Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Set list of offered SSH authentication methods. #1159

Merged
merged 1 commit into from
Jan 21, 2017

Conversation

flaix
Copy link
Member

@flaix flaix commented Dec 6, 2016

Make the SSH authentication methods used by the server configurable,
so that for example password authentication can be turned off.

For this, a git.sshAuthenticationMethods setting is added which is a space
separated list of authentication method names. Only the methods listed will
be enabled in the server.
This is modeled after the option of the same name from sshd_config, but it
does not offer listing multiple required methods. It leaves the door open,
though, for a later extension to support such a multi-factor authentication.

Since this also includes Kerberos authentication with GSS API, this obsoletes
the git.sshWithKrb5 property. The latter is removed. Instead, to enable
Kerberos5 authentication, add the method name gssapi-with-mic to the
authentication methods list.

This PR has been tested manually but doesn't include unit tests. All the existing unit tests still run, but I didn't find a good way to add anew one for the functionality, mostly because running a SshUnitTest with different start-up settings isn't supported and quick to implement elegantly. If someone has a suggestion, please comment.

Make the SSH authentication methods used by the server configurable,
so that for example password authentication can be turned off.

For this, a `git.sshAuthenticationMethods` setting is added which is a space
separated list of authentication method names. Only the methods listed will
be enabled in the server.
This is modeled after the option of the same name from sshd_config, but it
does not offer listing multiple required methods. It leaves the door open,
though, for a later extension to support such a multi-factor authentication.

Since this also includes Kerberos authentication with GSS API, this obsoletes
the `git.sshWithKrb5` property. The latter is removed. Instead, to enable
Kerberos5 authentication, add the method name `gssapi-with-mic` to the
authentication methods list.
@flaix flaix modified the milestone: 1.9.0 Dec 13, 2016
@flaix flaix merged commit 51e70f4 into gitblit-org:master Jan 21, 2017
@flaix flaix deleted the sshAuthMethods branch June 16, 2019 09:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants