SSH key

[wernight]

Really cool. Could you please allow settings to configure (per user):

• SSH key to use (either generate private and show public, and/or allow pasting private/public keys)
• Username to use
• E-mail to use

PS: Yes I saw https://github.com/Andr3as/Codiad-CodeGit/wiki

[Andr3as]

I know what you mean. The current solution has one ssh key for the apache user, so every Codiad user has to use this key. Maybe if I find some time to took a deeper look at the authentication with ssh keys.

[jernsting]

The main problem is the security of the system. If you upload private and public keys to a system used by multiple users, then a little bug in any installed program, that allows file system access would give an attacker all ssh keys with access to all repositories.

I would even recommend not using the solution with a ssh key for the apache user, because of the same security risk. In this setup using git with https is the most secure solution, that I could think of.

The only approach to securely do this - in my opinion - is to crypt the ssh keys with the user password to make it at least harder to access the ssh keys. If this is an idea you are agreed with, I would like to implement this. But this could take some time... But as this ticket is from 2016, I think some more time would not be a big issue :-)

[Andr3as]

👍 Feel free to create a pull request. As you see, lately I do not have that much time myself.