diff options
| -rw-r--r-- | roles/users/templates/authorized_keys.j2 | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/roles/users/templates/authorized_keys.j2 b/roles/users/templates/authorized_keys.j2 index 33a30f2..73315aa 100644 --- a/roles/users/templates/authorized_keys.j2 +++ b/roles/users/templates/authorized_keys.j2 @@ -1,3 +1,9 @@ -{% for key in userdata[item].authorized_keys %} +{% if users[item] == 'jumponly' %} +{% for key in userdata[item].authorized_keys %} +restrict,command="echo 'This account can only be used for ProxyJump (ssh -J)'",port-forwarding {{ key }} +{% endfor %} +{% else %} +{% for key in userdata[item].authorized_keys %} {{ key }} -{% endfor %} +{% endfor %} +{% endif %} |