
         hostname = allnodeinfo[node]['hostname'][0]
 
         machine_keys << "# #{hostname}"
-        machine_keys << "command=\"/usr/lib/da-backup/da-backup-ssh-wrap #{hostname}\",from=\"#{allnodeinfo[node]['ipHostNumber'].join(',')}\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-user-rc #{allnodeinfo[node]['sshRSAHostKey'][0]}"
+        machine_keys << "command=\"/usr/lib/da-backup/da-backup-ssh-wrap #{hostname}\",from=\"#{allnodeinfo[node]['ipHostNumber'].join(',')}\",restrict #{allnodeinfo[node]['sshRSAHostKey'][0]}"
       else
         machine_keys << "# host #{node} not found in allnodeinfo"
       end
-- 
2.20.1