Add support for authentication via ssh certificates and pub/privatekey (#442)

This adds support for authentication using a SSH certificate and normal public keys when you've got an ssh-agent running that has this certificate or your public key loaded. First question when creating a new login is to ask about the ssh certificates or public keys, when the answer is yes, we don't need to ask about tokens/usernames anymore. Co-authored-by: Wim <wim@42.be> Reviewed-on: https://gitea.com/gitea/tea/pulls/442 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-by: 6543 <6543@obermui.de> Co-authored-by: Wim <42wim@noreply.gitea.io> Co-committed-by: Wim <42wim@noreply.gitea.io>
2025-09-02 09:58:29 +02:00 · 2022-09-15 03:00:08 +08:00
parent 4ee5ce4b52
commit 6a4ba6a689
6 changed files with 262 additions and 40 deletions
--- a/modules/utils/utils.go
+++ b/modules/utils/utils.go
@ -4,6 +4,12 @@

 package utils

+import (
+	"os"
+
+	"golang.org/x/crypto/ssh"
+)
+
 // Contains checks containment
 func Contains(haystack []string, needle string) bool {
 	return IndexOf(haystack, needle) != -1
@ -18,3 +24,20 @@ func IndexOf(haystack []string, needle string) int {
 	}
 	return -1
 }
+
+// IsKeyEncrypted checks if the key is encrypted
+func IsKeyEncrypted(sshKey string) (bool, error) {
+	priv, err := os.ReadFile(sshKey)
+	if err != nil {
+		return false, err
+	}
+
+	_, err = ssh.ParsePrivateKey(priv)
+	if err != nil {
+		if _, ok := err.(*ssh.PassphraseMissingError); ok {
+			return true, nil
+		}
+	}
+
+	return false, err
+}