Merge pull request #2637 from Gibheer/ssh-publickeys
allow native and ssh-keygen public key check
This commit is contained in:
Unknwon
commit
83c74878df
4 changed files with 230 additions and 12 deletions
|
|
@ -27,6 +27,11 @@ import (
|
|||
"github.com/gogits/gogs/modules/user"
|
||||
)
|
||||
|
||||
const (
|
||||
SSH_PUBLICKEY_CHECK_NATIVE = "native"
|
||||
SSH_PUBLICKEY_CHECK_KEYGEN = "ssh-keygen"
|
||||
)
|
||||
|
||||
type Scheme string
|
||||
|
||||
const (
|
||||
|
|
@ -67,6 +72,9 @@ var (
|
|||
SSHPort int
|
||||
SSHListenPort int
|
||||
SSHRootPath string
|
||||
SSHPublicKeyCheck string
|
||||
SSHWorkPath string
|
||||
SSHKeyGenPath string
|
||||
OfflineMode bool
|
||||
DisableRouterLog bool
|
||||
CertFile, KeyFile string
|
||||
|
|
@ -330,6 +338,29 @@ func NewContext() {
|
|||
if err := os.MkdirAll(SSHRootPath, 0700); err != nil {
|
||||
log.Fatal(4, "Fail to create '%s': %v", SSHRootPath, err)
|
||||
}
|
||||
checkDefault := SSH_PUBLICKEY_CHECK_KEYGEN
|
||||
if StartSSHServer {
|
||||
checkDefault = SSH_PUBLICKEY_CHECK_NATIVE
|
||||
}
|
||||
SSHPublicKeyCheck = sec.Key("SSH_PUBLICKEY_CHECK").MustString(checkDefault)
|
||||
if SSHPublicKeyCheck != SSH_PUBLICKEY_CHECK_NATIVE &&
|
||||
SSHPublicKeyCheck != SSH_PUBLICKEY_CHECK_KEYGEN {
|
||||
log.Fatal(4, "SSH_PUBLICKEY_CHECK must be ssh-keygen or native")
|
||||
}
|
||||
SSHWorkPath = sec.Key("SSH_WORK_PATH").MustString(os.TempDir())
|
||||
if !DisableSSH && (!StartSSHServer || SSHPublicKeyCheck == SSH_PUBLICKEY_CHECK_KEYGEN) {
|
||||
if tmpDirStat, err := os.Stat(SSHWorkPath); err != nil || !tmpDirStat.IsDir() {
|
||||
log.Fatal(4, "directory '%s' set in SSHWorkPath is not a directory: %s", SSHWorkPath, err)
|
||||
}
|
||||
}
|
||||
SSHKeyGenPath = sec.Key("SSH_KEYGEN_PATH").MustString("")
|
||||
if !DisableSSH && !StartSSHServer &&
|
||||
SSHKeyGenPath == "" && SSHPublicKeyCheck == SSH_PUBLICKEY_CHECK_KEYGEN {
|
||||
SSHKeyGenPath, err = exec.LookPath("ssh-keygen")
|
||||
if err != nil {
|
||||
log.Fatal(4, "could not find ssh-keygen, maybe set DISABLE_SSH to use the internal ssh server")
|
||||
}
|
||||
}
|
||||
OfflineMode = sec.Key("OFFLINE_MODE").MustBool()
|
||||
DisableRouterLog = sec.Key("DISABLE_ROUTER_LOG").MustBool()
|
||||
StaticRootPath = sec.Key("STATIC_ROOT_PATH").MustString(workDir)
|
||||
|
|
@ -461,6 +492,8 @@ var Service struct {
|
|||
EnableReverseProxyAuth bool
|
||||
EnableReverseProxyAutoRegister bool
|
||||
EnableCaptcha bool
|
||||
EnableMinimumKeySizeCheck bool
|
||||
MinimumKeySizes map[string]int
|
||||
}
|
||||
|
||||
func newService() {
|
||||
|
|
@ -473,6 +506,15 @@ func newService() {
|
|||
Service.EnableReverseProxyAuth = sec.Key("ENABLE_REVERSE_PROXY_AUTHENTICATION").MustBool()
|
||||
Service.EnableReverseProxyAutoRegister = sec.Key("ENABLE_REVERSE_PROXY_AUTO_REGISTRATION").MustBool()
|
||||
Service.EnableCaptcha = sec.Key("ENABLE_CAPTCHA").MustBool()
|
||||
Service.EnableMinimumKeySizeCheck = sec.Key("ENABLE_MINIMUM_KEY_SIZE_CHECK").MustBool()
|
||||
Service.MinimumKeySizes = map[string]int{}
|
||||
|
||||
minimumKeySizes := Cfg.Section("service.minimum_key_sizes").Keys()
|
||||
for _, key := range minimumKeySizes {
|
||||
if key.MustInt() != -1 {
|
||||
Service.MinimumKeySizes[strings.ToLower(key.Name())] = key.MustInt()
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
var logLevels = map[string]string{
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue