Do limit group sftponly to sftp

author Peter Palfrader <peter@palfrader.org>

Sun, 20 Aug 2017 08:17:19 +0000 (10:17 +0200)

committer Peter Palfrader <peter@palfrader.org>

Sun, 20 Aug 2017 08:17:19 +0000 (10:17 +0200)
author Peter Palfrader <peter@palfrader.org>
Sun, 20 Aug 2017 08:17:19 +0000 (10:17 +0200)
committer Peter Palfrader <peter@palfrader.org>
Sun, 20 Aug 2017 08:17:19 +0000 (10:17 +0200)
diff --git a/modules/ssh/templates/sshd_config.erb b/modules/ssh/templates/sshd_config.erb

index b0e690f..9b49f2f 100644 (file)
--- a/modules/ssh/templates/sshd_config.erb
+++ b/modules/ssh/templates/sshd_config.erb
@@ -85,3 +85,9 @@ UsePAM yes
  AuthorizedKeysFile /etc/ssh/userkeys/%u /var/lib/misc/userkeys/%u /etc/ssh/userkeys/%u.more
  
  PasswordAuthentication no
+
+Match Group sftponly
+  AllowStreamLocalForwarding no
+  AllowTCPForwarding no
+  X11Forwarding no
+  ForceCommand internal-sftp
author	Peter Palfrader <peter@palfrader.org>
	Sun, 20 Aug 2017 08:17:19 +0000 (10:17 +0200)
committer	Peter Palfrader <peter@palfrader.org>
	Sun, 20 Aug 2017 08:17:19 +0000 (10:17 +0200)