gitlab-sshd: Add support for signed user certificatessh-ssh-certificates

We add a `trusted_user_ca_keys` config setting that allows gitlab-sshd to trust any SSH certificate signed by the keys listed in this file. This is equivalent to the `TrustedUserCAKeys` OpenSSH setting. We assume the certificate identity is equivalent to the GitLab username.
author: Stan Hu <stanhu@gmail.com> 2022-06-12 00:30:20 -0700
committer: Stan Hu <stanhu@gmail.com> 2023-03-08 10:19:38 -0800
commit: 0bad7a428e8ba0bbde3d9657eb31e6eef1eca9fa (patch)
tree: 0b0bc29324f382ce540ae9c0a2e3522e0ef665af /internal/config/config.go
parent: 1461d9ed1283f6dda015e3c26189b70c95d022c2 (diff)
download: gitlab-shell-sh-ssh-certificates.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/internal/config/config.go b/internal/config/config.go
index cfee3d0..cd4dc25 100644
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -45,6 +45,7 @@ type ServerConfig struct {
 	LivenessProbe           string       `yaml:"liveness_probe"`
 	HostKeyFiles            []string     `yaml:"host_key_files,omitempty"`
 	HostCertFiles           []string     `yaml:"host_cert_files,omitempty"`
+	TrustedUserCAKeys       string       `yaml:"trusted_user_ca_keys,omitempty"`
 	MACs                    []string     `yaml:"macs"`
 	KexAlgorithms           []string     `yaml:"kex_algorithms"`
 	Ciphers                 []string     `yaml:"ciphers"`
author	Stan Hu <stanhu@gmail.com>	2022-06-12 00:30:20 -0700
committer	Stan Hu <stanhu@gmail.com>	2023-03-08 10:19:38 -0800
commit	0bad7a428e8ba0bbde3d9657eb31e6eef1eca9fa (patch)
tree	0b0bc29324f382ce540ae9c0a2e3522e0ef665af /internal/config/config.go
parent	1461d9ed1283f6dda015e3c26189b70c95d022c2 (diff)
download	gitlab-shell-sh-ssh-certificates.tar.gz