ssh_server.go: Update comment about SSH auth

author: Runxi Yu <me@runxiyu.org> 2025-02-16 17:19:51 +0800
committer: Runxi Yu <me@runxiyu.org> 2025-02-16 17:19:51 +0800
commit: 8e603f9d67084a253947c280a4d0bdea93ad69e8 (patch)
tree: 9586d9ec084dc9bb436c35be072b83b61d52e0d5 /ssh_server.go
parent: README.md: Namespace contrib/, not merge_requests/ (diff)
download: forge-8e603f9d67084a253947c280a4d0bdea93ad69e8.tar.gz
forge-8e603f9d67084a253947c280a4d0bdea93ad69e8.tar.zst
forge-8e603f9d67084a253947c280a4d0bdea93ad69e8.zip
1 files changed, 3 insertions, 2 deletions
diff --git a/ssh_server.go b/ssh_server.go
index 5a14b0f..206bf72 100644
--- a/ssh_server.go
+++ b/ssh_server.go
@@ -75,8 +75,9 @@ func serve_ssh(listener net.Listener) error {
 		PublicKeyHandler:           func(ctx glider_ssh.Context, key glider_ssh.PublicKey) bool { return true },
 		KeyboardInteractiveHandler: func(ctx glider_ssh.Context, challenge go_ssh.KeyboardInteractiveChallenge) bool { return true },
 		// It is intentional that we do not check any credentials and accept all connections.
-		// This allows all users to connect and clone repositories; when pushing is added later,
-		// we will check their public key in the session handler, not in the auth handlers.
+		// This allows all users to connect and clone repositories. However, the public key
+		// is passed to handlers, so e.g. the push handler could check the key and reject the
+		// push if it needs to.
 	}
 
 	server.AddHostKey(host_key)
author	Runxi Yu <me@runxiyu.org>	2025-02-16 17:19:51 +0800
committer	Runxi Yu <me@runxiyu.org>	2025-02-16 17:19:51 +0800
commit	8e603f9d67084a253947c280a4d0bdea93ad69e8 (patch)
tree	9586d9ec084dc9bb436c35be072b83b61d52e0d5 /ssh_server.go
parent	README.md: Namespace contrib/, not merge_requests/ (diff)
download	forge-8e603f9d67084a253947c280a4d0bdea93ad69e8.tar.gz forge-8e603f9d67084a253947c280a4d0bdea93ad69e8.tar.zst forge-8e603f9d67084a253947c280a4d0bdea93ad69e8.zip