Skip to content

Commit

Permalink
Update modules/ssh/init.go
Browse files Browse the repository at this point in the history
Co-authored-by: zeripath <art27@cantab.net>
  • Loading branch information
wxiaoguang and zeripath committed Jul 9, 2022
1 parent b730217 commit d42f0a4
Showing 1 changed file with 20 additions and 17 deletions.
37 changes: 20 additions & 17 deletions modules/ssh/init.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,24 +23,27 @@ func Init() error {
net.JoinHostPort(setting.SSH.ListenHost, strconv.Itoa(setting.SSH.ListenPort)),
setting.SSH.ServerCiphers, setting.SSH.ServerKeyExchanges, setting.SSH.ServerMACs,
)
} else {
builtinUnused()
// FIXME: why 0o644 for a directory .....
if err := os.MkdirAll(setting.SSH.KeyTestPath, 0o644); err != nil {
return fmt.Errorf("failed to create directory %q for ssh key test: %w", setting.SSH.KeyTestPath, err)
return nil
}

builtinUnused()

// FIXME: why 0o644 for a directory .....
if err := os.MkdirAll(setting.SSH.KeyTestPath, 0o644); err != nil {
return fmt.Errorf("failed to create directory %q for ssh key test: %w", setting.SSH.KeyTestPath, err)
}

if len(setting.SSH.TrustedUserCAKeys) > 0 && setting.SSH.AuthorizedPrincipalsEnabled {
caKeysFileName := setting.SSH.TrustedUserCAKeysFile
caKeysFileDir := filepath.Dir(caKeysFileName)

err := os.MkdirAll(caKeysFileDir, 0o700) // it should be the SSH.RootPath by default (`~/.ssh` in most cases)
if err != nil {
return fmt.Errorf("failed to create directory %q for ssh trusted ca keys: %w", caKeysFileDir, err)
}
if len(setting.SSH.TrustedUserCAKeys) > 0 && setting.SSH.AuthorizedPrincipalsEnabled {
caKeysFileName := setting.SSH.TrustedUserCAKeysFile
caKeysFileDir := filepath.Dir(caKeysFileName)

err := os.MkdirAll(caKeysFileDir, 0o700) // it should be the `~/.ssh` directory in most cases
if err != nil {
return fmt.Errorf("failed to create directory %q for ssh trusted ca keys: %w", caKeysFileDir, err)
}

if err := os.WriteFile(caKeysFileName, []byte(strings.Join(setting.SSH.TrustedUserCAKeys, "\n")), 0o600); err != nil {
return fmt.Errorf("failed to write ssh trusted ca keys to %q: %w", caKeysFileName, err)
}

if err := os.WriteFile(caKeysFileName, []byte(strings.Join(setting.SSH.TrustedUserCAKeys, "\n")), 0o600); err != nil {
return fmt.Errorf("failed to write ssh trusted ca keys to %q: %w", caKeysFileName, err)
}
}

Expand Down

0 comments on commit d42f0a4

Please sign in to comment.