From a3fa965ded378706a20babf9a328f6ccc3acad6b Mon Sep 17 00:00:00 2001 From: Piotr Pawlow Date: Mon, 18 Jan 2016 18:39:11 +0100 Subject: [PATCH] Added no-agent-forwarding,no-user-rc to SSH key options. --- docs/deployment.rst | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/deployment.rst b/docs/deployment.rst index bd69f943f..cffb0831b 100644 --- a/docs/deployment.rst +++ b/docs/deployment.rst @@ -62,7 +62,8 @@ forced command and restrictions applied as shown below: command="cd /home/backup/repos/; borg serve --restrict-path /home/backup/repos/", - no-port-forwarding,no-X11-forwarding,no-pty + no-port-forwarding,no-X11-forwarding,no-pty, + no-agent-forwarding,no-user-rc .. note:: The text shown above needs to be written on a single line! @@ -141,7 +142,7 @@ package manager to install and keep borg up-to-date. - file: path="{{ pool }}" owner="{{ user }}" group="{{ group }}" mode=0700 state=directory - authorized_key: user="{{ user }}" key="{{ item.key }}" - key_options='command="cd {{ pool }}/{{ item.host }};borg serve --restrict-to-path {{ pool }}/{{ item.host }}",no-port-forwarding,no-X11-forwarding,no-pty' + key_options='command="cd {{ pool }}/{{ item.host }};borg serve --restrict-to-path {{ pool }}/{{ item.host }}",no-port-forwarding,no-X11-forwarding,no-pty,no-agent-forwarding,no-user-rc' with_items: auth_users - file: path="{{ home }}/.ssh/authorized_keys" owner="{{ user }}" group="{{ group }}" mode=0600 state=file - file: path="{{ pool }}/{{ item.host }}" owner="{{ user }}" group="{{ group }}" mode=0700 state=directory