Make internal SSH server host key path configurable (#14918)

* Make SSH server host key path configurable * make it possible to have multiple keys * Make gitea.rsa the default key * Add some more logging Signed-off-by: Andrew Thornton <art27@cantab.net>
2025-05-22 17:48:23 +08:00 · 2021-03-08 02:43:59 +00:00
parent 78b7529cd4
commit c03f530212
10 changed files with 62 additions and 40 deletions
--- a/modules/setting/setting.go
+++ b/modules/setting/setting.go
@ -132,6 +132,7 @@ var (
 		ServerCiphers                  []string          `ini:"SSH_SERVER_CIPHERS"`
 		ServerKeyExchanges             []string          `ini:"SSH_SERVER_KEY_EXCHANGES"`
 		ServerMACs                     []string          `ini:"SSH_SERVER_MACS"`
+		ServerHostKeys                 []string          `ini:"SSH_SERVER_HOST_KEYS"`
 		KeyTestPath                    string            `ini:"SSH_KEY_TEST_PATH"`
 		KeygenPath                     string            `ini:"SSH_KEYGEN_PATH"`
 		AuthorizedKeysBackup           bool              `ini:"SSH_AUTHORIZED_KEYS_BACKUP"`
@ -157,6 +158,7 @@ var (
 		KeygenPath:          "ssh-keygen",
 		MinimumKeySizeCheck: true,
 		MinimumKeySizes:     map[string]int{"ed25519": 256, "ed25519-sk": 256, "ecdsa": 256, "ecdsa-sk": 256, "rsa": 2048},
+		ServerHostKeys:      []string{"ssh/gitea.rsa", "ssh/gogs.rsa"},
 	}

 	// Security settings
@ -698,6 +700,11 @@ func NewContext() {
 	if err = Cfg.Section("server").MapTo(&SSH); err != nil {
 		log.Fatal("Failed to map SSH settings: %v", err)
 	}
+	for i, key := range SSH.ServerHostKeys {
+		if !filepath.IsAbs(key) {
+			SSH.ServerHostKeys[i] = filepath.Join(AppDataPath, key)
+		}
+	}

 	SSH.KeygenPath = sec.Key("SSH_KEYGEN_PATH").MustString("ssh-keygen")
 	SSH.Port = sec.Key("SSH_PORT").MustInt(22)