Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Configuring an SSH port other than 22 disables START_SSH_SERVER #7361

Closed
2 of 7 tasks
kalsan opened this issue Jul 5, 2019 · 11 comments
Closed
2 of 7 tasks

Configuring an SSH port other than 22 disables START_SSH_SERVER #7361

kalsan opened this issue Jul 5, 2019 · 11 comments

Comments

@kalsan
Copy link

kalsan commented Jul 5, 2019

  • Gitea version (or commit ref): 1.9.0+dev-415-g49ee9d277
  • Git version: 2.20.1
  • Operating system: Debian/docker
  • Database (use [x]):
    • PostgreSQL
    • MySQL
    • MSSQL
    • SQLite
  • Can you reproduce the bug at https://try.gitea.io:
    • Yes (provide example URL)
    • No
    • Not relevant
  • Log gist: n/a

Description

Configuring an SSH port other than 22 disables START_SSH_SERVER. To reproduce, do:

  • Get the docker-compose.yml for the minimal installation as recommended by the Gitea docs
  • In the yml file, replace SSH port ("222:22") by 2222, i.e. sure the line reads "2222:2222" for the port forwarding
  • docker-compose up, then go to localhost:3000 to be welcomed by the Gitea installation wizard
  • Set the SSH port to 2222

Result: in app.ini, the option START_SSH_SERVER is omitted and thus, it is not possible to access Gittea via the proposed URL ssh://git@localhost:2222/user/repo.git as an attempt to do so will result in an exception "ssh_exchange_identification: Connection closed by remote host"

Expected result / how to fix: Adding the option START_SSH_SERVER = true to app.ini fixes the problem. The installer should do this even when the ssh port is not 22.

Note: Be sure to have a high enough port for trying this (e.g. when the port is set to 222, there is a permissions problem on Linux).
@lunny
Copy link
Member

lunny commented Jul 6, 2019

Could you paste your docker-compose file here?

@zeripath
Copy link
Contributor

zeripath commented Jul 6, 2019
edited
Loading

I suspect this is the problem that #7286 solves.

Oh actually I think I've misread this - I think this is a problem to do with the install page.

Ah no I didn't misread it!

So the docker by default provides an openSSH server - which listens on port 22. Changing the SSH_PORT in the install page doesn't change the config of the server - so if you change the port in /install you will have to change it there.

@techknowlogick
Copy link
Member

#7286 has been merged. Please re-open this issue if you continue to face this issue after updating to most recent docker image.

@kalsan
Copy link
Author

kalsan commented Jul 7, 2019

Thanks for the quick reaction! If I understand correctly, this is a problem related to the SSH daemon in the docker container and has nothing to do with Gitea. Of course, /install cannot change the behavior of the contariner's SSH daemon and it also makes sense that by default, Gitea does not provide its own SSH server. All clear then! 👍

@zeripath
Copy link
Contributor

zeripath commented Jul 7, 2019
edited
Loading

Gitea does provide its own SSH server - and we will be moving the docker to use this by default at some point but at present the docker configuration doesn't use it.

@hollie
Copy link
Contributor

hollie commented Sep 17, 2019

The same issue is still present on the 1.9.3 docker image.

As a workaround, map your own sshd_config file with the correct port to the path /etc/ssh in the docker container.

An example file for port 8022 and user 'git':

Port 8022
Protocol 2

AddressFamily any
ListenAddress 0.0.0.0
ListenAddress ::

LogLevel INFO

HostKey /data/ssh/ssh_host_ed25519_key
HostKey /data/ssh/ssh_host_rsa_key
HostKey /data/ssh/ssh_host_dsa_key
HostKey /data/ssh/ssh_host_ecdsa_key

AuthorizedKeysFile .ssh/authorized_keys

UseDNS no
AllowAgentForwarding no
AllowTcpForwarding no
PrintMotd no

PermitUserEnvironment yes
PermitRootLogin no
ChallengeResponseAuthentication no
PasswordAuthentication no
PermitEmptyPasswords no

AllowUsers git

Banner none
Subsystem sftp /usr/lib/ssh/sftp-server

AcceptEnv GIT_PROTOCOL

@hollie
Copy link
Contributor

hollie commented Sep 17, 2019

In current master branch there are some code changes that should allow to set the SSH ports in the docker image correctly using the option SSH_LISTEN_PORT. See #7829. Those changes are in master and not yet in a stable release.

@hollie
Copy link
Contributor

hollie commented Sep 17, 2019

For later reference in case other people encounter this issue: I've succeeded in updating the OpenSSH server port in the latest docker image by setting an environment variable in the docker-compose.yml file like this:

SSH_PORT=8022

@weshouman
Copy link

I believe such edit should go to the docs.
Actually without this tweak the custom SSH port is not possible.

Note: setting either SSH_LISTEN_PORT=8022 or SSH_PORT=8022 would work, with a higher precedence for SSH_LISTEN_PORT
This gist explains more.

@zeripath
Copy link
Contributor

@weshouman it already is in the docs:

https://docs.gitea.io/en-us/install-with-docker/#environments-variables

@weshouman
Copy link

I mean it should be explained in the docs that setting that in the app.ini only won't work, and one shall explicitly set that in the environment variable.

@go-gitea go-gitea locked and limited conversation to collaborators Nov 24, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@lunny @techknowlogick @hollie @zeripath @weshouman @kalsan