Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Set list of offered SSH authentication methods. #1159

Merged
merged 1 commit into from Jan 21, 2017
Merged

Conversation

@fzs
Copy link
Collaborator

fzs commented Dec 6, 2016

Make the SSH authentication methods used by the server configurable,
so that for example password authentication can be turned off.

For this, a git.sshAuthenticationMethods setting is added which is a space
separated list of authentication method names. Only the methods listed will
be enabled in the server.
This is modeled after the option of the same name from sshd_config, but it
does not offer listing multiple required methods. It leaves the door open,
though, for a later extension to support such a multi-factor authentication.

Since this also includes Kerberos authentication with GSS API, this obsoletes
the git.sshWithKrb5 property. The latter is removed. Instead, to enable
Kerberos5 authentication, add the method name gssapi-with-mic to the
authentication methods list.

This PR has been tested manually but doesn't include unit tests. All the existing unit tests still run, but I didn't find a good way to add anew one for the functionality, mostly because running a SshUnitTest with different start-up settings isn't supported and quick to implement elegantly. If someone has a suggestion, please comment.

Make the SSH authentication methods used by the server configurable,
so that for example password authentication can be turned off.

For this, a `git.sshAuthenticationMethods` setting is added which is a space
separated list of authentication method names. Only the methods listed will
be enabled in the server.
This is modeled after the option of the same name from sshd_config, but it
does not offer listing multiple required methods. It leaves the door open,
though, for a later extension to support such a multi-factor authentication.

Since this also includes Kerberos authentication with GSS API, this obsoletes
the `git.sshWithKrb5` property. The latter is removed. Instead, to enable
Kerberos5 authentication, add the method name `gssapi-with-mic` to the
authentication methods list.
@fzs fzs modified the milestone: 1.9.0 Dec 13, 2016
@fzs fzs merged commit 51e70f4 into gitblit:master Jan 21, 2017
@fzs fzs deleted the fzs:sshAuthMethods branch Jun 16, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

1 participant
You can’t perform that action at this time.