Gitea: Configuring an SSH port other than 22 disables START_SSH_SERVER

Created on 5 Jul 2019  路  11Comments  路  Source: go-gitea/gitea
  • Gitea version (or commit ref): 1.9.0+dev-415-g49ee9d277
  • Git version: 2.20.1
  • Operating system: Debian/docker
  • Database (use [x]):

    • [ ] PostgreSQL

    • [ ] MySQL

    • [ ] MSSQL

    • [x] SQLite

  • Can you reproduce the bug at https://try.gitea.io:

    • [ ] Yes (provide example URL)

    • [ ] No

    • [x] Not relevant

  • Log gist: n/a

Description

Configuring an SSH port other than 22 disables START_SSH_SERVER. To reproduce, do:

  • Get the docker-compose.yml for the minimal installation as recommended by the Gitea docs
  • In the yml file, replace SSH port ("222:22") by 2222, i.e. sure the line reads "2222:2222" for the port forwarding
  • docker-compose up, then go to localhost:3000 to be welcomed by the Gitea installation wizard
  • Set the SSH port to 2222

Result: in app.ini, the option START_SSH_SERVER is omitted and thus, it is not possible to access Gittea via the proposed URL ssh://git@localhost:2222/user/repo.git as an attempt to do so will result in an exception "ssh_exchange_identification: Connection closed by remote host"

Expected result / how to fix: Adding the option START_SSH_SERVER = true to app.ini fixes the problem. The installer should do this even when the ssh port is not 22.

Note: Be sure to have a high enough port for trying this (e.g. when the port is set to 222, there is a permissions problem on Linux).

picture kalsan

Most helpful comment

For later reference in case other people encounter this issue: I've succeeded in updating the OpenSSH server port in the latest docker image by setting an environment variable in the docker-compose.yml file like this:

SSH_PORT=8022
picture hollie on 17 Sep 2019
🎉1 👍1

All 11 comments

Could you paste your docker-compose file here?

lunny picture lunny on 6 Jul 2019

I suspect this is the problem that #7286 solves.

Oh actually I think I've misread this - I think this is a problem to do with the install page.

Ah no I didn't misread it!

So the docker by default provides an openSSH server - which listens on port 22. Changing the SSH_PORT in the install page doesn't change the config of the server - so if you change the port in /install you will have to change it there.

zeripath picture zeripath on 6 Jul 2019

7286 has been merged. Please re-open this issue if you continue to face this issue after updating to most recent docker image.

techknowlogick picture techknowlogick on 7 Jul 2019

Thanks for the quick reaction! If I understand correctly, this is a problem related to the SSH daemon in the docker container and has nothing to do with Gitea. Of course, /install cannot change the behavior of the contariner's SSH daemon and it also makes sense that by default, Gitea does not provide its own SSH server. All clear then! :+1:

kalsan picture kalsan on 7 Jul 2019

Gitea does provide its own SSH server - and we will be moving the docker to use this by default at some point but at present the docker configuration doesn't use it.

zeripath picture zeripath on 7 Jul 2019
👍1

The same issue is still present on the 1.9.3 docker image.

As a workaround, map your own sshd_config file with the correct port to the path /etc/ssh in the docker container.

An example file for port 8022 and user 'git':

Port 8022
Protocol 2

AddressFamily any
ListenAddress 0.0.0.0
ListenAddress ::

LogLevel INFO

HostKey /data/ssh/ssh_host_ed25519_key
HostKey /data/ssh/ssh_host_rsa_key
HostKey /data/ssh/ssh_host_dsa_key
HostKey /data/ssh/ssh_host_ecdsa_key

AuthorizedKeysFile .ssh/authorized_keys

UseDNS no
AllowAgentForwarding no
AllowTcpForwarding no
PrintMotd no

PermitUserEnvironment yes
PermitRootLogin no
ChallengeResponseAuthentication no
PasswordAuthentication no
PermitEmptyPasswords no

AllowUsers git

Banner none
Subsystem sftp /usr/lib/ssh/sftp-server

AcceptEnv GIT_PROTOCOL
hollie picture hollie on 17 Sep 2019

In current master branch there are some code changes that should allow to set the SSH ports in the docker image correctly using the option SSH_LISTEN_PORT. See #7829. Those changes are in master and not yet in a stable release.

hollie picture hollie on 17 Sep 2019

For later reference in case other people encounter this issue: I've succeeded in updating the OpenSSH server port in the latest docker image by setting an environment variable in the docker-compose.yml file like this:

SSH_PORT=8022
hollie picture hollie on 17 Sep 2019
🎉1 👍1

I believe such edit should go to the docs.
Actually without this tweak the custom SSH port is not possible.

Note: setting either SSH_LISTEN_PORT=8022 or SSH_PORT=8022 would work, with a higher precedence for SSH_LISTEN_PORT
This gist explains more.

weshouman picture weshouman on 22 Apr 2020

@weshouman it already is in the docs:

https://docs.gitea.io/en-us/install-with-docker/#environments-variables

zeripath picture zeripath on 22 Apr 2020
👍1

I mean it should be explained in the docs that setting that in the app.ini only won't work, and one shall explicitly set that in the environment variable.

weshouman picture weshouman on 23 Apr 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

kolargol picture kolargol  路  3Comments
BNolet picture BNolet  路  3Comments
mirhec picture mirhec  路  3Comments
flozz picture flozz  路  3Comments
jakimfett picture jakimfett  路  3Comments