code.gitea.io/gitea@v1.19.3/modules/ssh/init.go (about) 1 // Copyright 2022 The Gitea Authors. All rights reserved. 2 // SPDX-License-Identifier: MIT 3 4 package ssh 5 6 import ( 7 "fmt" 8 "net" 9 "os" 10 "path/filepath" 11 "strconv" 12 "strings" 13 14 "code.gitea.io/gitea/modules/log" 15 "code.gitea.io/gitea/modules/setting" 16 ) 17 18 func Init() error { 19 if setting.SSH.Disabled { 20 builtinUnused() 21 return nil 22 } 23 24 if setting.SSH.StartBuiltinServer { 25 Listen(setting.SSH.ListenHost, setting.SSH.ListenPort, setting.SSH.ServerCiphers, setting.SSH.ServerKeyExchanges, setting.SSH.ServerMACs) 26 log.Info("SSH server started on %s. Cipher list (%v), key exchange algorithms (%v), MACs (%v)", 27 net.JoinHostPort(setting.SSH.ListenHost, strconv.Itoa(setting.SSH.ListenPort)), 28 setting.SSH.ServerCiphers, setting.SSH.ServerKeyExchanges, setting.SSH.ServerMACs, 29 ) 30 return nil 31 } 32 33 builtinUnused() 34 35 // FIXME: why 0o644 for a directory ..... 36 if err := os.MkdirAll(setting.SSH.KeyTestPath, 0o644); err != nil { 37 return fmt.Errorf("failed to create directory %q for ssh key test: %w", setting.SSH.KeyTestPath, err) 38 } 39 40 if len(setting.SSH.TrustedUserCAKeys) > 0 && setting.SSH.AuthorizedPrincipalsEnabled { 41 caKeysFileName := setting.SSH.TrustedUserCAKeysFile 42 caKeysFileDir := filepath.Dir(caKeysFileName) 43 44 err := os.MkdirAll(caKeysFileDir, 0o700) // SSH.RootPath by default (That is `~/.ssh` in most cases) 45 if err != nil { 46 return fmt.Errorf("failed to create directory %q for ssh trusted ca keys: %w", caKeysFileDir, err) 47 } 48 49 if err := os.WriteFile(caKeysFileName, []byte(strings.Join(setting.SSH.TrustedUserCAKeys, "\n")), 0o600); err != nil { 50 return fmt.Errorf("failed to write ssh trusted ca keys to %q: %w", caKeysFileName, err) 51 } 52 } 53 54 return nil 55 }