16 lines
397 B
Plaintext
16 lines
397 B
Plaintext
|
# This is used by sshd in default VRF to receive configuration updates. Lock
|
||
|
|
# down to only allow executing the update script.
|
||
|
|
|
||
|
|
# Only allow pubkey auth.
|
||
|
|
KbdInteractiveAuthentication no
|
||
|
|
PasswordAuthentication no
|
||
|
|
PermitRootLogin prohibit-password
|
||
|
|
|
||
|
|
# Disable what we can.
|
||
|
|
AllowTcpForwarding no
|
||
|
|
GatewayPorts no
|
||
|
|
X11Forwarding no
|
||
|
|
|
||
|
|
# And then disable everything else.
|
||
|
|
ForceCommand /usr/local/bin/update
|