| commit | 820f2bd5ba2da9ca80db16cc226894a1da2a69c4 | |
| author | Kyle J. McKay <mackyle@gmail.com> | |
| Fri, 27 Dec 2013 01:01:39 +0000 (26 17:01 -0800) | ||
| committer | Kyle J. McKay <mackyle@gmail.com> | |
| Fri, 27 Dec 2013 01:01:39 +0000 (26 17:01 -0800) | ||
| tree | 23fa174567de0311ace3d58e297b5ab5dbeb8dfd | treesnapshot (tar.gz zip) |
| parent | 435338343d5ae18fc2ac8b6139cfe56b9f4bd7f0 | commitdiff |
jailsetup.sh: Improve chroot jail sshd_config
There's no reason to allow any kind of port, agent or tunnel forwarding
in the ssh chroot jail used to run git-shell. Make sure all those are
actually disabled by adding specific configuration items turning them off.
There are also no per-user home directories, so do not try to read them.
Turn on IgnoreUserKnownHosts to stop trying to access ~/.ssh/known_hosts
since the chroot ssh jail does not have any such user directories.
The only supported command is git-shell so do not try and print any last
log information or message of the day. Add configuration commands to
make it so.
Finally disable doing reverse DNS lookups on incoming connections as
this just wastes machine resources and spews useless warnings into the
log if the lookup fails.
There's no reason to allow any kind of port, agent or tunnel forwarding
in the ssh chroot jail used to run git-shell. Make sure all those are
actually disabled by adding specific configuration items turning them off.
There are also no per-user home directories, so do not try to read them.
Turn on IgnoreUserKnownHosts to stop trying to access ~/.ssh/known_hosts
since the chroot ssh jail does not have any such user directories.
The only supported command is git-shell so do not try and print any last
log information or message of the day. Add configuration commands to
make it so.
Finally disable doing reverse DNS lookups on incoming connections as
this just wastes machine resources and spews useless warnings into the
log if the lookup fails.
| jailsetup.sh | diffblobblamehistory |