forked from mirror/gitea
4ab8e56c91
- While doing some sanity checks over OpenSSH's code for how they handle certificates authentication. I stumbled on an condition that checks the certificate type is really an user certificate on the server-side authentication. This checks seems to be a formality and just for the sake of good domain seperation, because an user and host certificate don't differ in their generation, verification or flags that can be included. - Add this check to the builtin SSH server to stay close to the unwritten SSH specification. - This is an breaking change for setups where the builtin SSH server is being used and for some reason host certificates were being used for authentication. - (cherry picked from commit de35b141b79a3d6efe2127ed2c73fd481515e481) Refs: https://codeberg.org/forgejo/forgejo/pulls/1172 ## ⚠️ BREAKING ⚠️ Like OpenSSH, the built-in SSH server will now only accept SSH user certificates, not server certificates. Co-authored-by: Gusted <postmaster@gusted.xyz> Co-authored-by: Giteabot <teabot@gitea.io> |
||
---|---|---|
.. | ||
init.go | ||
ssh_graceful.go | ||
ssh.go |