GisServer/playbooks/templates/sshd_hardened.conf.j2

16 lines
388 B
Django/Jinja

# @path: /etc/ssh/sshd_config.d/sshd_hardened.conf
# @permission: -rw-r--r-- 1 root root
# Disallow passwords
PasswordAuthentication no
PubkeyAuthentication yes
# Restrict user to sftp server (no shell)
Match User publisher
ForceCommand internal-sftp
ChrootDirectory {{ sftp_root }}
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no