-
-
Notifications
You must be signed in to change notification settings - Fork 5.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Refactor SSH init code, fix directory creation for TrustedUserCAKeys …
…file (#20299) (#20306) Backport #20299. Follow #20298. Only the `GlobalInitInstalled` function should prepare the SSH files for external server or starts the builtin server. * `trustedUserCaKeys` is removed, use `SSH.TrustedUserCAKeys` directly * introduce `ssh.Init`, move the SSH init code from `routers/init.go` to it * `ssh.Init` will start builtin SSH server or prepare external SSH server files
- Loading branch information
1 parent
c556a83
commit 54ef658
Showing
4 changed files
with
63 additions
and
29 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
// Copyright 2022 The Gitea Authors. All rights reserved. | ||
// Use of this source code is governed by a MIT-style | ||
// license that can be found in the LICENSE file. | ||
|
||
package ssh | ||
|
||
import ( | ||
"fmt" | ||
"net" | ||
"os" | ||
"path/filepath" | ||
"strconv" | ||
"strings" | ||
|
||
"code.gitea.io/gitea/modules/log" | ||
"code.gitea.io/gitea/modules/setting" | ||
) | ||
|
||
func Init() error { | ||
if setting.SSH.Disabled { | ||
return nil | ||
} | ||
|
||
if setting.SSH.StartBuiltinServer { | ||
Listen(setting.SSH.ListenHost, setting.SSH.ListenPort, setting.SSH.ServerCiphers, setting.SSH.ServerKeyExchanges, setting.SSH.ServerMACs) | ||
log.Info("SSH server started on %s. Cipher list (%v), key exchange algorithms (%v), MACs (%v)", | ||
net.JoinHostPort(setting.SSH.ListenHost, strconv.Itoa(setting.SSH.ListenPort)), | ||
setting.SSH.ServerCiphers, setting.SSH.ServerKeyExchanges, setting.SSH.ServerMACs, | ||
) | ||
return nil | ||
} | ||
|
||
builtinUnused() | ||
|
||
// FIXME: why 0o644 for a directory ..... | ||
if err := os.MkdirAll(setting.SSH.KeyTestPath, 0o644); err != nil { | ||
return fmt.Errorf("failed to create directory %q for ssh key test: %w", setting.SSH.KeyTestPath, err) | ||
} | ||
|
||
if len(setting.SSH.TrustedUserCAKeys) > 0 && setting.SSH.AuthorizedPrincipalsEnabled { | ||
caKeysFileName := setting.SSH.TrustedUserCAKeysFile | ||
caKeysFileDir := filepath.Dir(caKeysFileName) | ||
|
||
err := os.MkdirAll(caKeysFileDir, 0o700) // SSH.RootPath by default (That is `~/.ssh` in most cases) | ||
if err != nil { | ||
return fmt.Errorf("failed to create directory %q for ssh trusted ca keys: %w", caKeysFileDir, err) | ||
} | ||
|
||
if err := os.WriteFile(caKeysFileName, []byte(strings.Join(setting.SSH.TrustedUserCAKeys, "\n")), 0o600); err != nil { | ||
return fmt.Errorf("failed to write ssh trusted ca keys to %q: %w", caKeysFileName, err) | ||
} | ||
} | ||
|
||
return nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters