cloneLink SSH generation change #3481

New Issue

Closed

opened 2025-11-02 05:14:19 -06:00 by GiteaMirror · 6 comments

GiteaMirror commented 2025-11-02 05:14:19 -06:00

Owner

Copy Link

Originally created by @CoolGoose on GitHub (Jun 17, 2019).

Hi guys,

This isn't technically a bug, more like a discussion on the topic.
Is it ok to open a merge request for the cloneLink generation to be able to include a custom path in the url ?

Right now as a workaround I am setting up in .bashrc a cd to the repository ROOT , but I guess it would be a better option to just specify that the cloneLink url for SSH is more than SSH_DOMAIN + repo name

Originally created by @CoolGoose on GitHub (Jun 17, 2019). Hi guys, This isn't technically a bug, more like a discussion on the topic. Is it ok to open a merge request for the cloneLink generation to be able to include a custom path in the url ? Right now as a workaround I am setting up in `.bashrc` a cd to the repository `ROOT` , but I guess it would be a better option to just specify that the cloneLink url for SSH is more than SSH_DOMAIN + repo name

GiteaMirror closed this issue 2025-11-02 05:14:19 -06:00

GiteaMirror commented 2025-11-02 05:14:20 -06:00

Author

Owner

Copy Link

@zeripath commented on GitHub (Jun 17, 2019):

Er... you shouldn't need to do this.

What happens if you: ssh $GITEA_USER@$GITEA_SERVER ? If you get a terminal prompt - you're not running with a key owned and managed by Gitea and you're going to have lots of problems with the repositories not updating and so on.

@zeripath commented on GitHub (Jun 17, 2019): Er... you shouldn't need to do this. What happens if you: `ssh $GITEA_USER@$GITEA_SERVER` ? If you get a terminal prompt - you're not running with a key owned and managed by Gitea and you're going to have lots of problems with the repositories not updating and so on.

GiteaMirror commented 2025-11-02 05:14:20 -06:00

Author

Owner

Copy Link

@CoolGoose commented on GitHub (Jun 17, 2019):

Hi @zeripath thank you for the reply.
The things is that

1. I am not using gitea's own SSH server
2. Yes I am getting the bash prompt
3. Doing a clone and then a push back syncs it nicely right now, maybe it's because it's not the internal SSH ? I'll give it a try with a key as well from under the user account.

/le
It works with a new key as well, and everything seems in sync

@CoolGoose commented on GitHub (Jun 17, 2019): Hi @zeripath thank you for the reply. The things is that 1. I am not using gitea's own SSH server 2. Yes I am getting the bash prompt 3. Doing a clone and then a push back syncs it nicely right now, maybe it's because it's not the internal SSH ? I'll give it a try with a key as well from under the user account. /le It works with a new key as well, and everything seems in sync

GiteaMirror commented 2025-11-02 05:14:20 -06:00

Author

Owner

Copy Link

@zeripath commented on GitHub (Jun 17, 2019):

Yeah you really must only commit to Gitea's repositories using a Gitea managed key. It shouldn't matter whether you're using openssh or the internal ssh server.

Take a look at the .ssh/authorized_keys file for the GITEA_USER and you'll see that we run a special command on login overriding the shell thus taking control of the session.

If that command doesn't run then you won't have any access control checked or protected branches checked.

@zeripath commented on GitHub (Jun 17, 2019): Yeah you really must only commit to Gitea's repositories using a Gitea managed key. It shouldn't matter whether you're using openssh or the internal ssh server. Take a look at the .ssh/authorized_keys file for the GITEA_USER and you'll see that we run a special command on login overriding the shell thus taking control of the session. If that command doesn't run then you won't have any access control checked or protected branches checked.

GiteaMirror commented 2025-11-02 05:14:21 -06:00

Author

Owner

Copy Link

@CoolGoose commented on GitHub (Jun 17, 2019):

@zeripath it's clearer now (I see the entry for the custom key). So in theory one should never use the default user@ , but to go trough the authorized_keys , right ?

@CoolGoose commented on GitHub (Jun 17, 2019): @zeripath it's clearer now (I see the entry for the custom key). So in theory one should never use the default user@ , but to go trough the authorized_keys , right ?

GiteaMirror commented 2025-11-02 05:14:21 -06:00

Author

Owner

Copy Link

@zeripath commented on GitHub (Jun 17, 2019):

If we can get #6961 merged then we can finally change the pre-receive hooks to enforce that people have to have the correct environment set up. (Admittedly if they have shell access they could probably just set it up themselves but at least it will barf sooner.)

@zeripath commented on GitHub (Jun 17, 2019): If we can get #6961 merged then we can finally change the pre-receive hooks to enforce that people have to have the correct environment set up. (Admittedly if they have shell access they could probably just set it up themselves but at least it will barf sooner.)

GiteaMirror commented 2025-11-02 05:14:22 -06:00

Author

Owner

Copy Link

@zeripath commented on GitHub (Jun 17, 2019):

@CoolGoose yeah

@zeripath commented on GitHub (Jun 17, 2019): @CoolGoose yeah

GiteaMirror referenced this issue 2025-11-02 12:23:33 -06:00

[PR #3537] [MERGED] Add issue closed time column to fix activity closed issues list #16983

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

release/v1.25

release/v1.24

release/v1.23

release/v1.22

release/v1.21

release/v1.20

release/v1.19

release/v1.18

release/v1.17

release/v1.16

release/v1.15

release/v1.14

release/v1.13

release/v1.12

release/v1.11

release/v1.10

release/v1.9

release/v1.8

v1.25.3

v1.25.2

v1.25.1

v1.25.0

v1.24.7

v1.25.0-rc0

v1.26.0-dev

v1.24.6

v1.24.5

v1.24.4

v1.24.3

v1.24.2

v1.24.1

v1.24.0

v1.23.8

v1.24.0-rc0

v1.25.0-dev

v1.23.7

v1.23.6

v1.23.5

v1.23.4

v1.23.3

v1.23.2

v1.23.1

v1.23.0

v1.23.0-rc0

v1.24.0-dev

v1.22.6

v1.22.5

v1.22.4

v1.22.3

v1.22.2

v1.22.1

v1.22.0

v1.23.0-dev

v1.22.0-rc1

v1.21.11

v1.22.0-rc0

v1.21.10

v1.21.9

v1.21.8

v1.21.7

v1.21.6

v1.21.5

v1.21.4

v1.21.3

v1.21.2

v1.20.6

v1.21.1

v1.21.0

v1.21.0-rc2

v1.21.0-rc1

v1.20.5

v1.22.0-dev

v1.21.0-rc0

v1.20.4

v1.20.3

v1.20.2

v1.20.1

v1.20.0

v1.19.4

v1.21.0-dev

v1.20.0-rc2

v1.20.0-rc1

v1.20.0-rc0

v1.19.3

v1.19.2

v1.19.1

v1.19.0

v1.19.0-rc1

v1.20.0-dev

v1.19.0-rc0

v1.18.5

v1.18.4

v1.18.3

v1.18.2

v1.18.1

v1.18.0

v1.17.4

v1.18.0-rc1

v1.19.0-dev

v1.18.0-rc0

v1.17.3

v1.17.2

v1.17.1

v1.17.0

v1.17.0-rc2

v1.16.9

v1.17.0-rc1

v1.18.0-dev

v1.16.8

v1.16.7

v1.16.6

v1.16.5

v1.16.4

v1.16.3

v1.16.2

v1.16.1

v1.16.0

v1.15.11

v1.17.0-dev

v1.16.0-rc1

v1.15.10

v1.15.9

v1.15.8

v1.15.7

v1.15.6

v1.15.5

v1.15.4

v1.15.3

v1.15.2

v1.15.1

v1.14.7

v1.15.0

v1.15.0-rc3

v1.14.6

v1.15.0-rc2

v1.14.5

v1.16.0-dev

v1.15.0-rc1

v1.14.4

v1.14.3

v1.14.2

v1.14.1

v1.14.0

v1.13.7

v1.14.0-rc2

v1.13.6

v1.13.5

v1.14.0-rc1

v1.15.0-dev

v1.13.4

v1.13.3

v1.13.2

v1.13.1

v1.13.0

v1.12.6

v1.13.0-rc2

v1.14.0-dev

v1.13.0-rc1

v1.12.5

v1.12.4

v1.12.3

v1.12.2

v1.12.1

v1.11.8

v1.12.0

v1.11.7

v1.12.0-rc2

v1.11.6

v1.12.0-rc1

v1.13.0-dev

v1.11.5

v1.11.4

v1.11.3

v1.10.6

v1.12.0-dev

v1.11.2

v1.10.5

v1.11.1

v1.10.4

v1.11.0

v1.11.0-rc2

v1.10.3

v1.11.0-rc1

v1.10.2

v1.10.1

v1.10.0

v1.9.6

v1.9.5

v1.10.0-rc2

v1.11.0-dev

v1.10.0-rc1

v1.9.4

v1.9.3

v1.9.2

v1.9.1

v1.9.0

v1.9.0-rc2

v1.10.0-dev

v1.9.0-rc1

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.8.0-rc3

v1.7.6

v1.8.0-rc2

v1.7.5

v1.8.0-rc1

v1.9.0-dev

v1.7.4

v1.7.3

v1.7.2

v1.7.1

v1.7.0

v1.7.0-rc3

v1.6.4

v1.7.0-rc2

v1.6.3

v1.7.0-rc1

v1.7.0-dev

v1.6.2

v1.6.1

v1.6.0

v1.6.0-rc2

v1.5.3

v1.6.0-rc1

v1.6.0-dev

v1.5.2

v1.5.1

v1.5.0

v1.5.0-rc2

v1.5.0-rc1

v1.5.0-dev

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.4.0-rc3

v1.4.0-rc2

v1.3.3

v1.4.0-rc1

v1.3.2

v1.3.1

v1.3.0

v1.3.0-rc2

v1.3.0-rc1

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.2.0-rc3

v1.2.0-rc2

v1.1.4

v1.2.0-rc1

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.2

v1.0.1

v1.0.0

v0.9.99

Labels

Clear labels

$20

$250

$50

$500

backport/done

💎 Bounty

docs-update-needed

good first issue

hacktoberfest

issue/bounty

issue/confirmed

issue/critical

issue/duplicate

issue/needs-feedback

issue/not-a-bug

issue/regression

issue/stale

issue/workaround

lgtm/need 2

modifies/api

modifies/translation

outdated/backport/v1.18

outdated/theme/markdown

outdated/theme/timetracker

performance/bigrepo

performance/cpu

performance/memory

performance/speed

pr/breaking

proposal/accepted

proposal/rejected

pr/wip

pull-request

Mirrored from GitHub Pull Request

reviewed/wontfix

💰 Rewarded

skip-changelog

status/blocked

topic/accessibility

topic/api

topic/authentication

topic/build

topic/code-linting

topic/commit-signing

topic/content-rendering

topic/deployment

topic/distribution

topic/federation

topic/gitea-actions

topic/issues

topic/lfs

topic/mobile

topic/moderation

topic/packages

topic/pr

topic/projects

topic/repo

topic/repo-migration

topic/security

topic/theme

topic/ui

topic/ui-interaction

topic/ux

topic/webhooks

topic/wiki

type/bug

type/deprecation

type/docs

type/enhancement

type/feature

type/miscellaneous

type/proposal

type/question

type/refactoring

type/summary

type/testing

type/upstream

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/gitea#3481