extend settings

rework keygen to guess the keysize from extension

Author: TheFox0x7

modules/setting/ssh.go

@@ -61,7 +61,7 @@ var SSH = struct {
 	KeygenPath:                    "",
 	MinimumKeySizeCheck:           true,
 	MinimumKeySizes:               map[string]int{"ed25519": 256, "ed25519-sk": 256, "ecdsa": 256, "ecdsa-sk": 256, "rsa": 3071},
-	ServerHostKeys:                []string{"ssh/gitea.rsa", "ssh/gogs.rsa"},
+	ServerHostKeys:                []string{"ssh/gitea.rsa", "ssh/gitea.ed25519", "ssh/gitea.ecdsa", "ssh/gogs.rsa"},
 	AuthorizedKeysCommandTemplate: "{{.AppPath}} --config={{.CustomConf}} serv key-{{.Key.ID}}",
 	PerWriteTimeout:               PerWriteTimeout,
 	PerWritePerKbTimeout:          PerWritePerKbTimeout,

modules/ssh/ssh.go

@@ -378,18 +378,19 @@ func Listen(host string, port int, ciphers, keyExchanges, macs []string) {
 	}
 
 	if len(keys) == 0 {
-		filePath := filepath.Dir(setting.SSH.ServerHostKeys[0])
-
-		if err := os.MkdirAll(filePath, os.ModePerm); err != nil {
-			log.Error("Failed to create dir %s: %v", filePath, err)
-		}
-
-		err := GenKeyPair(setting.SSH.ServerHostKeys[0], RSA)
-		if err != nil {
-			log.Fatal("Failed to generate private key: %v", err)
+		for i := range 3 {
+			filename := setting.SSH.ServerHostKeys[i]
+			filePath := filepath.Dir(filename)
+			if err := os.MkdirAll(filePath, os.ModePerm); err != nil {
+				log.Error("Failed to create dir %s: %v", filePath, err)
+			}
+			err := GenKeyPair(filename)
+			if err != nil {
+				log.Fatal("Failed to generate private key: %v", err)
+			}
+			log.Trace("New private key is generated: %s", filename)
+			keys = append(keys, filename)
 		}
-		log.Trace("New private key is generated: %s", setting.SSH.ServerHostKeys[0])
-		keys = append(keys, setting.SSH.ServerHostKeys[0])
 	}
 
 	for _, key := range keys {
@@ -409,8 +410,8 @@ func Listen(host string, port int, ciphers, keyExchanges, macs []string) {
 // GenKeyPair make a pair of public and private keys for SSH access.
 // Public key is encoded in the format for inclusion in an OpenSSH authorized_keys file.
 // Private Key generated is PEM encoded
-func GenKeyPair(keyPath string, keyType KeyType) error {
-	privateKey, publicKey, err := keyGen(keyType)
+func GenKeyPair(keyPath string) error {
+	privateKey, publicKey, err := keyGen(filepath.Ext(keyPath))
 	if err != nil {
 		return err
 	}
@@ -455,18 +456,18 @@ func GenKeyPair(keyPath string, keyType KeyType) error {
 	return err
 }
 
-func keyGen(keytype KeyType) (any, any, error) {
+func keyGen(keytype string) (any, any, error) {
 	switch keytype {
-	case RSA:
+	case ".rsa":
 		privateKey, err := rsa.GenerateKey(rand.Reader, 4096)
 		if err != nil {
 			return nil, nil, err
 		}
 		return privateKey, &privateKey.PublicKey, nil
-	case ED25519:
+	case ".ed25519":
 		pub, priv, err := ed25519.GenerateKey(rand.Reader)
 		return priv, pub, err
-	case ECDSA:
+	case ".ecdsa":
 		priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
 		if err != nil {
 			return nil, nil, err

modules/ssh/ssh_test.go

@@ -11,6 +11,7 @@ import (
 	"encoding/pem"
 	"io"
 	"os"
+	"path/filepath"
 	"testing"
 
 	"code.gitea.io/gitea/modules/ssh"
@@ -21,26 +22,26 @@ import (
 
 func TestGenKeyPair(t *testing.T) {
 	testCases := []struct {
-		keyType      ssh.KeyType
+		keyPath      string
 		expectedType any
 	}{
 		{
-			keyType:      ssh.RSA,
+			keyPath:      "/gitea.rsa",
 			expectedType: &rsa.PrivateKey{},
 		},
 		{
-			keyType:      ssh.ED25519,
+			keyPath:      "/gitea.ed25519",
 			expectedType: ed25519.PrivateKey{},
 		},
 		{
-			keyType:      ssh.ECDSA,
+			keyPath:      "/gitea.ecdsa",
 			expectedType: &ecdsa.PrivateKey{},
 		},
 	}
 	for _, tC := range testCases {
-		t.Run("Generate"+string(tC.keyType), func(t *testing.T) {
-			path := t.TempDir() + "/gitea." + string(tC.keyType)
-			require.NoError(t, ssh.GenKeyPair(path, tC.keyType))
+		t.Run("Generate "+filepath.Ext(tC.keyPath), func(t *testing.T) {
+			path := t.TempDir() + tC.keyPath
+			require.NoError(t, ssh.GenKeyPair(path))
 
 			file, err := os.Open(path)
 			require.NoError(t, err)

tests/integration/git_helper_for_declarative_test.go

@@ -32,7 +32,7 @@ func withKeyFile(t *testing.T, keyname string, callback func(string)) {
 	assert.NoError(t, err)
 
 	keyFile := filepath.Join(tmpDir, keyname)
-	err = ssh.GenKeyPair(keyFile, ssh.RSA)
+	err = ssh.GenKeyPair(keyFile)
 	assert.NoError(t, err)
 
 	err = os.WriteFile(path.Join(tmpDir, "ssh"), []byte("#!/bin/bash\n"+