diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2020-12-12 11:29:02 +0100 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2020-12-12 11:45:24 +0100 |
| commit | 22ef303cdc7b6d5f7de35d3189fbf157093c258e (patch) | |
| tree | 069f477a73baea68b3152f903a9625eba1b9076c /README | |
| parent | 4d2ad4a3c2b6bcdb97934264bc3d37a8c63239d4 (diff) | |
README: use 'restrict' option in authorized_keys(5) snippet.
This is shorter and more future-proof. Quoting the manual:
restrict
Enable all restrictions, i.e. disable port, agent and X11
forwarding, as well as disabling PTY allocation and execution of
~/.ssh/rc. If any future restriction capabilities are added to
authorized_keys files they will be included in this set.
Note that this won't work with Jessie's OpenSSH server.
Diffstat (limited to 'README')
| -rw-r--r-- | README | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -69,7 +69,7 @@ type=imaps. Compression yes remote: ~user/.ssh/authorized_keys: - command="/usr/lib/dovecot/imap",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ssh-... id-interimap + restrict,command="/usr/bin/doveadm exec imap" ssh-[…] id-interimap However for long-lived connections (using the --watch command-line option), the TLS overhead becomes negligible hence the advantage offered |