sshd(8) list restrict as a future-proof way to restrict feature enabled in ssh. It is supported since OpenSSH 7.2, out since 2016-02-29. OpenSSH will ignore unknown options (see sshauthopt_parse in auth-options.c), so it should be safe to add the option and no-user-rc. Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>tags/v1.16.0-rc1
@@ -39,7 +39,7 @@ import ( | |||
const ( | |||
tplCommentPrefix = `# gitea public key` | |||
tplPublicKey = tplCommentPrefix + "\n" + `command=%s,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty %s` + "\n" | |||
tplPublicKey = tplCommentPrefix + "\n" + `command=%s,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,no-user-rc,restrict %s` + "\n" | |||
) | |||
var sshOpLocker sync.Mutex |