1 files changed, 18 insertions, 12 deletions

diff --git a/pkg/setting/setting.go b/pkg/setting/setting.go
index f206592d..c78b689b 100644
--- a/pkg/setting/setting.go
+++ b/pkg/setting/setting.go
@@ -82,18 +82,19 @@ var (
 	}
 
 	SSH struct {
-		Disabled            bool           `ini:"DISABLE_SSH"`
-		StartBuiltinServer  bool           `ini:"START_SSH_SERVER"`
-		Domain              string         `ini:"SSH_DOMAIN"`
-		Port                int            `ini:"SSH_PORT"`
-		ListenHost          string         `ini:"SSH_LISTEN_HOST"`
-		ListenPort          int            `ini:"SSH_LISTEN_PORT"`
-		RootPath            string         `ini:"SSH_ROOT_PATH"`
-		ServerCiphers       []string       `ini:"SSH_SERVER_CIPHERS"`
-		KeyTestPath         string         `ini:"SSH_KEY_TEST_PATH"`
-		KeygenPath          string         `ini:"SSH_KEYGEN_PATH"`
-		MinimumKeySizeCheck bool           `ini:"MINIMUM_KEY_SIZE_CHECK"`
-		MinimumKeySizes     map[string]int `ini:"-"`
+		Disabled                     bool           `ini:"DISABLE_SSH"`
+		StartBuiltinServer           bool           `ini:"START_SSH_SERVER"`
+		Domain                       string         `ini:"SSH_DOMAIN"`
+		Port                         int            `ini:"SSH_PORT"`
+		ListenHost                   string         `ini:"SSH_LISTEN_HOST"`
+		ListenPort                   int            `ini:"SSH_LISTEN_PORT"`
+		RootPath                     string         `ini:"SSH_ROOT_PATH"`
+		RewriteAuthorizedKeysAtStrat bool           `ini:"REWRITE_AUTHORIZED_KEYS_AT_START"`
+		ServerCiphers                []string       `ini:"SSH_SERVER_CIPHERS"`
+		KeyTestPath                  string         `ini:"SSH_KEY_TEST_PATH"`
+		KeygenPath                   string         `ini:"SSH_KEYGEN_PATH"`
+		MinimumKeySizeCheck          bool           `ini:"MINIMUM_KEY_SIZE_CHECK"`
+		MinimumKeySizes              map[string]int `ini:"-"`
 	}
 
 	// Security settings
@@ -486,6 +487,7 @@ func NewContext() {
 	}
 
 	SSH.RootPath = path.Join(homeDir, ".ssh")
+	SSH.RewriteAuthorizedKeysAtStrat = sec.Key("REWRITE_AUTHORIZED_KEYS_AT_START").MustBool()
 	SSH.ServerCiphers = sec.Key("SSH_SERVER_CIPHERS").Strings(",")
 	SSH.KeyTestPath = os.TempDir()
 	if err = Cfg.Section("server").MapTo(&SSH); err != nil {
@@ -504,6 +506,10 @@ func NewContext() {
 		}
 	}
 
+	if SSH.StartBuiltinServer {
+		SSH.RewriteAuthorizedKeysAtStrat = false
+	}
+
 	// Check if server is eligible for minimum key size check when user choose to enable.
 	// Windows server and OpenSSH version lower than 5.1 (https://github.com/gogits/gogs/issues/4507)
 	// are forced to be disabled because the "ssh-keygen" in Windows does not print key type.