using ssh while web authentication is disabled

[suchAdemon]

• Gitea version (or commit ref): 1.12.6
• Pullrequests: Prevent git operations for inactive users (#13527) #13537 and Prevent git operations for inactive users #13527
• Git version: 2.29.2
• Operating system: Debian Buster (gitea gets started over systemd)
• Database (use [x]):
  • PostgreSQL
  • MySQL
  • MSSQL
  • SQLite
• Can you reproduce the bug at https://try.gitea.io:
  • Yes (provide example URL)
  • No (admin account needed for that)

Description

Since the update to version 1.12.6 it is not possible any more that accounts which have the permission flag "User Account Is Activated" and "Disable Sign-In" set to true to perform git operations over ssh. Before that it was only affecting the http(s), which was very useful as service accounts could only ssh for operating with gitea (fetch,pull,...) and the authentication via http(s) was disabled.
I set the flag "Disable Sign-In" to false in the admin site web interface and the service accounts were able to communicate over ssh again.
This sounds like a bug to me, that the "Disable Sign-In" is also disabling ssh operations. If not, why would there be two options to disable an account or are there plans to get a dedicated permission flag which permits external service accounts to interact with the repositories via ssh?

[techknowlogick]

The bug was that accounts marked as disabled were in fact able to clone. For what you are looking at doing please use deploy keys.

[suchAdemon]

Hi @techknowlogick , thanks for the reply.
Yea I know about the deploy keys, but these are can only be set to a dedicated project till now and if you have, lets say more than 100 repositories owned by each organisation, you have to deploy a lot of keys or am I wrong? And for such things it would make sense to have either a service user setting/attribute or to be able to create a deploy key in the organisation which can be used for all repositories inside of the organisation.