adding switch for ForwardAgent in ssh_config (#818)

Shizzlebix · web-flow · commit cb85a99e22f3 · 2024-11-11T19:52:38.000+01:00
* Update openssh.conf.j2

add switch for FowardAgent

* Update openssh.conf.j2

fix typo

* Update openssh.conf.j2

change ssh_ForwardAgent to ssh_forward_agent

* Update argument_specs.yml

adding context for ssh_forward_agent
diff --git a/roles/ssh_hardening/meta/argument_specs.yml b/roles/ssh_hardening/meta/argument_specs.yml
@@ -365,3 +365,6 @@ argument_specs:
         default: sandbox
         description: Specifies whether sshd separates privileges by creating an unprivileged
           child process to deal with incoming network traffic.
+      ssh_forward_agent:
+        default: 'no'
+        description: Enables the ssh forward agent for the Cli if set to 'yes'
diff --git a/roles/ssh_hardening/templates/openssh.conf.j2 b/roles/ssh_hardening/templates/openssh.conf.j2
@@ -90,7 +90,9 @@ StrictHostKeyChecking ask
 
 {% endif %}
 # Disable agent forwarding, since local agent could be accessed through forwarded connection.
-ForwardAgent no
+
+ForwardAgent {{ ((ssh_forward_agent) if ssh_forward_agent is defined else 'no')}} 
+
 
 # Disable X11 forwarding, since local X11 display could be accessed through forwarded connection.
 ForwardX11 no
