Use restrict authorized_keys option for geodns

no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,no-user
is a mouthful, and geo[123] are all on stretch.

diff --git a/modules/named/files/common/authorized_keys b/modules/named/files/common/authorized_keys
index 936f3ac..bb3517f 100644 (file)
--- a/modules/named/files/common/authorized_keys
+++ b/modules/named/files/common/authorized_keys
@@ -2,4 +2,4 @@
 # THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
 # USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
 #
-from="82.195.75.91,2001:41b8:202:deb:1b1b::91",command="/etc/bind/geodns/trigger",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,no-user-rc ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtZqwdRGRGycqd+EqSzMfXHZa8caLx2yjkQs3hXOWDcAkfbFhsjgnVanx90i8/FIIIVKWPHXvRpS8dsKfBn4MbVq6AYYcx/sYS9uMMjLWFMC0TqrOp4IgHMH3qXlgsq/eOnqvQXDU3DO3p2TVS/a4F7vh8/nPQtDM1JVnMgZL4rx0aXYVcFIdxv9Sy76K4MBENOnXJ73qmRaVu6fIUfk9MAdzIcMx3iOYiO78vytc4xezq743iIOee0vpY1VnF2CDxrWoVyDGDH7qNk8xeFzAGm91xrcSkVEmMVbD9vMLOOPsEZNMJlimEDetEiNwJoS0HzHq6jccksb1wjs2tOr8X dnsadm@denis (20131230)
+from="82.195.75.91,2001:41b8:202:deb:1b1b::91",command="/etc/bind/geodns/trigger",restrict ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtZqwdRGRGycqd+EqSzMfXHZa8caLx2yjkQs3hXOWDcAkfbFhsjgnVanx90i8/FIIIVKWPHXvRpS8dsKfBn4MbVq6AYYcx/sYS9uMMjLWFMC0TqrOp4IgHMH3qXlgsq/eOnqvQXDU3DO3p2TVS/a4F7vh8/nPQtDM1JVnMgZL4rx0aXYVcFIdxv9Sy76K4MBENOnXJ73qmRaVu6fIUfk9MAdzIcMx3iOYiO78vytc4xezq743iIOee0vpY1VnF2CDxrWoVyDGDH7qNk8xeFzAGm91xrcSkVEmMVbD9vMLOOPsEZNMJlimEDetEiNwJoS0HzHq6jccksb1wjs2tOr8X dnsadm@denis (20131230)