[borgbackup-server] Use restrict directive for authorized_key

As documented in https://borgbackup.readthedocs.io/en/stable/usage/serve.html, openssh-server > 7.2 is available in debian since at least stretch (7.4) so no risk of compatibility issues.
2021-09-28 11:59:34 +00:00 · 2021-09-28 11:59:34 +00:00 · 8e6b97df34
parent 880767d8d0
commit 8e6b97df34
1 changed files with 1 additions and 1 deletions
--- a/roles/borgbackup-server/templates/authorized_keys.j2
+++ b/roles/borgbackup-server/templates/authorized_keys.j2
@ -1,3 +1,3 @@
 {{ ansible_header | comment }}
-command="borg serve --restrict-to-path {{ borg.path }}",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding {{ vault.borgbackup_ssh_pubkey }}
+command="borg serve --restrict-to-path {{ borg.path }}",restrict {{ vault.borgbackup_ssh_pubkey }}
`@ -1,3 +1,3 @@`
	`{{ ansible_header \| comment }}`	`{{ ansible_header \| comment }}`

	`command="borg serve --restrict-to-path {{ borg.path }}",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding {{ vault.borgbackup_ssh_pubkey }}`	`command="borg serve --restrict-to-path {{ borg.path }}",restrict {{ vault.borgbackup_ssh_pubkey }}`