Empty authorized_keys after delete user key

[xoxys]

Hi,
i have multiple ssh-keys in my authorized_keys file on the server. If i delete a key from gitea user in the web frontend my authorized_keys file is empty. Deleting a user key in the frontend does not delete only the gitea key, it also deletes all other keys in authorized_keys...

Thanks for your work.
Robert

--- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/40238058-empty-authorized_keys-after-delete-user-key?utm_campaign=plugin&utm_content=tracker%2F47456670&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F47456670&utm_medium=issues&utm_source=github).

[tboerger]

This is the current behavior, you should anyway use a dedicated user for Gitea. I will keep this issue open, maybe we will add some kind of marker to this file to prevent the deletion of existing keys in the future.

[xoxys]

Sure normal behavior would be to use a dedicated user. But some of us (like me) use gogs/gitea in a shared hoster environment (for me it is uberspace.de) so it is not possible to run applications with a different user. Also there is an other fact (maybe im wrong) but if i run gitea with a generic user for example "git" the SSH keys for multiple gitea users are in the same authorized_key file (/home/git/authorized_keys) right? If one user deletes bis SSH key from the web gui, all other users will lose his keys too because all keys are in the same file? If this is right there is a big Problem for multi user environments.

[tboerger]

But the behavior is the same for Gogs and Gitea. And the file is shared for all Gitea users, but it gets regenerated if a user deletes his key from the UI.

[xoxys]

You are right. Nice to here the file will be regenerated, that makes much more sense :)

[xoxys]

Would it be possible to add a custome file to the config? In this file users can add static non-git ssh-keys and if gitea regenerates the authorized_keys the keys from this file will be merged with the git-ssh keys.

[tboerger]

IMHO some marker within the file makes more sense

[travnick]

It's more like a bug rather than enhancement. If gogs dos it too then it also has a bug.
Why bug? Because it does things that is not suppose to do - gitea should not touch things that belongs to others.

I've got my authorized_keys wiped out without using any "key" feature in gitea.

[strk]

Agreed, it's a bad bug. I think we should get "tagged" entries in authorized_keys ASAP, providing a way to add missing tags and backport to 1.0 too. Was there already an issue about this ? Please check and if so link here (somethig about "Rewrite authorized_key task wiping out keys")

[strk]

Sounds like #906

[tboerger]

Yeah, this issue will be resolved when #906 gets merged.