mirror of
https://github.com/go-gitea/gitea
synced 2024-12-24 14:45:55 +01:00
01f991ac88
Afaik, adding these lines does nothing unless the file(s) are present. Having them in let's admins supply certs instead of relying on TOFU. Co-authored-by: zeripath <art27@cantab.net>
41 lines
1.1 KiB
Plaintext
41 lines
1.1 KiB
Plaintext
Port ${SSH_LISTEN_PORT}
|
|
Protocol 2
|
|
|
|
AddressFamily any
|
|
ListenAddress 0.0.0.0
|
|
ListenAddress ::
|
|
|
|
LogLevel INFO
|
|
|
|
HostKey /data/ssh/ssh_host_ed25519_key
|
|
HostCertificate /data/ssh/ssh_host_ed25519_cert
|
|
HostKey /data/ssh/ssh_host_rsa_key
|
|
HostCertificate /data/ssh/ssh_host_rsa_cert
|
|
HostKey /data/ssh/ssh_host_ecdsa_key
|
|
HostCertificate /data/ssh/ssh_host_ecdsa_cert
|
|
HostKey /data/ssh/ssh_host_dsa_key
|
|
HostCertificate /data/ssh/ssh_host_dsa_cert
|
|
|
|
AuthorizedKeysFile .ssh/authorized_keys
|
|
AuthorizedPrincipalsFile .ssh/authorized_principals
|
|
TrustedUserCAKeys /data/git/.ssh/gitea-trusted-user-ca-keys.pem
|
|
CASignatureAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
|
|
|
|
UseDNS no
|
|
AllowAgentForwarding no
|
|
AllowTcpForwarding no
|
|
PrintMotd no
|
|
|
|
PermitUserEnvironment yes
|
|
PermitRootLogin no
|
|
ChallengeResponseAuthentication no
|
|
PasswordAuthentication no
|
|
PermitEmptyPasswords no
|
|
|
|
AllowUsers ${USER}
|
|
|
|
Banner none
|
|
Subsystem sftp /usr/lib/ssh/sftp-server
|
|
|
|
AcceptEnv GIT_PROTOCOL
|