Infini-DL360/ssh: add forwarding user

2024-12-04 12:00:25 -05:00 · 2024-12-04 12:00:25 -05:00 · d8cda888d9
commit d8cda888d9
parent 21d7e61cbf
1 changed files with 15 additions and 0 deletions
--- a/hosts/Infini-DL360/ssh.nix
+++ b/hosts/Infini-DL360/ssh.nix
@ -22,6 +22,12 @@ in
      group = "nogroup";
    };

+    forward = {
+      description = "User for ssh forwarding";
+      isSystemUser = true;
+      group = "nogroup";
+    };
+
    neofetch = {
      description = "SSH Neofetch";
      isSystemUser = true;
@ -69,6 +75,15 @@ in
      GatewayPorts no
      PasswordAuthentication no

+    Match user forward
+      AuthorizedKeysFile /etc/ssh/authorized_keys.d/infinidoge /etc/ssh/authorized_keys.d/%u
+      ForceCommand ${pkgs.shadow}/bin/nologin
+      PermitTTY no
+      X11Forwarding no
+      PermitTunnel yes
+      GatewayPorts no
+      PasswordAuthentication no
+
    Match user neofetch
      ForceCommand ${pkgs.hyfetch}/bin/neowofetch --config ${neofetchConfig}
      PermitTTY yes