Dustin C. Hatch
6396b9fc49
Since Gitea servers may be exposed directly to the Internet, it is important to prevent SSH tunneling, lest the server become an ingress point into the network. Additionally, the *gitea* user should not be allowed to use password authentication, as this would only work if the user actually has a password (which it does not) and would result in shell access instead of Gitea.
9 lines
179 B
YAML
9 lines
179 B
YAML
sshd_agent_forwarding: false
|
|
sshd_tcp_forwarding: false
|
|
sshd_x11_forwarding: false
|
|
sshd_config_matches:
|
|
- object: User
|
|
pattern: gitea
|
|
password_auth: false
|
|
permit_tty: false
|