github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-12 10:39:38 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

Configuring an SSH port other than 22 disables START_SSH_SERVER #3539

New Issue
Closed
opened 2025-11-02 05:16:19 -06:00 by GiteaMirror · 11 comments
GiteaMirror commented 2025-11-02 05:16:19 -06:00
Owner
Copy Link

Originally created by @kalsan on GitHub (Jul 5, 2019).

  • Gitea version (or commit ref): 1.9.0+dev-415-g49ee9d277
  • Git version: 2.20.1
  • Operating system: Debian/docker
  • Database (use [x]):
    • PostgreSQL
    • MySQL
    • MSSQL
    • SQLite
  • Can you reproduce the bug at https://try.gitea.io:
    • Yes (provide example URL)
    • No
    • Not relevant
  • Log gist: n/a

Description

Configuring an SSH port other than 22 disables START_SSH_SERVER. To reproduce, do:

  • Get the docker-compose.yml for the minimal installation as recommended by the Gitea docs
  • In the yml file, replace SSH port ("222:22") by 2222, i.e. sure the line reads "2222:2222" for the port forwarding
  • docker-compose up, then go to localhost:3000 to be welcomed by the Gitea installation wizard
  • Set the SSH port to 2222

Result: in app.ini, the option START_SSH_SERVER is omitted and thus, it is not possible to access Gittea via the proposed URL ssh://git@localhost:2222/user/repo.git as an attempt to do so will result in an exception "ssh_exchange_identification: Connection closed by remote host"

Expected result / how to fix: Adding the option START_SSH_SERVER = true to app.ini fixes the problem. The installer should do this even when the ssh port is not 22.

Note: Be sure to have a high enough port for trying this (e.g. when the port is set to 222, there is a permissions problem on Linux).

Originally created by @kalsan on GitHub (Jul 5, 2019). <!-- NOTE: If your issue is a security concern, please send an email to security@gitea.io instead of opening a public issue --> <!-- 1. Please speak English, this is the language all maintainers can speak and write. 2. Please ask questions or configuration/deploy problems on our Discord server (https://discord.gg/gitea) or forum (https://discourse.gitea.io). 3. Please take a moment to check that your issue doesn't already exist. 4. Please give all relevant information below for bug reports, because incomplete details will be handled as an invalid report. --> - Gitea version (or commit ref): 1.9.0+dev-415-g49ee9d277 - Git version: 2.20.1 - Operating system: Debian/docker - Database (use `[x]`): - [ ] PostgreSQL - [ ] MySQL - [ ] MSSQL - [x] SQLite - Can you reproduce the bug at https://try.gitea.io: - [ ] Yes (provide example URL) - [ ] No - [x] Not relevant - Log gist: n/a ## Description Configuring an SSH port other than 22 disables START_SSH_SERVER. To reproduce, do: - Get the docker-compose.yml for the minimal installation as recommended by the Gitea docs - In the yml file, replace SSH port ("222:22") by 2222, i.e. sure the line reads "2222:2222" for the port forwarding - `docker-compose up`, then go to localhost:3000 to be welcomed by the Gitea installation wizard - Set the SSH port to 2222 **Result:** in app.ini, the option START_SSH_SERVER is omitted and thus, it is not possible to access Gittea via the proposed URL `ssh://git@localhost:2222/user/repo.git` as an attempt to do so will result in an exception "ssh_exchange_identification: Connection closed by remote host" **Expected result / how to fix:** Adding the option `START_SSH_SERVER = true` to app.ini fixes the problem. The installer should do this even when the ssh port is not 22. **Note:** Be sure to have a high enough port for trying this (e.g. when the port is set to 222, there is a permissions problem on Linux).
GiteaMirror commented 2025-11-02 05:16:20 -06:00
Author
Owner
Copy Link

@lunny commented on GitHub (Jul 6, 2019):

Could you paste your docker-compose file here?

@lunny commented on GitHub (Jul 6, 2019): Could you paste your docker-compose file here?
GiteaMirror commented 2025-11-02 05:16:20 -06:00
Author
Owner
Copy Link

@zeripath commented on GitHub (Jul 6, 2019):

I suspect this is the problem that #7286 solves.

Oh actually I think I've misread this - I think this is a problem to do with the install page.

Ah no I didn't misread it!

So the docker by default provides an openSSH server - which listens on port 22. Changing the SSH_PORT in the install page doesn't change the config of the server - so if you change the port in /install you will have to change it there.

@zeripath commented on GitHub (Jul 6, 2019): I suspect this is the problem that #7286 solves. ~~Oh actually I think I've misread this - I think this is a problem to do with the install page.~~ --- Ah no I didn't misread it! So the docker by default provides an openSSH server - which listens on port 22. Changing the SSH_PORT in the install page doesn't change the config of the server - so if you change the port in `/install` you will have to change it there.
GiteaMirror commented 2025-11-02 05:16:21 -06:00
Author
Owner
Copy Link

@techknowlogick commented on GitHub (Jul 7, 2019):

#7286 has been merged. Please re-open this issue if you continue to face this issue after updating to most recent docker image.

@techknowlogick commented on GitHub (Jul 7, 2019): #7286 has been merged. Please re-open this issue if you continue to face this issue after updating to most recent docker image.
GiteaMirror commented 2025-11-02 05:16:21 -06:00
Author
Owner
Copy Link

@kalsan commented on GitHub (Jul 7, 2019):

Thanks for the quick reaction! If I understand correctly, this is a problem related to the SSH daemon in the docker container and has nothing to do with Gitea. Of course, /install cannot change the behavior of the contariner's SSH daemon and it also makes sense that by default, Gitea does not provide its own SSH server. All clear then! 👍

@kalsan commented on GitHub (Jul 7, 2019): Thanks for the quick reaction! If I understand correctly, this is a problem related to the SSH daemon in the docker container and has nothing to do with Gitea. Of course, /install cannot change the behavior of the contariner's SSH daemon and it also makes sense that by default, Gitea does not provide its own SSH server. All clear then! :+1:
GiteaMirror commented 2025-11-02 05:16:21 -06:00
Author
Owner
Copy Link

@zeripath commented on GitHub (Jul 7, 2019):

Gitea does provide its own SSH server - and we will be moving the docker to use this by default at some point but at present the docker configuration doesn't use it.

@zeripath commented on GitHub (Jul 7, 2019): Gitea does provide its own SSH server - and we will be moving the docker to use this by default at some point but at present the docker configuration doesn't use it.
GiteaMirror commented 2025-11-02 05:16:21 -06:00
Author
Owner
Copy Link

@hollie commented on GitHub (Sep 17, 2019):

The same issue is still present on the 1.9.3 docker image.

As a workaround, map your own sshd_config file with the correct port to the path /etc/ssh in the docker container.

An example file for port 8022 and user 'git':

Port 8022
Protocol 2

AddressFamily any
ListenAddress 0.0.0.0
ListenAddress ::

LogLevel INFO

HostKey /data/ssh/ssh_host_ed25519_key
HostKey /data/ssh/ssh_host_rsa_key
HostKey /data/ssh/ssh_host_dsa_key
HostKey /data/ssh/ssh_host_ecdsa_key

AuthorizedKeysFile .ssh/authorized_keys

UseDNS no
AllowAgentForwarding no
AllowTcpForwarding no
PrintMotd no

PermitUserEnvironment yes
PermitRootLogin no
ChallengeResponseAuthentication no
PasswordAuthentication no
PermitEmptyPasswords no

