git-server-docker icon indicating copy to clipboard operation
git-server-docker copied to clipboard
verified publisher icon rockstorm101

SFTP is enabled by default

Open thinkingofmaud opened this issue 10 months ago • 2 comments

Is this intentional?

Id guess not because sftp acess can override the Disable Git User Interactive Login method described in readme.

thinkingofmaud avatar Mar 28 '25 22:03 thinkingofmaud

Hi @thinkingofmaud, thanks a lot for spotting this and suggesting a solution too! However your proposal alters both default and potential user supplied configuration files. I wrote a lengthy explanation of why I am (for now) against this in this comment. Let me know if you think otherwise.

rockstorm101 avatar Apr 03 '25 19:04 rockstorm101

Your comment is actually very well reasoned. Sorry, should have read this earlier. I searched for sftp on issues, should have looked for sshd_config.

Since openssh enables sftp by default, an environment variable for "SSH_DISABLE_SFTP" would be fine? If so, I think I can rewrite the pr.

The environment variable SSH_AUTH_METHODS already changes sshd_config, and issues with configuration files are already mentioned in readme.md and examples/docker-compose.yml. I think that is a fine compromise. I would never disable sftp in one of my normal servers anyway.

thinkingofmaud avatar Apr 03 '25 20:04 thinkingofmaud