From 18b4f718ba614d67979bf1b94078ab4d6e8aa259 Mon Sep 17 00:00:00 2001
From: Pascal Terjan <pterjan@gmail.com>
Date: Thu, 13 Oct 2016 09:09:45 +0100
Subject: Restrict ssh access on rabbit

---
 modules/openssh/templates/sshd_config | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'modules')

diff --git a/modules/openssh/templates/sshd_config b/modules/openssh/templates/sshd_config
index ba197164..19a56cfa 100644
--- a/modules/openssh/templates/sshd_config
+++ b/modules/openssh/templates/sshd_config
@@ -126,3 +126,7 @@ Subsystem	sftp	<%= path_to_sftp %>/sftp-server
 Match User *,!schedbot,!root,!git Group *,!mga-sysadmin
         ForceCommand /usr/local/bin/sv_membersh.pl -c "$SSH_ORIGINAL_COMMAND"
 <% end %>
+
+<% if @hostname == 'rabbit' then %>
+AllowGroups root mga-unrestricted_shell_access mga-iso_makers mga-sysadmin
+<% end %>
-- 
cgit v1.2.1