mirrors/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-12-26 09:50:41 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request '[GITEA] Restrict certificate type for builtin SSH server' (#1172) from Gusted/forgejo:forgejo-cert-user into forgejo-dependency

Browse source 
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1172
This commit is contained in:
Gusted 2023-08-02 17:08:24 +00:00
commit c929bfd22c
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
modules/ssh/ssh.go
View file

@ -186,6 +186,12 @@ func publicKeyHandler(ctx ssh.Context, key ssh.PublicKey) bool {
return false
}
if cert.CertType != gossh.UserCert {
log.Warn("Certificate Rejected: Not a user certificate")
log.Warn("Failed authentication attempt from %s", ctx.RemoteAddr())
return false
}
// look for the exact principal
principalLoop:
for _, principal := range cert.ValidPrincipals {