Use "restrict" key option for storace's da-backup keys

diff --git a/modules/ssh/templates/authorized_keys.erb b/modules/ssh/templates/authorized_keys.erb
index 7692441..3b774b6 100644 (file)
--- a/modules/ssh/templates/authorized_keys.erb
+++ b/modules/ssh/templates/authorized_keys.erb
@@ -52,7 +52,7 @@ case @fqdn
         hostname = allnodeinfo[node]['hostname'][0]
 
         machine_keys << "# #{hostname}"
-        machine_keys << "command=\"/usr/lib/da-backup/da-backup-ssh-wrap #{hostname}\",from=\"#{allnodeinfo[node]['ipHostNumber'].join(',')}\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-user-rc #{allnodeinfo[node]['sshRSAHostKey'][0]}"
+        machine_keys << "command=\"/usr/lib/da-backup/da-backup-ssh-wrap #{hostname}\",from=\"#{allnodeinfo[node]['ipHostNumber'].join(',')}\",restrict #{allnodeinfo[node]['sshRSAHostKey'][0]}"
       else
         machine_keys << "# host #{node} not found in allnodeinfo"
       end