From 1204730924436ef9e1c7c49c9557837f9a5ed0e8 Mon Sep 17 00:00:00 2001
From: clarkzjw <i@jinwei.me>
Date: Wed, 8 Feb 2023 00:40:09 -0800
Subject: fork https://github.com/mattsta/mailweb

---
 ansible/roles/common/files/ssh-transfer-only.sh | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100755 ansible/roles/common/files/ssh-transfer-only.sh

(limited to 'ansible/roles/common/files/ssh-transfer-only.sh')

diff --git a/ansible/roles/common/files/ssh-transfer-only.sh b/ansible/roles/common/files/ssh-transfer-only.sh
new file mode 100755
index 0000000..c1f0624
--- /dev/null
+++ b/ansible/roles/common/files/ssh-transfer-only.sh
@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+
+# Only allow ssh commands starting with 'scp' or 'rsync'
+case $SSH_ORIGINAL_COMMAND in
+    scp*)
+        $SSH_ORIGINAL_COMMAND ;;
+    rsync*)
+        $SSH_ORIGINAL_COMMAND ;;
+    *)
+        echo "Not allowed with this key: $SSH_ORIGINAL_COMMAND" ;;
+esac
-- 
cgit v1.2.3