[Feature Request] Expose use of "no-touch-required" for sk ssh keys in webui

[bdelwood]

trafficstars

Feature Description

Per the ssh-keygen docs, sk type ssh keys have an option to disable touch presence via passing -O no-touch-required during key generation. sshd rejects such signatures by default, but this can be overridden by adding no-touch-required to the authorized_keys option.

It would be nice for no-touch-required sk keys to be supported, via some interface when adding ssh keys on the webui.

An example authorized_keys entry:

no-touch-required [email protected] AAAAInN...Ko== [email protected]

Manually editing the authorized_keys file when using the internal sshd works as expected. It would be nice for this to be exposed in the UI.

[mrusme]

Any updates on this one?

[techknowlogick]

Not on a per key basis right now, but you can globally edit the template of what gets added to the autorized_key file, so you could have no-touch-required added to each line. I'm not sure if for keys that don't require that it'd be breaking though, and I'd be interested to hear your experience. The setting is SSH_AUTHORIZED_KEYS_COMMAND_TEMPLATE and the line it modifies ends up being used here: https://sourcegraph.com/github.com/go-gitea/gitea/-/blob/models/asymkey/ssh_key_authorized_keys.go?L41

[GiteaBot]

We close issues that need feedback from the author if there were no new comments for a month. :tea:

[mrusme]

Why does this need feedback @lunny? I think the task is pretty clear: Allow the use of no-touch-required through the web UI.

Maybe you could re-open this issue? Thank you!