From 0fd7afb090e683cf4b219e69d6a9905394621ffe Mon Sep 17 00:00:00 2001 From: Emil Renner Berthing Date: Mon, 1 Jun 2020 17:54:08 +0200 Subject: users: add support for jumponly users --- roles/users/templates/authorized_keys.j2 | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/roles/users/templates/authorized_keys.j2 b/roles/users/templates/authorized_keys.j2 index 33a30f2..73315aa 100644 --- a/roles/users/templates/authorized_keys.j2 +++ b/roles/users/templates/authorized_keys.j2 @@ -1,3 +1,9 @@ -{% for key in userdata[item].authorized_keys %} +{% if users[item] == 'jumponly' %} +{% for key in userdata[item].authorized_keys %} +restrict,command="echo 'This account can only be used for ProxyJump (ssh -J)'",port-forwarding {{ key }} +{% endfor %} +{% else %} +{% for key in userdata[item].authorized_keys %} {{ key }} -{% endfor %} +{% endfor %} +{% endif %} -- cgit v1.2.1