allow ssh jump users to also do reverse forwards

author: Christian Pointner <equinox@spreadspace.org> 2024-08-22 16:13:18 +0200
committer: Christian Pointner <equinox@spreadspace.org> 2024-08-22 16:13:18 +0200
commit: 08bbb7ad699f95c31fdd8fd81361a2db79dd19f9 (patch)
tree: c3e122e9f517f00823203551b6f2fa795da42864 /roles/core/sshd/jump/tasks/main.yml
parent: add hacky workaround for thunnderbird snap with external gpg... (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/roles/core/sshd/jump/tasks/main.yml b/roles/core/sshd/jump/tasks/main.yml
index 2120cbd6..59cb4f66 100644
--- a/roles/core/sshd/jump/tasks/main.yml
+++ b/roles/core/sshd/jump/tasks/main.yml
@@ -49,9 +49,9 @@
         AllowAgentForwarding no
         AllowStreamLocalForwarding no
         ForceCommand /sbin/nologin
-        AllowTcpForwarding local
+        AllowTcpForwarding {{ config.tcp_forwarding | default('local') }}
         PermitOpen {{ config.permit_open | default(['any']) | list | join(' ') }}
-        PermitListen none
+        PermitListen {{ config.permit_listen | default(['none']) | list | join(' ') }}
       {%   if not loop.last %}
 
       {%   endif %}
author	Christian Pointner <equinox@spreadspace.org>	2024-08-22 16:13:18 +0200
committer	Christian Pointner <equinox@spreadspace.org>	2024-08-22 16:13:18 +0200
commit	08bbb7ad699f95c31fdd8fd81361a2db79dd19f9 (patch)
tree	c3e122e9f517f00823203551b6f2fa795da42864 /roles/core/sshd/jump/tasks/main.yml
parent	add hacky workaround for thunnderbird snap with external gpg... (diff)