From 2de007f9ef8ae2724b9fbe2808ee25cbfe4ca876 Mon Sep 17 00:00:00 2001 From: Paul Buetow Date: Tue, 3 Mar 2026 10:45:50 +0200 Subject: feat(config): add auth-key CLI and server cache settings --- internal/ssh/server/authkeystore.go | 5 +++++ internal/ssh/server/publickeycallback.go | 8 +++++--- 2 files changed, 10 insertions(+), 3 deletions(-) (limited to 'internal/ssh') diff --git a/internal/ssh/server/authkeystore.go b/internal/ssh/server/authkeystore.go index 8e26127..c4b89fe 100644 --- a/internal/ssh/server/authkeystore.go +++ b/internal/ssh/server/authkeystore.go @@ -33,6 +33,11 @@ func ServerAuthKeyStore() *AuthKeyStore { return authKeyStore } +// ConfigureAuthKeyStore reinitializes the process-wide auth key cache using config values. +func ConfigureAuthKeyStore(authKeyTTLSeconds, authKeyMaxPerUser int) { + authKeyStore = NewAuthKeyStore(time.Duration(authKeyTTLSeconds)*time.Second, authKeyMaxPerUser) +} + // NewAuthKeyStore builds a thread-safe auth key store. func NewAuthKeyStore(ttl time.Duration, maxKeysPerUser int) *AuthKeyStore { return newAuthKeyStoreWithClock(ttl, maxKeysPerUser, time.Now) diff --git a/internal/ssh/server/publickeycallback.go b/internal/ssh/server/publickeycallback.go index ae6ee60..c4624f4 100644 --- a/internal/ssh/server/publickeycallback.go +++ b/internal/ssh/server/publickeycallback.go @@ -23,9 +23,11 @@ func PublicKeyCallback(c gossh.ConnMetadata, } dlog.Server.Info(user, "Incoming authorization") - if permissions := authKeyStorePermissions(user.Name, offeredPubKey); permissions != nil { - dlog.Server.Info(user, "Authorized by in-memory auth key store") - return permissions, nil + if config.Server != nil && config.Server.AuthKeyEnabled { + if permissions := authKeyStorePermissions(user.Name, offeredPubKey); permissions != nil { + dlog.Server.Info(user, "Authorized by in-memory auth key store") + return permissions, nil + } } authorizedKeysFile, err := authorizedKeysFile(user) -- cgit v1.2.3