USEFULL
/
gogs
mirror of https://github.com/gogs/gogs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

conf: add option to rewrite authorized_keys file at start (#4435) 

Added config option '[server] REWRITE_AUTHORIZED_KEYS_AT_START'.
pull/4985/merge
Unknwon 2018-03-30 01:32:18 -04:00
parent a855abf8c0
commit 932490d7f1
No known key found for this signature in database
GPG Key ID: 25B575AE3213B2B3
6 changed files with 35 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
conf/app.ini
View File

@ -35,6 +35,8 @@ SSH_LISTEN_HOST = 0.0.0.0
SSH_LISTEN_PORT = %(SSH_PORT)s
; Root path of SSH directory, default is '~/.ssh', but you have to use '/home/git/.ssh'.
SSH_ROOT_PATH =
; Indicate whether to rewrite authorized_keys at start, ignored when use builtin SSH server
REWRITE_AUTHORIZED_KEYS_AT_START = false
; Choose the ciphers to support for SSH connections
SSH_SERVER_CIPHERS = aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, arcfour256, arcfour128
; Directory to create temporary files when test publick key using ssh-keygen,

2
gogs.go
View File

@ -16,7 +16,7 @@ import (
"github.com/gogits/gogs/pkg/setting"
)
const APP_VER = "0.11.41.0329"
const APP_VER = "0.11.42.0330"
func init() {
setting.AppVer = APP_VER

4
pkg/bindata/bindata.go
View File

File diff suppressed because one or more lines are too long

30
pkg/setting/setting.go
View File

@ -82,18 +82,19 @@ var (
}
SSH struct {
Disabled bool `ini:"DISABLE_SSH"`
StartBuiltinServer bool `ini:"START_SSH_SERVER"`
Domain string `ini:"SSH_DOMAIN"`
Port int `ini:"SSH_PORT"`
ListenHost string `ini:"SSH_LISTEN_HOST"`
ListenPort int `ini:"SSH_LISTEN_PORT"`
RootPath string `ini:"SSH_ROOT_PATH"`
ServerCiphers []string `ini:"SSH_SERVER_CIPHERS"`
KeyTestPath string `ini:"SSH_KEY_TEST_PATH"`
KeygenPath string `ini:"SSH_KEYGEN_PATH"`
MinimumKeySizeCheck bool `ini:"MINIMUM_KEY_SIZE_CHECK"`
MinimumKeySizes map[string]int `ini:"-"`
Disabled bool `ini:"DISABLE_SSH"`
StartBuiltinServer bool `ini:"START_SSH_SERVER"`
Domain string `ini:"SSH_DOMAIN"`
Port int `ini:"SSH_PORT"`
ListenHost string `ini:"SSH_LISTEN_HOST"`
ListenPort int `ini:"SSH_LISTEN_PORT"`
RootPath string `ini:"SSH_ROOT_PATH"`
RewriteAuthorizedKeysAtStrat bool `ini:"REWRITE_AUTHORIZED_KEYS_AT_START"`
ServerCiphers []string `ini:"SSH_SERVER_CIPHERS"`
KeyTestPath string `ini:"SSH_KEY_TEST_PATH"`
KeygenPath string `ini:"SSH_KEYGEN_PATH"`
MinimumKeySizeCheck bool `ini:"MINIMUM_KEY_SIZE_CHECK"`
MinimumKeySizes map[string]int `ini:"-"`
}
// Security settings
@ -486,6 +487,7 @@ func NewContext() {
}
SSH.RootPath = path.Join(homeDir, ".ssh")
SSH.RewriteAuthorizedKeysAtStrat = sec.Key("REWRITE_AUTHORIZED_KEYS_AT_START").MustBool()
SSH.ServerCiphers = sec.Key("SSH_SERVER_CIPHERS").Strings(",")
SSH.KeyTestPath = os.TempDir()
if err = Cfg.Section("server").MapTo(&SSH); err != nil {
@ -504,6 +506,10 @@ func NewContext() {
}
}
if SSH.StartBuiltinServer {
SSH.RewriteAuthorizedKeysAtStrat = false
}
// Check if server is eligible for minimum key size check when user choose to enable.
// Windows server and OpenSSH version lower than 5.1 (https://github.com/gogits/gogs/issues/4507)
// are forced to be disabled because the "ssh-keygen" in Windows does not print key type.

12
routes/install.go
View File

@ -84,11 +84,21 @@ func GlobalInit() {
}
checkRunMode()
if setting.InstallLock && setting.SSH.StartBuiltinServer {
if !setting.InstallLock {
return
}
if setting.SSH.StartBuiltinServer {
ssh.Listen(setting.SSH.ListenHost, setting.SSH.ListenPort, setting.SSH.ServerCiphers)
log.Info("SSH server started on %s:%v", setting.SSH.ListenHost, setting.SSH.ListenPort)
log.Trace("SSH server cipher list: %v", setting.SSH.ServerCiphers)
}
if setting.SSH.RewriteAuthorizedKeysAtStrat {
if err := models.RewriteAuthorizedKeys(); err != nil {
log.Warn("Fail to rewrite authorized_keys file: %v", err)
}
}
}
func InstallInit(c *context.Context) {

2
templates/.VERSION
View File

@ -1 +1 @@
0.11.41.0329
0.11.42.0330