gitea: Restrict SSH configuration
Since Gitea servers may be exposed directly to the Internet, it is important to prevent SSH tunneling, lest the server become an ingress point into the network. Additionally, the *gitea* user should not be allowed to use password authentication, as this would only work if the user actually has a password (which it does not) and would result in shell access instead of Gitea.
This commit is contained in:
8
group_vars/gitea.yml
Normal file
8
group_vars/gitea.yml
Normal file
@@ -0,0 +1,8 @@
|
||||
sshd_agent_forwarding: false
|
||||
sshd_tcp_forwarding: false
|
||||
sshd_x11_forwarding: false
|
||||
sshd_config_matches:
|
||||
- object: User
|
||||
pattern: gitea
|
||||
password_auth: false
|
||||
permit_tty: false
|
||||
Reference in New Issue
Block a user