From ef3e01ce61965291f0b91d0063ccb25449d52105 Mon Sep 17 00:00:00 2001
From: Evangelos Foutras <evangelos@foutrelis.com>
Date: Fri, 9 Jul 2021 02:04:08 +0300
Subject: [PATCH] Use restrict key option with svn-{packages,community}

No functional change; the "restrict" key option is a shorthand for:

- no-agent-forwarding
- no-port-forwarding
- no-X11-forwarding
- no-pty
- no-user-rc

It was added in OpenSSH 7.2 (2016-02-29) as a convenient way to specify
an authorized key should have "all current and future key restrictions"
applied to it.
---
 roles/dbscripts/templates/authorized_keys-group.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/dbscripts/templates/authorized_keys-group.j2 b/roles/dbscripts/templates/authorized_keys-group.j2
index 236ddae0d..cf9887de5 100644
--- a/roles/dbscripts/templates/authorized_keys-group.j2
+++ b/roles/dbscripts/templates/authorized_keys-group.j2
@@ -5,7 +5,7 @@
             {% set keys = lookup('file', '../pubkeys/'+user+'.pub').split("\n") %}
             {% for key in keys | sort %}
                 {% if "command" not in key -%}
-                    command="/usr/bin/svnserve --tunnel-user={{user}} -t",no-port-forwarding,no-agent-forwarding,no-pty {{key}}
+                    command="/usr/bin/svnserve --tunnel-user={{user}} -t",restrict {{key}}
                 {% endif %}
             {% endfor %}
         {% endif %}
-- 
GitLab