Set list of offered SSH authentication methods. #1159
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Make the SSH authentication methods used by the server configurable,
so that for example password authentication can be turned off.
For this, a
git.sshAuthenticationMethods
setting is added which is a spaceseparated list of authentication method names. Only the methods listed will
be enabled in the server.
This is modeled after the option of the same name from sshd_config, but it
does not offer listing multiple required methods. It leaves the door open,
though, for a later extension to support such a multi-factor authentication.
Since this also includes Kerberos authentication with GSS API, this obsoletes
the
git.sshWithKrb5
property. The latter is removed. Instead, to enableKerberos5 authentication, add the method name
gssapi-with-mic
to theauthentication methods list.
This PR has been tested manually but doesn't include unit tests. All the existing unit tests still run, but I didn't find a good way to add anew one for the functionality, mostly because running a SshUnitTest with different start-up settings isn't supported and quick to implement elegantly. If someone has a suggestion, please comment.