OpenSSH logs are not included in the file mode logs #6772

New Issue

GiteaMirror · 2025-11-02T07:06:13-06:00

GiteaMirror commented

2025-11-02 07:06:13 -06:00

Originally created by @the-lay on GitHub (Jan 27, 2021).

Gitea version (or commit ref): 1.13.1
Operating system: official Docker image
Database (use [x]):
- PostgreSQL
- MySQL
- MSSQL
- SQLite

Description

I'm trying to setup fail2ban with Gitea that uses SSHD (START_SSH_SERVER=false).
I can see unsucessful SSH connection attempts in docker logs, but not in log files, even when file logging enabled.
Gitea documentation about fail2ban seem to assume that it is an internal ssh server running, not sshd.

Excerpt from docker logs:

2021/01/27 16:39:25 cmd/web.go:163:runWeb() [I] Listen: http://0.0.0.0:3000
2021/01/27 16:39:25 ...s/graceful/server.go:55:NewServer() [I] Starting new server: tcp:0.0.0.0:3000 on PID: 16
2021/01/27 16:39:25 ...s/graceful/server.go:66:func1() [D] Starting server on tcp:0.0.0.0:3000 (PID: 16)
Could not load host certificate "/data/ssh/ssh_host_ed25519_cert": No such file or directory
Could not load host certificate "/data/ssh/ssh_host_rsa_cert": No such file or directory
Could not load host certificate "/data/ssh/ssh_host_ecdsa_cert": No such file or directory
Could not load host certificate "/data/ssh/ssh_host_dsa_cert": No such file or directory
Invalid user user from REDACTED_IP port 53821
Connection closed by invalid user user REDACTED_IP port 53821 [preauth]
Could not load host certificate "/data/ssh/ssh_host_ed25519_cert": No such file or directory
Could not load host certificate "/data/ssh/ssh_host_rsa_cert": No such file or directory
Could not load host certificate "/data/ssh/ssh_host_ecdsa_cert": No such file or directory
Could not load host certificate "/data/ssh/ssh_host_dsa_cert": No such file or directory
Invalid user user from REDACTED_IP port 54825
Connection closed by invalid user user REDACTED_IP port 54825 [preauth]
Could not load host certificate "/data/ssh/ssh_host_ed25519_cert": No such file or directory
Could not load host certificate "/data/ssh/ssh_host_rsa_cert": No such file or directory
Could not load host certificate "/data/ssh/ssh_host_ecdsa_cert": No such file or directory
Could not load host certificate "/data/ssh/ssh_host_dsa_cert": No such file or directory
Invalid user user from REDACTED_IP port 55734
Connection closed by invalid user user REDACTED_IP port 55734 [preauth]

Here's my app.ini regarding logging:

[log]
MODE                 = console, file
LEVEL                = debug  
REDIRECT_MACARON_LOG = true   
MACARON              = console, file
ROUTER               = console, file   
ROOT_PATH            = /data/gitea/log

Originally created by @the-lay on GitHub (Jan 27, 2021). - Gitea version (or commit ref): 1.13.1 - Operating system: official Docker image - Database (use `[x]`): - [x] PostgreSQL - [ ] MySQL - [ ] MSSQL - [ ] SQLite ## Description I'm trying to setup fail2ban with Gitea that uses SSHD (`START_SSH_SERVER=false`). I can see unsucessful SSH connection attempts in docker logs, but not in log files, even when file logging enabled. Gitea documentation about fail2ban seem to assume that it is an internal ssh server running, not sshd. Excerpt from `docker logs`: ``` 2021/01/27 16:39:25 cmd/web.go:163:runWeb() [I] Listen: http://0.0.0.0:3000 2021/01/27 16:39:25 ...s/graceful/server.go:55:NewServer() [I] Starting new server: tcp:0.0.0.0:3000 on PID: 16 2021/01/27 16:39:25 ...s/graceful/server.go:66:func1() [D] Starting server on tcp:0.0.0.0:3000 (PID: 16) Could not load host certificate "/data/ssh/ssh_host_ed25519_cert": No such file or directory Could not load host certificate "/data/ssh/ssh_host_rsa_cert": No such file or directory Could not load host certificate "/data/ssh/ssh_host_ecdsa_cert": No such file or directory Could not load host certificate "/data/ssh/ssh_host_dsa_cert": No such file or directory Invalid user user from REDACTED_IP port 53821 Connection closed by invalid user user REDACTED_IP port 53821 [preauth] Could not load host certificate "/data/ssh/ssh_host_ed25519_cert": No such file or directory Could not load host certificate "/data/ssh/ssh_host_rsa_cert": No such file or directory Could not load host certificate "/data/ssh/ssh_host_ecdsa_cert": No such file or directory Could not load host certificate "/data/ssh/ssh_host_dsa_cert": No such file or directory Invalid user user from REDACTED_IP port 54825 Connection closed by invalid user user REDACTED_IP port 54825 [preauth] Could not load host certificate "/data/ssh/ssh_host_ed25519_cert": No such file or directory Could not load host certificate "/data/ssh/ssh_host_rsa_cert": No such file or directory Could not load host certificate "/data/ssh/ssh_host_ecdsa_cert": No such file or directory Could not load host certificate "/data/ssh/ssh_host_dsa_cert": No such file or directory Invalid user user from REDACTED_IP port 55734 Connection closed by invalid user user REDACTED_IP port 55734 [preauth] ``` Here's my app.ini regarding logging: ``` [log] MODE = console, file LEVEL = debug REDIRECT_MACARON_LOG = true MACARON = console, file ROUTER = console, file ROOT_PATH = /data/gitea/log ```

