1
0
Fork 0
mirror of https://github.com/borgbackup/borg.git synced 2024-12-23 00:07:38 +00:00

Added no-agent-forwarding,no-user-rc to SSH key options.

This commit is contained in:
Piotr Pawlow 2016-01-18 18:39:11 +01:00
parent 7851df089a
commit a3fa965ded

View file

@ -62,7 +62,8 @@ forced command and restrictions applied as shown below:
command="cd /home/backup/repos/<client fqdn>; command="cd /home/backup/repos/<client fqdn>;
borg serve --restrict-path /home/backup/repos/<client fqdn>", borg serve --restrict-path /home/backup/repos/<client fqdn>",
no-port-forwarding,no-X11-forwarding,no-pty <keytype> <key> <host> no-port-forwarding,no-X11-forwarding,no-pty,
no-agent-forwarding,no-user-rc <keytype> <key> <host>
.. note:: The text shown above needs to be written on a single line! .. note:: The text shown above needs to be written on a single line!
@ -141,7 +142,7 @@ package manager to install and keep borg up-to-date.
- file: path="{{ pool }}" owner="{{ user }}" group="{{ group }}" mode=0700 state=directory - file: path="{{ pool }}" owner="{{ user }}" group="{{ group }}" mode=0700 state=directory
- authorized_key: user="{{ user }}" - authorized_key: user="{{ user }}"
key="{{ item.key }}" key="{{ item.key }}"
key_options='command="cd {{ pool }}/{{ item.host }};borg serve --restrict-to-path {{ pool }}/{{ item.host }}",no-port-forwarding,no-X11-forwarding,no-pty' key_options='command="cd {{ pool }}/{{ item.host }};borg serve --restrict-to-path {{ pool }}/{{ item.host }}",no-port-forwarding,no-X11-forwarding,no-pty,no-agent-forwarding,no-user-rc'
with_items: auth_users with_items: auth_users
- file: path="{{ home }}/.ssh/authorized_keys" owner="{{ user }}" group="{{ group }}" mode=0600 state=file - file: path="{{ home }}/.ssh/authorized_keys" owner="{{ user }}" group="{{ group }}" mode=0600 state=file
- file: path="{{ pool }}/{{ item.host }}" owner="{{ user }}" group="{{ group }}" mode=0700 state=directory - file: path="{{ pool }}/{{ item.host }}" owner="{{ user }}" group="{{ group }}" mode=0700 state=directory