summaryrefslogtreecommitdiff
path: root/internal/ssh/server
diff options
context:
space:
mode:
Diffstat (limited to 'internal/ssh/server')
-rw-r--r--internal/ssh/server/authkeystore.go5
-rw-r--r--internal/ssh/server/publickeycallback.go8
2 files changed, 10 insertions, 3 deletions
diff --git a/internal/ssh/server/authkeystore.go b/internal/ssh/server/authkeystore.go
index 8e26127..c4b89fe 100644
--- a/internal/ssh/server/authkeystore.go
+++ b/internal/ssh/server/authkeystore.go
@@ -33,6 +33,11 @@ func ServerAuthKeyStore() *AuthKeyStore {
return authKeyStore
}
+// ConfigureAuthKeyStore reinitializes the process-wide auth key cache using config values.
+func ConfigureAuthKeyStore(authKeyTTLSeconds, authKeyMaxPerUser int) {
+ authKeyStore = NewAuthKeyStore(time.Duration(authKeyTTLSeconds)*time.Second, authKeyMaxPerUser)
+}
+
// NewAuthKeyStore builds a thread-safe auth key store.
func NewAuthKeyStore(ttl time.Duration, maxKeysPerUser int) *AuthKeyStore {
return newAuthKeyStoreWithClock(ttl, maxKeysPerUser, time.Now)
diff --git a/internal/ssh/server/publickeycallback.go b/internal/ssh/server/publickeycallback.go
index ae6ee60..c4624f4 100644
--- a/internal/ssh/server/publickeycallback.go
+++ b/internal/ssh/server/publickeycallback.go
@@ -23,9 +23,11 @@ func PublicKeyCallback(c gossh.ConnMetadata,
}
dlog.Server.Info(user, "Incoming authorization")
- if permissions := authKeyStorePermissions(user.Name, offeredPubKey); permissions != nil {
- dlog.Server.Info(user, "Authorized by in-memory auth key store")
- return permissions, nil
+ if config.Server != nil && config.Server.AuthKeyEnabled {
+ if permissions := authKeyStorePermissions(user.Name, offeredPubKey); permissions != nil {
+ dlog.Server.Info(user, "Authorized by in-memory auth key store")
+ return permissions, nil
+ }
}
authorizedKeysFile, err := authorizedKeysFile(user)
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-09 20:15:06 +0000