Tony Garnock-JonesWork in progress: user-configured SSH CA authentication for Forgejo
Edit: Made a pull request at https://codeberg.org/forgejo/forgejo/pulls/11746
dch 
@tonyg is this WIP in the coding sense, or WIP in the code already does this but you’re setting it up?
@dch I am finishing up the remaining unit/integration tests now. I coded most of it over the weekend. I hope the forgejo team is receptive to an unsolicited feature PR 😅
Lillith "Infinidoge"@tonyg YES PLEASE.
We've been wanting this for ages!
@Infinidoge That's great! I'll admit I've been designing this in a vacuum, but it's a fairly simple feature so I hope the end result isn't too far off other people's needs.
@tonyg We've been wanting to switch to our SSH CA for everything for a while, and we mostly have for our computers, but Forgejo is the last remaining thing.
Very much hoping to see this land 
(Note to selves, make an SSH CA tutorial for our website)
@Infinidoge I'm still not done with the test cases but I made a WIP PR https://codeberg.org/forgejo/forgejo/pulls/11746 so you can see what's left to be done and maybe have an initial look around to see if I've done something silly
WIP: feat: Implement `SSH_ENABLE_CERT_AUTH` feature for user-supplied SSH CA keys.
A new `app.ini` variable, `SSH_ENABLE_CERT_AUTH`, allows Forgejo to accept authorized_keys lines including options `cert-authority` and/or `principals="..."` in its SSH key management facility. SSH connections presenting valid certificates signed by such keys ("CA keys") are then accepted. Each C...