conf: add option to rewrite authorized_keys file at start (#4435)

Added config option '[server] REWRITE_AUTHORIZED_KEYS_AT_START'.
7 years ago · 932490d7f1
6 changed files with 35 additions and 17 deletions
--- a/conf/app.ini
+++ b/conf/app.ini
@ -35,6 +35,8 @@ SSH_LISTEN_HOST = 0.0.0.0
 SSH_LISTEN_PORT = %(SSH_PORT)s
 ; Root path of SSH directory, default is '~/.ssh', but you have to use '/home/git/.ssh'.
 SSH_ROOT_PATH =
+; Indicate whether to rewrite authorized_keys at start, ignored when use builtin SSH server
+REWRITE_AUTHORIZED_KEYS_AT_START = false
 ; Choose the ciphers to support for SSH connections
 SSH_SERVER_CIPHERS = aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, arcfour256, arcfour128
 ; Directory to create temporary files when test publick key using ssh-keygen,
--- a/gogs.go
+++ b/gogs.go
@ -16,7 +16,7 @@ import (
 	"github.com/gogits/gogs/pkg/setting"
 )

-const APP_VER = "0.11.41.0329"
+const APP_VER = "0.11.42.0330"

 func init() {
 	setting.AppVer = APP_VER
--- a/pkg/bindata/bindata.go
+++ b/pkg/bindata/bindata.go
--- a/pkg/setting/setting.go
+++ b/pkg/setting/setting.go
@ -89,6 +89,7 @@ var (
 		ListenHost                   string         `ini:"SSH_LISTEN_HOST"`
 		ListenPort                   int            `ini:"SSH_LISTEN_PORT"`
 		RootPath                     string         `ini:"SSH_ROOT_PATH"`
+		RewriteAuthorizedKeysAtStrat bool           `ini:"REWRITE_AUTHORIZED_KEYS_AT_START"`
 		ServerCiphers                []string       `ini:"SSH_SERVER_CIPHERS"`
 		KeyTestPath                  string         `ini:"SSH_KEY_TEST_PATH"`
 		KeygenPath                   string         `ini:"SSH_KEYGEN_PATH"`
@ -486,6 +487,7 @@ func NewContext() {
 	}

 	SSH.RootPath = path.Join(homeDir, ".ssh")
+	SSH.RewriteAuthorizedKeysAtStrat = sec.Key("REWRITE_AUTHORIZED_KEYS_AT_START").MustBool()
 	SSH.ServerCiphers = sec.Key("SSH_SERVER_CIPHERS").Strings(",")
 	SSH.KeyTestPath = os.TempDir()
 	if err = Cfg.Section("server").MapTo(&SSH); err != nil {
@ -504,6 +506,10 @@ func NewContext() {
 		}
 	}

+	if SSH.StartBuiltinServer {
+		SSH.RewriteAuthorizedKeysAtStrat = false
+	}
+
 	// Check if server is eligible for minimum key size check when user choose to enable.
 	// Windows server and OpenSSH version lower than 5.1 (https://github.com/gogits/gogs/issues/4507)
 	// are forced to be disabled because the "ssh-keygen" in Windows does not print key type.
--- a/routes/install.go
+++ b/routes/install.go
@ -84,11 +84,21 @@ func GlobalInit() {
 	}
 	checkRunMode()

-	if setting.InstallLock && setting.SSH.StartBuiltinServer {
+	if !setting.InstallLock {
+		return
+	}
+
+	if setting.SSH.StartBuiltinServer {
 		ssh.Listen(setting.SSH.ListenHost, setting.SSH.ListenPort, setting.SSH.ServerCiphers)
 		log.Info("SSH server started on %s:%v", setting.SSH.ListenHost, setting.SSH.ListenPort)
 		log.Trace("SSH server cipher list: %v", setting.SSH.ServerCiphers)
 	}
+
+	if setting.SSH.RewriteAuthorizedKeysAtStrat {
+		if err := models.RewriteAuthorizedKeys(); err != nil {
+			log.Warn("Fail to rewrite authorized_keys file: %v", err)
+		}
+	}
 }

 func InstallInit(c *context.Context) {
--- a/templates/.VERSION
+++ b/templates/.VERSION
@ -1 +1 @@
-0.11.41.0329
+0.11.42.0330