Add support for authentication via ssh certificates and pub/privatekey (#442)

This adds support for authentication using a SSH certificate and normal public keys when you've got an ssh-agent running that has this certificate or your public key loaded. First question when creating a new login is to ask about the ssh certificates or public keys, when the answer is yes, we don't need to ask about tokens/usernames anymore. Co-authored-by: Wim <wim@42.be> Reviewed-on: https://gitea.com/gitea/tea/pulls/442 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-by: 6543 <6543@obermui.de> Co-authored-by: Wim <42wim@noreply.gitea.io> Co-committed-by: Wim <42wim@noreply.gitea.io>
2025-10-30 16:55:25 +01:00 · 2022-09-15 03:00:08 +08:00
parent 4ee5ce4b52
commit 6a4ba6a689
6 changed files with 262 additions and 40 deletions
--- a/cmd/login/add.go
+++ b/cmd/login/add.go
@@ -53,13 +53,23 @@ var CmdLoginAdd = cli.Command{
 		&cli.StringFlag{
 			Name:    "ssh-key",
 			Aliases: []string{"s"},
-			Usage:   "Path to a SSH key to use, overrides auto-discovery",
+			Usage:   "Path to a SSH key/certificate to use, overrides auto-discovery",
 		},
 		&cli.BoolFlag{
 			Name:    "insecure",
 			Aliases: []string{"i"},
 			Usage:   "Disable TLS verification",
 		},
+		&cli.StringFlag{
+			Name:    "ssh-agent-principal",
+			Aliases: []string{"c"},
+			Usage:   "Use SSH certificate with specified principal to login (needs a running ssh-agent with certificate loaded)",
+		},
+		&cli.StringFlag{
+			Name:    "ssh-agent-key",
+			Aliases: []string{"a"},
+			Usage:   "Use SSH public key or SSH fingerprint to login (needs a running ssh-agent with ssh key loaded)",
+		},
 	},
 	Action: runLoginAdd,
 }
@@ -70,6 +80,11 @@ func runLoginAdd(ctx *cli.Context) error {
 		return interact.CreateLogin()
 	}

+	sshAgent := false
+	if ctx.String("ssh-agent-key") != "" || ctx.String("ssh-agent-principal") != "" {
+		sshAgent = true
+	}
+
 	// else use args to add login
 	return task.CreateLogin(
 		ctx.String("name"),
@@ -78,5 +93,8 @@ func runLoginAdd(ctx *cli.Context) error {
 		ctx.String("password"),
 		ctx.String("ssh-key"),
 		ctx.String("url"),
-		ctx.Bool("insecure"))
+		ctx.String("ssh-agent-principal"),
+		ctx.String("ssh-agent-key"),
+		ctx.Bool("insecure"),
+		sshAgent)
 }