Open wernight opened 8 years ago
I know what you mean. The current solution has one ssh key for the apache user, so every Codiad user has to use this key. Maybe if I find some time to took a deeper look at the authentication with ssh keys.
The main problem is the security of the system. If you upload private and public keys to a system used by multiple users, then a little bug in any installed program, that allows file system access would give an attacker all ssh keys with access to all repositories.
I would even recommend not using the solution with a ssh key for the apache user, because of the same security risk. In this setup using git with https is the most secure solution, that I could think of.
The only approach to securely do this - in my opinion - is to crypt the ssh keys with the user password to make it at least harder to access the ssh keys. If this is an idea you are agreed with, I would like to implement this. But this could take some time... But as this ticket is from 2016, I think some more time would not be a big issue :-)
👍 Feel free to create a pull request. As you see, lately I do not have that much time myself.
Really cool. Could you please allow settings to configure (per user):
PS: Yes I saw https://github.com/Andr3as/Codiad-CodeGit/wiki