mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 211 Wiki Activity
Browse Source

Harden authorized keys a bit more (#17772) 

sshd(8) list restrict as a future-proof way to restrict feature
enabled in ssh. It is supported since OpenSSH 7.2, out since
2016-02-29.

OpenSSH will ignore unknown options (see sshauthopt_parse in
auth-options.c), so it should be safe to add the option and
no-user-rc.

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
tags/v1.16.0-rc1
mscherer 2 years ago
parent
a1f5c7bfce
commit
e595986458
No account linked to committer's email address
1 changed files with 1 additions and 1 deletions
Split View Show Diff Stats
  1. 1
    1
      models/ssh_key_authorized_keys.go

+ 1
- 1
models/ssh_key_authorized_keys.go View File

@@ -39,7 +39,7 @@ import (

const (
tplCommentPrefix = `# gitea public key`
tplPublicKey = tplCommentPrefix + "\n" + `command=%s,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty %s` + "\n"
tplPublicKey = tplCommentPrefix + "\n" + `command=%s,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,no-user-rc,restrict %s` + "\n"
)

var sshOpLocker sync.Mutex

Write Preview
Loading…
Cancel
Save