Merge pull request #2637 from Gibheer/ssh-publickeys

allow native and ssh-keygen public key check
2016-02-27 18:55:14 -05:00 · 2016-02-27 18:55:14 -05:00 · 83c74878df
commit 83c74878df
parent d320915ad2 e721c5cf86
4 changed files with 230 additions and 12 deletions
--- a/conf/app.ini
+++ b/conf/app.ini
@ -71,6 +71,13 @@ SSH_PORT = 22
 SSH_LISTEN_PORT = %(SSH_PORT)s
 ; Root path of SSH directory, default is '~/.ssh', but you have to use '/home/git/.ssh'.
 SSH_ROOT_PATH = 
+; override engine choice to check public keys (default: 'ssh-keygen' when
+; DISABLE_SSH is set to false else 'native')
+SSH_PUBLICKEY_CHECK =
+; directory to create temporary files when using ssh-keygen (default: /tmp)
+SSH_WORK_PATH =
+; path to ssh-keygen (default: result of `which ssh-keygen`)
+SSH_KEYGEN_PATH =
 ; Disable CDN even in "prod" mode
 OFFLINE_MODE = false
 DISABLE_ROUTER_LOG = false
@ -132,6 +139,15 @@ ENABLE_REVERSE_PROXY_AUTHENTICATION = false
 ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
 ; Enable captcha validation for registration
 ENABLE_CAPTCHA = true
+; Do not check minimum key size with corresponding type
+ENABLE_MINIMUM_KEY_SIZE_CHECK = false
+
+; define allowed algorithms and their minimum key length (use -1 to disable a type)
+[service.minimum_key_sizes]
+ED25519 = 256
+ECDSA   = 256
+RSA     = 2048
+DSA     = 1024

 [webhook]
 ; Hook task queue length