Disabled logins still have read access with ssh key


#1

I’ve disabled users on my install and noticed that the public keys for those users still appear in the authorized_keys (even after rewriting the file in the admin console). These users still, as such, have read access to repositories.

I am openssh, not the built in ssh server for gogs.

I’ve also tried setting them to prohibited logon in addition to deactivating the accounts.

Gogs 0.11.34.1122, CentOS Linux release 7.5.1804 (Core), 10.1.33-MariaDB MariaDB Server.


#2

Hi, I think this is a bug, please file an issue on GitHub. Thanks!


#3

Thanks for confirming, I’ve opening a ticket.


#4

Thank you!