diff options
| author | Chad Smith <chad.smith@canonical.com> | 2018-09-08 01:48:38 +0000 |
|---|---|---|
| committer | Server Team CI Bot <josh.powers+server-team-bot@canonical.com> | 2018-09-08 01:48:38 +0000 |
| commit | 757247f9ff2df57e792e29d8656ac415364e914d (patch) | |
| tree | b27def2f290792662508ad3faee21aec7ab9899d /cloudinit/ssh_util.py | |
| parent | d47d404e557333e29cdb07fd4c1ce2d90c403110 (diff) | |
| download | vyos-cloud-init-757247f9ff2df57e792e29d8656ac415364e914d.tar.gz vyos-cloud-init-757247f9ff2df57e792e29d8656ac415364e914d.zip | |
config: disable ssh access to a configured user account
Cloud config can now disable ssh access to non-root users.
When defining the 'users' list in cloud-configuration a boolean
'ssh_redirect_user: true' can be provided to disable ssh logins for
that user. Any ssh 'public-keys' defined in cloud meta-data will be added
and disabled in .ssh/authorized_keys. Any attempts to ssh as this user
using acceptable ssh keys will be presented with a message like the
following:
Please login as the user "ubuntu" rather than the user "youruser".
Diffstat (limited to 'cloudinit/ssh_util.py')
| -rw-r--r-- | cloudinit/ssh_util.py | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/cloudinit/ssh_util.py b/cloudinit/ssh_util.py index 73c31772..3f99b58c 100644 --- a/cloudinit/ssh_util.py +++ b/cloudinit/ssh_util.py @@ -41,6 +41,12 @@ VALID_KEY_TYPES = ( ) +DISABLE_USER_OPTS = ( + "no-port-forwarding,no-agent-forwarding," + "no-X11-forwarding,command=\"echo \'Please login as the user \\\"$USER\\\"" + " rather than the user \\\"$DISABLE_USER\\\".\';echo;sleep 10\"") + + class AuthKeyLine(object): def __init__(self, source, keytype=None, base64=None, comment=None, options=None): |