Dustin C. Hatch
0d30e54fd5
Normal users do not need shell access to the file server, and certainly should not be allowed to e.g. forward ports through it. Using a `Match` block, we can apply restrictions to users who do not need administrative functionality. In this case, we restrict everyone who is not a member of the *Server Admins* group in the PYROCUFFLINK AD domain.
12 lines
283 B
Django/Jinja
12 lines
283 B
Django/Jinja
Match {{ fileserver_sftp_only_match }}
|
|
AllowAgentForwarding no
|
|
AllowStreamLocalForwarding no
|
|
AllowTcpForwarding no
|
|
DisableForwarding yes
|
|
ForceCommand internal-sftp
|
|
PermitListen none
|
|
PermitOpen none
|
|
PermitTTY no
|
|
PermitTunnel no
|
|
PermitUserRC no
|