diff options
| author | sinanmohd <sinan@sinanmohd.com> | 2024-02-15 11:44:35 +0530 |
|---|---|---|
| committer | sinanmohd <sinan@sinanmohd.com> | 2024-02-15 11:47:21 +0530 |
| commit | c78356f68fe52a55907d71ee8bbaea5dbe1c5816 (patch) | |
| tree | 77fea85bf83ffd00ad3e047a63404996bd882755 | |
| parent | aafc09c2e86d02b8703cfca4e5c173ce9bb660b5 (diff) | |
hosts/kay/sshfwd: only allow "remote" forwarding
| -rw-r--r-- | hosts/kay/modules/sshfwd.nix | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/hosts/kay/modules/sshfwd.nix b/hosts/kay/modules/sshfwd.nix index 0f0d3c3..a25854d 100644 --- a/hosts/kay/modules/sshfwd.nix +++ b/hosts/kay/modules/sshfwd.nix @@ -17,12 +17,12 @@ in { services.openssh.extraConfig = '' Match Group ${group} - ForceCommand echo 'this account is only usable for forwarding' + ForceCommand echo 'this account is only usable for remote forwarding' PermitTunnel no AllowAgentForwarding no X11Forwarding no - AllowTcpForwarding yes - GatewayPorts yes + AllowTcpForwarding remote + GatewayPorts clientspecified ''; } |