appendAuthorizedKeysToFile appends new SSH keys' content to authorized_keys file.
(keys ...*PublicKey)
| 319 | |
| 320 | // appendAuthorizedKeysToFile appends new SSH keys' content to authorized_keys file. |
| 321 | func appendAuthorizedKeysToFile(keys ...*PublicKey) error { |
| 322 | sshOpLocker.Lock() |
| 323 | defer sshOpLocker.Unlock() |
| 324 | |
| 325 | fpath := filepath.Join(conf.SSH.RootPath, "authorized_keys") |
| 326 | f, err := os.OpenFile(fpath, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0o600) |
| 327 | if err != nil { |
| 328 | return err |
| 329 | } |
| 330 | defer f.Close() |
| 331 | |
| 332 | // Note: chmod command does not support in Windows. |
| 333 | if !conf.IsWindowsRuntime() { |
| 334 | fi, err := f.Stat() |
| 335 | if err != nil { |
| 336 | return err |
| 337 | } |
| 338 | |
| 339 | // .ssh directory should have mode 700, and authorized_keys file should have mode 600. |
| 340 | if fi.Mode().Perm() > 0o600 { |
| 341 | log.Error("authorized_keys file has unusual permission flags: %s - setting to -rw-------", fi.Mode().Perm().String()) |
| 342 | if err = f.Chmod(0o600); err != nil { |
| 343 | return err |
| 344 | } |
| 345 | } |
| 346 | } |
| 347 | |
| 348 | for _, key := range keys { |
| 349 | if _, err = f.WriteString(key.AuthorizedString()); err != nil { |
| 350 | return err |
| 351 | } |
| 352 | } |
| 353 | return nil |
| 354 | } |
| 355 | |
| 356 | // checkKeyContent onlys checks if key content has been used as public key, |
| 357 | // it is OK to use same key as deploy key for multiple repositories/users. |
no test coverage detected