From c9347340539853d73fd7ef289af0182f28e24937 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>
Date: Mon, 15 Jul 2019 18:14:24 +0200
Subject: [PATCH] Fix the sftp chroot configuration.

---
 library/roles/sshd_config/templates/sshd_config.j2 | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/library/roles/sshd_config/templates/sshd_config.j2 b/library/roles/sshd_config/templates/sshd_config.j2
index 098b02ee..e122bf5f 100644
--- a/library/roles/sshd_config/templates/sshd_config.j2
+++ b/library/roles/sshd_config/templates/sshd_config.j2
@@ -96,15 +96,12 @@ AcceptEnv LANG LC_*
 UsePAM {{ sshd_use_pam }}
 
 {% if sshd_enable_sftp_subsystem %}
-{% if ansible_distribution_file_variety == 'RedHat' %}
-Subsystem sftp /usr/libexec/openssh/sftp-server
-{% else %}
-Subsystem sftp /usr/lib/openssh/sftp-server
-{% endif %}
+Subsystem sftp internal-sftp
 {% if sshd_enable_sftp_jail %}
-Match Group {{ sshd_sftp_chroot_match_group }}
-ChrootDirectory {{ sshd_sftp_chroot_directory }}
-ForceCommand {{ sshd_sftp_force_command }}
+    Match Group {{ sshd_sftp_chroot_match_group }}
+    ChrootDirectory {{ sshd_sftp_chroot_directory }}
+    X11Forwarding no
+    AllowTcpForwarding no
 {% endif %}
 {% endif %}