AllowUsers git

Banner none
Subsystem sftp /usr/lib/ssh/sftp-server

AcceptEnv GIT_PROTOCOL
@hollie commented on GitHub (Sep 17, 2019): The same issue is still present on the 1.9.3 docker image. As a workaround, map your own `sshd_config` file with the correct port to the path `/etc/ssh` in the docker container. An example file for port 8022 and user 'git': ``` Port 8022 Protocol 2 AddressFamily any ListenAddress 0.0.0.0 ListenAddress :: LogLevel INFO HostKey /data/ssh/ssh_host_ed25519_key HostKey /data/ssh/ssh_host_rsa_key HostKey /data/ssh/ssh_host_dsa_key HostKey /data/ssh/ssh_host_ecdsa_key AuthorizedKeysFile .ssh/authorized_keys UseDNS no AllowAgentForwarding no AllowTcpForwarding no PrintMotd no PermitUserEnvironment yes PermitRootLogin no ChallengeResponseAuthentication no PasswordAuthentication no PermitEmptyPasswords no AllowUsers git Banner none Subsystem sftp /usr/lib/ssh/sftp-server AcceptEnv GIT_PROTOCOL ```
GiteaMirror commented 2025-11-02 05:16:21 -06:00
Author
Owner
Copy Link

@hollie commented on GitHub (Sep 17, 2019):

In current master branch there are some code changes that should allow to set the SSH ports in the docker image correctly using the option SSH_LISTEN_PORT. See #7829. Those changes are in master and not yet in a stable release.

@hollie commented on GitHub (Sep 17, 2019): In current master branch there are some code changes that should allow to set the SSH ports in the docker image correctly using the option SSH_LISTEN_PORT. See #7829. Those changes are in master and not yet in a stable release.
GiteaMirror commented 2025-11-02 05:16:22 -06:00
Author
Owner
Copy Link

@hollie commented on GitHub (Sep 17, 2019):

For later reference in case other people encounter this issue: I've succeeded in updating the OpenSSH server port in the latest docker image by setting an environment variable in the docker-compose.yml file like this:

SSH_PORT=8022
@hollie commented on GitHub (Sep 17, 2019): For later reference in case other people encounter this issue: I've succeeded in updating the OpenSSH server port in the latest docker image by setting an environment variable in the `docker-compose.yml` file like this: ``` SSH_PORT=8022 ```
GiteaMirror commented 2025-11-02 05:16:22 -06:00
Author
Owner
Copy Link

@weshouman commented on GitHub (Apr 21, 2020):

I believe such edit should go to the docs.
Actually without this tweak the custom SSH port is not possible.

Note: setting either SSH_LISTEN_PORT=8022 or SSH_PORT=8022 would work, with a higher precedence for SSH_LISTEN_PORT
This gist explains more.

@weshouman commented on GitHub (Apr 21, 2020): I believe such edit should go to the docs. Actually without this tweak the custom SSH port is not possible. Note: setting either ```SSH_LISTEN_PORT=8022``` or ```SSH_PORT=8022``` would work, with a higher precedence for ```SSH_LISTEN_PORT``` This [gist](https://gist.github.com/weshouman/f14b2e2c045d9518af20d113cc394a27) explains more.
GiteaMirror commented 2025-11-02 05:16:22 -06:00
Author
Owner
Copy Link

@zeripath commented on GitHub (Apr 22, 2020):

@weshouman it already is in the docs:

https://docs.gitea.io/en-us/install-with-docker/#environments-variables

@zeripath commented on GitHub (Apr 22, 2020): @weshouman it already is in the docs: https://docs.gitea.io/en-us/install-with-docker/#environments-variables
GiteaMirror commented 2025-11-02 05:16:22 -06:00
Author
Owner
Copy Link

@weshouman commented on GitHub (Apr 23, 2020):

I mean it should be explained in the docs that setting that in the app.ini only won't work, and one shall explicitly set that in the environment variable.

@weshouman commented on GitHub (Apr 23, 2020): I mean it should be explained in the docs that setting that in the ```app.ini``` only won't work, and one shall explicitly set that in the environment variable.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#3539
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?