GiteaMirror added the type/question label 2025-11-02 07:06:13 -06:00

GiteaMirror closed this issue

2025-11-02 07:06:13 -06:00

GiteaMirror commented

2025-11-02 07:06:14 -06:00

@6543 commented on GitHub (Jan 27, 2021):

you can use sshd in docker .. but you have to add install & enable it.

@6543 commented on GitHub (Jan 27, 2021): you can use sshd in docker .. but you have to add install & enable it.

GiteaMirror commented

2025-11-02 07:06:14 -06:00

@zeripath commented on GitHub (Jan 27, 2021):

If you aren't running the internal ssh why would you expect the gitea logs to provide that information? Just set up fail2ban to use the sshd logs.

Adjust the config of /etc/ssh/sshd_config as necessary,

@zeripath commented on GitHub (Jan 27, 2021): If you aren't running the internal ssh why would you expect the gitea logs to provide that information? Just set up fail2ban to use the sshd logs. Adjust the config of `/etc/ssh/sshd_config` as necessary,

GiteaMirror commented

2025-11-02 07:06:14 -06:00

@the-lay commented on GitHub (Jan 28, 2021):

If you aren't running the internal ssh why would you expect the gitea logs to provide that information? Just set up fail2ban to use the sshd logs.

Adjust the config of /etc/ssh/sshd_config as necessary,

That makes sense, thanks.
Sorry, I've assumed the logs would be "redirected" for some reason.

I've tried to switch to the internal ssh, but it seems that the default ssh provider for Docker image is openssh and it gets run even if internal ssh is turned on. For example, if I set START_SSH_SERVER=true in the app.ini, container crashes on startup because it can not bind to the port that openssh already took:

Server listening on :: port 2222.                                                                                                                                                             
Server listening on 0.0.0.0 port 2222.                                                                                                                                                        
2021/01/28 11:18:24 cmd/web.go:108:runWeb() [I] Starting Gitea on PID: 15                                                                                                                     
2021/01/28 11:18:24 ...dules/setting/git.go:91:newGit() [I] Git Version: 2.26.2, Wire Protocol Version 2 Enabled
....
2021/01/28 11:18:25 routers/init.go:56:checkRunMode() [I] Run Mode: Production
2021/01/28 11:18:25 routers/init.go:188:GlobalInit() [I] SSH server started on :2222. Cipher list ([aes128-ctr aes192-ctr aes256-ctr aes128-gcm@openssh.com arcfour256 arcfour128]), key exchange algorithms ([diffie-hellman-group1-sha1 diffie-hellman-group14-sha1 ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 curve25519-sha256@libssh.org]), MACs ([hmac-sha2-256-etm@openssh.com hmac-sha2-256 hmac-sha1 hmac-sha1-96])
2021/01/28 11:18:25 ...s/graceful/server.go:55:NewServer() [I] Starting new server: tcp::2222 on PID: 15
2021/01/28 11:18:25 ...s/graceful/server.go:79:ListenAndServe() [E] Unable to GetListener: listen tcp :2222: bind: address already in use
2021/01/28 11:18:25 .../ssh/ssh_graceful.go:23:listen() [F] Failed to start SSH server: listen tcp :2222: bind: address already in use
Received signal 15; terminating.

