sshd: add more limits to the 'sftp only' users.

This commit is contained in:
Andrea Dell'Amico 2020-04-10 18:12:37 +02:00
parent ae9dfca4e6
commit 587faf5555
1 changed files with 10 additions and 3 deletions

View File

@ -96,12 +96,19 @@ AcceptEnv LANG LC_*
UsePAM {{ sshd_use_pam }} UsePAM {{ sshd_use_pam }}
{% if sshd_enable_sftp_subsystem %} {% if sshd_enable_sftp_subsystem %}
Subsystem sftp internal-sftp {% if ansible_distribution_file_variety == 'RedHat' %}
Subsystem sftp /usr/libexec/openssh/sftp-server
{% else %}
Subsystem sftp /usr/lib/openssh/sftp-server
{% endif %}
{% if sshd_enable_sftp_jail %} {% if sshd_enable_sftp_jail %}
Match Group {{ sshd_sftp_chroot_match_group }} Match Group {{ sshd_sftp_chroot_match_group }}
ChrootDirectory {{ sshd_sftp_chroot_directory }} ChrootDirectory {{ sshd_sftp_chroot_directory }}
X11Forwarding no ForceCommand {{ sshd_sftp_force_command }}
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no AllowTcpForwarding no
X11Forwarding no
{% endif %} {% endif %}
{% endif %} {% endif %}