forked from ISTI-ansible-roles/ansible-roles
sshd: add more limits to the 'sftp only' users.
This commit is contained in:
parent
ae9dfca4e6
commit
587faf5555
|
@ -96,12 +96,19 @@ AcceptEnv LANG LC_*
|
||||||
UsePAM {{ sshd_use_pam }}
|
UsePAM {{ sshd_use_pam }}
|
||||||
|
|
||||||
{% if sshd_enable_sftp_subsystem %}
|
{% if sshd_enable_sftp_subsystem %}
|
||||||
Subsystem sftp internal-sftp
|
{% if ansible_distribution_file_variety == 'RedHat' %}
|
||||||
|
Subsystem sftp /usr/libexec/openssh/sftp-server
|
||||||
|
{% else %}
|
||||||
|
Subsystem sftp /usr/lib/openssh/sftp-server
|
||||||
|
{% endif %}
|
||||||
{% if sshd_enable_sftp_jail %}
|
{% if sshd_enable_sftp_jail %}
|
||||||
Match Group {{ sshd_sftp_chroot_match_group }}
|
Match Group {{ sshd_sftp_chroot_match_group }}
|
||||||
ChrootDirectory {{ sshd_sftp_chroot_directory }}
|
ChrootDirectory {{ sshd_sftp_chroot_directory }}
|
||||||
X11Forwarding no
|
ForceCommand {{ sshd_sftp_force_command }}
|
||||||
|
PermitTunnel no
|
||||||
|
AllowAgentForwarding no
|
||||||
AllowTcpForwarding no
|
AllowTcpForwarding no
|
||||||
|
X11Forwarding no
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue