SSH ForceCommand is now optional

When sftp_force_command is false, we can force a per user specific command by putting the "command" option in the .ssh/authorized_keys for the user in question. Example: /home/user/.ssh/authorized_keys command="rsync --server -av --delete . /my/dir", ssh-rsa AAAA....
rastandy · Sep 12, 2016 · 490cf93 · 490cf93
1 parent 4dbadbe
commit 490cf93
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/templates/sshd_config.j2 b/templates/sshd_config.j2
@@ -6,7 +6,9 @@ Match Group {{ sftp_group_name }}
     AllowTCPForwarding no
     AllowAgentForwarding no
     X11Forwarding no
+{%if sftp_force_command %}
     ForceCommand {{ sftp_force_command }}
+{% endif %}
     PubkeyAuthentication yes
     PasswordAuthentication {% if sftp_allow_passwords %}yes{% else %}no{% endif %}