forked from ISTI-ansible-roles/ansible-roles
sshd: add more limits to the 'sftp only' users.
This commit is contained in:
parent
ae9dfca4e6
commit
587faf5555
|
@ -96,12 +96,19 @@ AcceptEnv LANG LC_*
|
|||
UsePAM {{ sshd_use_pam }}
|
||||
|
||||
{% if sshd_enable_sftp_subsystem %}
|
||||
Subsystem sftp internal-sftp
|
||||
{% if ansible_distribution_file_variety == 'RedHat' %}
|
||||
Subsystem sftp /usr/libexec/openssh/sftp-server
|
||||
{% else %}
|
||||
Subsystem sftp /usr/lib/openssh/sftp-server
|
||||
{% endif %}
|
||||
{% if sshd_enable_sftp_jail %}
|
||||
Match Group {{ sshd_sftp_chroot_match_group }}
|
||||
Match Group {{ sshd_sftp_chroot_match_group }}
|
||||
ChrootDirectory {{ sshd_sftp_chroot_directory }}
|
||||
X11Forwarding no
|
||||
ForceCommand {{ sshd_sftp_force_command }}
|
||||
PermitTunnel no
|
||||
AllowAgentForwarding no
|
||||
AllowTcpForwarding no
|
||||
X11Forwarding no
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
|
|
Loading…
Reference in New Issue