blob: 0f0d3c36ff68dbd55e1a334263c093eef9fba593 (
plain) (
tree)
|
|
{ ... }: let
group = "sshfwd";
in {
networking.firewall.allowedTCPPorts = [ 2222 ];
users = {
groups.${group}.members = [];
users."lia" = {
inherit group;
isSystemUser = true;
openssh.authorizedKeys.keys
= [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAe7fJlh9L+9JSq0+hK7jNZjszmZqNXwzqcZ+zx0yJyU lia" ];
};
};
services.openssh.extraConfig = ''
Match Group ${group}
ForceCommand echo 'this account is only usable for forwarding'
PermitTunnel no
AllowAgentForwarding no
X11Forwarding no
AllowTcpForwarding yes
GatewayPorts yes
'';
}
|