summaryrefslogtreecommitdiff
path: root/hosts/kay
diff options
context:
space:
mode:
authorsinanmohd <sinan@sinanmohd.com>2024-02-15 11:44:35 +0530
committersinanmohd <sinan@sinanmohd.com>2024-02-15 11:47:21 +0530
commitc78356f68fe52a55907d71ee8bbaea5dbe1c5816 (patch)
tree77fea85bf83ffd00ad3e047a63404996bd882755 /hosts/kay
parentaafc09c2e86d02b8703cfca4e5c173ce9bb660b5 (diff)
hosts/kay/sshfwd: only allow "remote" forwarding
Diffstat (limited to 'hosts/kay')
-rw-r--r--hosts/kay/modules/sshfwd.nix6
1 files changed, 3 insertions, 3 deletions
diff --git a/hosts/kay/modules/sshfwd.nix b/hosts/kay/modules/sshfwd.nix
index 0f0d3c3..a25854d 100644
--- a/hosts/kay/modules/sshfwd.nix
+++ b/hosts/kay/modules/sshfwd.nix
@@ -17,12 +17,12 @@ in {
services.openssh.extraConfig = ''
Match Group ${group}
- ForceCommand echo 'this account is only usable for forwarding'
+ ForceCommand echo 'this account is only usable for remote forwarding'
PermitTunnel no
AllowAgentForwarding no
X11Forwarding no
- AllowTcpForwarding yes
- GatewayPorts yes
+ AllowTcpForwarding remote
+ GatewayPorts clientspecified
'';
}