gitea: Restrict SSH configuration
Since Gitea servers may be exposed directly to the Internet, it is important to prevent SSH tunneling, lest the server become an ingress point into the network. Additionally, the *gitea* user should not be allowed to use password authentication, as this would only work if the user actually has a password (which it does not) and would result in shell access instead of Gitea.jenkins-master
parent
2be0e3d0a5
commit
6396b9fc49
|
|
@ -2,6 +2,7 @@
|
|||
roles:
|
||||
- apache
|
||||
- gitea
|
||||
- sshd
|
||||
tasks:
|
||||
- name: ensure apache is running
|
||||
service:
|
||||
|
|
|
|||
|
|
@ -0,0 +1,8 @@
|
|||
sshd_agent_forwarding: false
|
||||
sshd_tcp_forwarding: false
|
||||
sshd_x11_forwarding: false
|
||||
sshd_config_matches:
|
||||
- object: User
|
||||
pattern: gitea
|
||||
password_auth: false
|
||||
permit_tty: false
|
||||
Loading…
Reference in New Issue