From 22ef303cdc7b6d5f7de35d3189fbf157093c258e Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Sat, 12 Dec 2020 11:29:02 +0100
Subject: README: use 'restrict' option in authorized_keys(5) snippet.

This is shorter and more future-proof.  Quoting the manual:

    restrict

        Enable all restrictions, i.e. disable port, agent and X11
        forwarding, as well as disabling PTY allocation and execution of
        ~/.ssh/rc.  If any future restriction capabilities are added to
        authorized_keys files they will be included in this set.

Note that this won't work with Jessie's OpenSSH server.
---
 README | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'README')

diff --git a/README b/README
index d969da0..cee8443 100644
--- a/README
+++ b/README
@@ -69,7 +69,7 @@ type=imaps.
           Compression yes
 
     remote: ~user/.ssh/authorized_keys:
-      command="/usr/lib/dovecot/imap",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ssh-... id-interimap
+      restrict,command="/usr/bin/doveadm exec imap" ssh-[…] id-interimap
 
 However for long-lived connections (using the --watch command-line
 option), the TLS overhead becomes negligible hence the advantage offered
-- 
cgit v1.2.3