From d3a6d406d81fd6b9111b4e2fee56f465847e726d Mon Sep 17 00:00:00 2001 From: Justin Oros Date: Sun, 19 Apr 2026 11:26:15 -0700 Subject: [PATCH] setup-hub.sh: change AllowTcpForwarding from yes to local to restrict forwarding to local connections only --- hub/setup-hub.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hub/setup-hub.sh b/hub/setup-hub.sh index 76654ce..49f83c3 100755 --- a/hub/setup-hub.sh +++ b/hub/setup-hub.sh @@ -136,7 +136,7 @@ header "SSH Server Configuration" SSHD_CONF="/etc/ssh/sshd_config" [ -f "$SSHD_CONF" ] || die "sshd_config not found at $SSHD_CONF" -for DIRECTIVE in "GatewayPorts no" "AllowTcpForwarding yes" "ClientAliveInterval 60" "ClientAliveCountMax 3"; do +for DIRECTIVE in "GatewayPorts no" "AllowTcpForwarding local" "ClientAliveInterval 60" "ClientAliveCountMax 3"; do KEY="${DIRECTIVE%% *}" if grep -q "^$KEY" "$SSHD_CONF"; then sed -i "s|^$KEY.*|$DIRECTIVE|" "$SSHD_CONF" @@ -251,7 +251,7 @@ info "Mount point created at $MOUNT_POINT." header "Hub Setup Complete" echo -e " Hub user: ${GREEN}$HUB_USER${NC}" -echo -e " SSH config: ${GREEN}GatewayPorts no, AllowTcpForwarding yes, ClientAliveInterval 60${NC}" +echo -e " SSH config: ${GREEN}GatewayPorts no, AllowTcpForwarding local, ClientAliveInterval 60${NC}" echo -e " FUSE: ${GREEN}user_allow_other enabled${NC}" echo -e " rclone config: ${GREEN}$RCLONE_CONF${NC}" echo -e " Mount point: ${GREEN}$MOUNT_POINT${NC}"