From c78356f68fe52a55907d71ee8bbaea5dbe1c5816 Mon Sep 17 00:00:00 2001 From: sinanmohd Date: Thu, 15 Feb 2024 11:44:35 +0530 Subject: hosts/kay/sshfwd: only allow "remote" forwarding --- hosts/kay/modules/sshfwd.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'hosts/kay') diff --git a/hosts/kay/modules/sshfwd.nix b/hosts/kay/modules/sshfwd.nix index 0f0d3c3..a25854d 100644 --- a/hosts/kay/modules/sshfwd.nix +++ b/hosts/kay/modules/sshfwd.nix @@ -17,12 +17,12 @@ in { services.openssh.extraConfig = '' Match Group ${group} - ForceCommand echo 'this account is only usable for forwarding' + ForceCommand echo 'this account is only usable for remote forwarding' PermitTunnel no AllowAgentForwarding no X11Forwarding no - AllowTcpForwarding yes - GatewayPorts yes + AllowTcpForwarding remote + GatewayPorts clientspecified ''; } -- cgit v1.2.3