-
-
Notifications
You must be signed in to change notification settings - Fork 5.5k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Refactor SSH init code, fix directory creation for TrustedUserCAKeys …
…file
- Loading branch information
1 parent
36353e2
commit b730217
Showing
4 changed files
with
56 additions
and
29 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
package ssh | ||
|
||
import ( | ||
"fmt" | ||
"net" | ||
"os" | ||
"path/filepath" | ||
"strconv" | ||
"strings" | ||
|
||
"code.gitea.io/gitea/modules/log" | ||
"code.gitea.io/gitea/modules/setting" | ||
) | ||
|
||
func Init() error { | ||
if setting.SSH.Disabled { | ||
return nil | ||
} | ||
|
||
if setting.SSH.StartBuiltinServer { | ||
Listen(setting.SSH.ListenHost, setting.SSH.ListenPort, setting.SSH.ServerCiphers, setting.SSH.ServerKeyExchanges, setting.SSH.ServerMACs) | ||
log.Info("SSH server started on %s. Cipher list (%v), key exchange algorithms (%v), MACs (%v)", | ||
net.JoinHostPort(setting.SSH.ListenHost, strconv.Itoa(setting.SSH.ListenPort)), | ||
setting.SSH.ServerCiphers, setting.SSH.ServerKeyExchanges, setting.SSH.ServerMACs, | ||
) | ||
} else { | ||
builtinUnused() | ||
// FIXME: why 0o644 for a directory ..... | ||
if err := os.MkdirAll(setting.SSH.KeyTestPath, 0o644); err != nil { | ||
return fmt.Errorf("failed to create directory %q for ssh key test: %w", setting.SSH.KeyTestPath, err) | ||
} | ||
if len(setting.SSH.TrustedUserCAKeys) > 0 && setting.SSH.AuthorizedPrincipalsEnabled { | ||
caKeysFileName := setting.SSH.TrustedUserCAKeysFile | ||
caKeysFileDir := filepath.Dir(caKeysFileName) | ||
|
||
err := os.MkdirAll(caKeysFileDir, 0o700) // it should be the `~/.ssh` directory in most cases | ||
if err != nil { | ||
return fmt.Errorf("failed to create directory %q for ssh trusted ca keys: %w", caKeysFileDir, err) | ||
} | ||
|
||
if err := os.WriteFile(caKeysFileName, []byte(strings.Join(setting.SSH.TrustedUserCAKeys, "\n")), 0o600); err != nil { | ||
return fmt.Errorf("failed to write ssh trusted ca keys to %q: %w", caKeysFileName, err) | ||
} | ||
} | ||
} | ||
|
||
return nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters