Use restrict key option and relative borg command (!433) · Merge requests · Arch Linux / infrastructure

Evangelos Foutras requested to merge simplify-borg_client-authorized_keys into master Jun 28, 2021

No functional change; the "restrict" key option is a shorthand for:

no-agent-forwarding
no-port-forwarding
no-X11-forwarding
no-pty
no-user-rc

It was added in OpenSSH 7.2 (2016-02-29) as a convenient way to specify an authorized key should have "all current and future key restrictions" applied to it.

Also switch to a relative borg command since its location is not really standardized; on rsync.net it appears to be located under usr/local/bin (though /usr/bin/borg works too, even if it doesn't exist!) and Hetzner just forces its own command, ignoring ours. 🐱

The Borg documentation seems to agree with both the above alterations:

[1] https://borgbackup.readthedocs.io/en/stable/usage/serve.html

Admin message

Use restrict key option and relative borg command

Merge request reports