Also it seems that the default openssh server does not write logs: /var/log/ folder is empty.

@the-lay commented on GitHub (Jan 28, 2021): > If you aren't running the internal ssh why would you expect the gitea logs to provide that information? Just set up fail2ban to use the sshd logs. > > Adjust the config of `/etc/ssh/sshd_config` as necessary, That makes sense, thanks. Sorry, I've assumed the logs would be "redirected" for some reason. I've tried to switch to the internal ssh, but it seems that the default ssh provider for Docker image is openssh and it gets run even if internal ssh is turned on. For example, if I set `START_SSH_SERVER=true` in the app.ini, container crashes on startup because it can not bind to the port that openssh already took: ``` Server listening on :: port 2222. Server listening on 0.0.0.0 port 2222. 2021/01/28 11:18:24 cmd/web.go:108:runWeb() [I] Starting Gitea on PID: 15 2021/01/28 11:18:24 ...dules/setting/git.go:91:newGit() [I] Git Version: 2.26.2, Wire Protocol Version 2 Enabled .... 2021/01/28 11:18:25 routers/init.go:56:checkRunMode() [I] Run Mode: Production 2021/01/28 11:18:25 routers/init.go:188:GlobalInit() [I] SSH server started on :2222. Cipher list ([aes128-ctr aes192-ctr aes256-ctr aes128-gcm@openssh.com arcfour256 arcfour128]), key exchange algorithms ([diffie-hellman-group1-sha1 diffie-hellman-group14-sha1 ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 curve25519-sha256@libssh.org]), MACs ([hmac-sha2-256-etm@openssh.com hmac-sha2-256 hmac-sha1 hmac-sha1-96]) 2021/01/28 11:18:25 ...s/graceful/server.go:55:NewServer() [I] Starting new server: tcp::2222 on PID: 15 2021/01/28 11:18:25 ...s/graceful/server.go:79:ListenAndServe() [E] Unable to GetListener: listen tcp :2222: bind: address already in use 2021/01/28 11:18:25 .../ssh/ssh_graceful.go:23:listen() [F] Failed to start SSH server: listen tcp :2222: bind: address already in use Received signal 15; terminating. ``` Also it seems that the default openssh server does not write logs: /var/log/ folder is empty.

GiteaMirror commented

2025-11-02 07:06:15 -06:00

@zeripath commented on GitHub (Jan 28, 2021):

https://stackoverflow.com/questions/22526016/docker-container-sshd-logs

There's also a rootless variant of the docker.

@zeripath commented on GitHub (Jan 28, 2021): https://stackoverflow.com/questions/22526016/docker-container-sshd-logs There's also a rootless variant of the docker.

GiteaMirror commented

2025-11-02 07:06:15 -06:00

@the-lay commented on GitHub (Jan 28, 2021):

https://stackoverflow.com/questions/22526016/docker-container-sshd-logs

Thank you, I also found this question on SO, but it is not straightforward. Gitea docker image is based on alpine (not Ubuntu as in SO question) and even after downloading and installing rsyslog (apk add rsyslog; rsyslogd) the logs are not there. I will try some more tomorrow.

There's also a rootless variant of the docker.

It seems there is no stable version of rootless Gitea image, so I don't think it's a good alternative. Even though docs say For a stable release you can use :1-rootless or specify a certain release like :1.13.1-rootless., in reality on Dockerhub there is only latest-rootless.

@the-lay commented on GitHub (Jan 28, 2021): > https://stackoverflow.com/questions/22526016/docker-container-sshd-logs Thank you, I also found this question on SO, but it is not straightforward. Gitea docker image is based on alpine (not Ubuntu as in SO question) and even after downloading and installing rsyslog (apk add rsyslog; rsyslogd) the logs are not there. I will try some more tomorrow. > There's also a rootless variant of the docker. It seems there is no stable version of rootless Gitea image, so I don't think it's a good alternative. Even though docs say `For a stable release you can use :1-rootless or specify a certain release like :1.13.1-rootless.`, in reality on Dockerhub there is [only latest-rootless](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated&name=rootless).

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/gitea#6772