diff --git a/library/roles/sshd_config/templates/sshd_config.j2 b/library/roles/sshd_config/templates/sshd_config.j2 index 098b02ee..e122bf5f 100644 --- a/library/roles/sshd_config/templates/sshd_config.j2 +++ b/library/roles/sshd_config/templates/sshd_config.j2 @@ -96,15 +96,12 @@ AcceptEnv LANG LC_* UsePAM {{ sshd_use_pam }} {% if sshd_enable_sftp_subsystem %} -{% if ansible_distribution_file_variety == 'RedHat' %} -Subsystem sftp /usr/libexec/openssh/sftp-server -{% else %} -Subsystem sftp /usr/lib/openssh/sftp-server -{% endif %} +Subsystem sftp internal-sftp {% if sshd_enable_sftp_jail %} -Match Group {{ sshd_sftp_chroot_match_group }} -ChrootDirectory {{ sshd_sftp_chroot_directory }} -ForceCommand {{ sshd_sftp_force_command }} + Match Group {{ sshd_sftp_chroot_match_group }} + ChrootDirectory {{ sshd_sftp_chroot_directory }} + X11Forwarding no + AllowTcpForwarding no {% endif %} {% endif %}