Correct permissions for .ssh and authorized_keys (go-gitea#25721) (…

…go-gitea#25730) Backport go-gitea#25721 by @wolfogre Set the correct permissions on the .ssh directory and authorized_keys file, or sshd will refuse to use them and lead to clone/push/pull failures. It could happen when users have copied their data to a new volume and changed the file permission by accident, and it would be very hard to troubleshoot unless users know how to check the logs of sshd which is started by s6. Co-authored-by: Jason Song <i@wolfogre.com>
hazycora · Jul 6, 2023 · 09668b2 · 09668b2
1 parent 04eea29
commit 09668b2
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/docker/root/etc/s6/gitea/setup b/docker/root/etc/s6/gitea/setup
@@ -2,7 +2,15 @@
 
 if [ ! -d /data/git/.ssh ]; then
     mkdir -p /data/git/.ssh
-    chmod 700 /data/git/.ssh
+fi
+
+# Set the correct permissions on the .ssh directory and authorized_keys file,
+# or sshd will refuse to use them and lead to clone/push/pull failures.
+# It could happen when users have copied their data to a new volume and changed the file permission by accident,
+# and it would be very hard to troubleshoot unless users know how to check the logs of sshd which is started by s6.
+chmod 700 /data/git/.ssh
+if [ -f /data/git/.ssh/authorized_keys ]; then
+    chmod 600 /data/git/.ssh/authorized_keys
 fi
 
 if [ ! -f /data/git/.ssh/environment ]; then