Disabled logins still have read access with ssh key


I’ve disabled users on my install and noticed that the public keys for those users still appear in the authorized_keys (even after rewriting the file in the admin console). These users still, as such, have read access to repositories.

I am openssh, not the built in ssh server for gogs.

I’ve also tried setting them to prohibited logon in addition to deactivating the accounts.

Gogs, CentOS Linux release 7.5.1804 (Core), 10.1.33-MariaDB MariaDB Server.


Hi, I think this is a bug, please file an issue on GitHub. Thanks!


Thanks for confirming, I’ve opening a ticket.


Thank you!