mirror of
https://github.com/go-gitea/gitea.git
synced 2024-05-11 05:55:29 +00:00
Harden authorized keys a bit more (#17772)
sshd(8) list restrict as a future-proof way to restrict feature enabled in ssh. It is supported since OpenSSH 7.2, out since 2016-02-29. OpenSSH will ignore unknown options (see sshauthopt_parse in auth-options.c), so it should be safe to add the option and no-user-rc. Co-authored-by: zeripath <[email protected]> Co-authored-by: techknowlogick <[email protected]>
This commit is contained in:
mscherer
co-authored by
GitHub
zeripath
techknowlogick
GitHub
zeripath
techknowlogick
parent
a1f5c7bfce
commit
e595986458
@@ -39,7 +39,7 @@ import (
|
||||
|
||||
const (
|
||||
tplCommentPrefix = `# gitea public key`
|
||||
tplPublicKey = tplCommentPrefix + "\n" + `command=%s,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty %s` + "\n"
|
||||
tplPublicKey = tplCommentPrefix + "\n" + `command=%s,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,no-user-rc,restrict %s` + "\n"
|
||||
)
|
||||
|
||||
var sshOpLocker sync.Mutex
|
||||
|
||||
Reference in New Issue
Block a user