Closed vonHabsi closed 4 years ago
The docs linked above recommend "restrict", which is easy to overlook. It includes all of the above restrictions (and any added in the future).
restrict Enable all restrictions, i.e. disable port, agent and X11 forwarding, as well as disabling PTY allocation and exe‐ cution of ~/.ssh/rc. If any future restriction capabilities are added to authorized_keys files they will be in‐ cluded in this set.
A number of server utilities which use SSH apply to some restrictions to the ssh public keys of clients. Gitolite for instances uses
command="/usr/bin/gitolite/src/gitolite-shell username",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty
.Do you have some similar recommendations for borg, on both server and client?
Are there some general server hardening guides for borg servers?