|
|
@@ -62,7 +62,8 @@ forced command and restrictions applied as shown below:
|
|
|
|
|
|
command="cd /home/backup/repos/<client fqdn>;
|
|
|
borg serve --restrict-path /home/backup/repos/<client fqdn>",
|
|
|
- no-port-forwarding,no-X11-forwarding,no-pty <keytype> <key> <host>
|
|
|
+ no-port-forwarding,no-X11-forwarding,no-pty,
|
|
|
+ no-agent-forwarding,no-user-rc <keytype> <key> <host>
|
|
|
|
|
|
.. note:: The text shown above needs to be written on a single line!
|
|
|
|
|
|
@@ -141,7 +142,7 @@ package manager to install and keep borg up-to-date.
|
|
|
- file: path="{{ pool }}" owner="{{ user }}" group="{{ group }}" mode=0700 state=directory
|
|
|
- authorized_key: user="{{ user }}"
|
|
|
key="{{ item.key }}"
|
|
|
- key_options='command="cd {{ pool }}/{{ item.host }};borg serve --restrict-to-path {{ pool }}/{{ item.host }}",no-port-forwarding,no-X11-forwarding,no-pty'
|
|
|
+ key_options='command="cd {{ pool }}/{{ item.host }};borg serve --restrict-to-path {{ pool }}/{{ item.host }}",no-port-forwarding,no-X11-forwarding,no-pty,no-agent-forwarding,no-user-rc'
|
|
|
with_items: auth_users
|
|
|
- file: path="{{ home }}/.ssh/authorized_keys" owner="{{ user }}" group="{{ group }}" mode=0600 state=file
|
|
|
- file: path="{{ pool }}/{{ item.host }}" owner="{{ user }}" group="{{ group }}" mode=0700 state=directory
|
Piotr Pawlow