github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-05-23 15:57:22 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

[FR] SSH mirror option #7589

New Issue
Closed
opened 2025-11-02 07:30:39 -06:00 by GiteaMirror · 6 comments
GiteaMirror commented 2025-11-02 07:30:39 -06:00
Owner
Copy Link

Originally created by @adyanth on GitHub (Jul 15, 2021).

  • Gitea version (or commit ref): all
  • Git version: all
  • Operating system: all
  • Database (use [x]): all
    • PostgreSQL
    • MySQL
    • MSSQL
    • SQLite
  • Can you reproduce the bug at https://try.gitea.io:
    • Yes (provide example URL)
    • No
  • Log gist: N/A

Description

This is a feature request to include SSH based remote mirrors on Gitea. Gitlab provides this option here

There is a very good use case for this, since these configurations are per repository. Github and others already provide Deploy keys with write access, which are SSH keys allowed access only to that repository. This can be used for the remote mirror without providing a Personal token which has user wide access and needs to be created and tracked for each mirror.

Ideally Gitea should also generate and use a new SSH key for each mirror since I believe there is a limitation on adding the same key in multiple places. But that is also how Gitlab has implemented it, where they provide the key that will be used for this mirror instance.

Screenshots

Originally created by @adyanth on GitHub (Jul 15, 2021). - Gitea version (or commit ref): all - Git version: all - Operating system: all - Database (use `[x]`): all - [ ] PostgreSQL - [ ] MySQL - [ ] MSSQL - [ ] SQLite - Can you reproduce the bug at https://try.gitea.io: - [X] Yes (provide example URL) - [ ] No - Log gist: N/A <!-- It really is important to provide pertinent logs --> <!-- Please read https://docs.gitea.io/en-us/logging-configuration/#debugging-problems --> <!-- In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of app.ini --> ## Description This is a feature request to include SSH based remote mirrors on Gitea. Gitlab provides this option [here](https://docs.gitlab.com/ee/user/project/repository/repository_mirroring.html#push-to-a-remote-repository) There is a very good use case for this, since these configurations are per repository. Github and others already provide Deploy keys with write access, which are SSH keys allowed access only to that repository. This can be used for the remote mirror without providing a Personal token which has user wide access and needs to be created and tracked for each mirror. Ideally Gitea should also generate and use a new SSH key for each mirror since I believe there is a limitation on adding the same key in multiple places. But that is also how Gitlab has implemented it, where they provide the key that will be used for this mirror instance. ## Screenshots <!-- **If this issue involves the Web Interface, please include a screenshot** -->
GiteaMirror commented 2025-11-02 07:30:40 -06:00
Author
Owner
Copy Link

@ansemjo commented on GitHub (Aug 7, 2021):

+1 on this ..

Mirroring via HTTPS using username and password/token is implemented in #15157 (available since 1.15.0-rc1) but that does not allow the ssh:// protocol. There is a couple of post-receive hooks in #3480, which can be adapted to use pubkey authentication instead of username:password. Ideally, this would also be combined with #16579.

I want to mirror a number of repositories to my GitHub account and don't want to create separate keys / tokens for each. So this is how I am currently doing it:

  • login as the git/gitea user and generate a new key, e.g. with ssh-keygen -t ed25519 -C "gitea mirroring" -f ~/.ssh/id_ed25519 -N ""
  • add this key to your GitHub account
  • try ssh git@github.com once to accept the hostkey and make sure GitHub recognizes you
  • enable git hooks in gitea
  • add the following post-receive hook to repositories:
#!/usr/bin/env bash
git push --mirror --quiet git@github.com:username/repository.git &>/dev/null &
echo "GitHub mirror initiated .."

I've used a selfhosted GitLab before and I could just configure push mirrors using URLs like ssh://git@github.com/username/repository.git and leave username and password blank with the above key-based method. I agree that generating a separate key per repository and printing the public key would be useful, too.

@ansemjo commented on GitHub (Aug 7, 2021): +1 on this .. Mirroring via HTTPS using username and password/token is implemented in #15157 (available since `1.15.0-rc1`) but that does not allow the `ssh://` protocol. There is a couple of `post-receive` hooks in #3480, which can be adapted to use pubkey authentication instead of `username:password`. Ideally, this would also be combined with #16579. I want to mirror a number of repositories to my GitHub account and don't want to create separate keys / tokens for each. So this is how I am currently doing it: * login as the `git`/`gitea` user and generate a new key, e.g. with `ssh-keygen -t ed25519 -C "gitea mirroring" -f ~/.ssh/id_ed25519 -N ""` * add this key to your GitHub account * try `ssh git@github.com` once to accept the hostkey and make sure GitHub recognizes you * enable git hooks in gitea * add the following `post-receive` hook to repositories: ```bash #!/usr/bin/env bash git push --mirror --quiet git@github.com:username/repository.git &>/dev/null & echo "GitHub mirror initiated .." ``` I've used a selfhosted GitLab before and I could just configure push mirrors using URLs like `ssh://git@github.com/username/repository.git` and leave username and password blank with the above key-based method. I agree that generating a separate key per repository and printing the public key would be useful, too.
GiteaMirror commented 2025-11-02 07:30:40 -06:00
Author
Owner
Copy Link

@zeripath commented on GitHub (Aug 7, 2021):

Please read my comments on #1635 https://github.com/go-gitea/gitea/issues/1635#issuecomment-542910118

Although a simple request to make - the requirements to do this properly are quite involved. It would require that Gitea stores private keys - which would mean that users would need some way of installing private keys on Gitea, Gitea generating its own per user (potentially per repository) public/private keypair that the user would then have to install on the external site, or, similar things with Certificates.

This requires serious thought and planning about how this would be implemented.

@zeripath commented on GitHub (Aug 7, 2021): Please read my comments on #1635 https://github.com/go-gitea/gitea/issues/1635#issuecomment-542910118 Although a simple request to make - the requirements to do this properly are quite involved. It would require that Gitea stores private keys - which would mean that users would need some way of installing private keys on Gitea, Gitea generating its own per user (potentially per repository) public/private keypair that the user would then have to install on the external site, or, similar things with Certificates. This requires serious thought and planning about how this would be implemented.
GiteaMirror commented 2025-11-02 07:30:40 -06:00
Author
Owner
Copy Link

@adyanth commented on GitHub (Aug 7, 2021):

This is the way, if implemented. Gitea has to manage pub/priv key pairs per repo where enabled and use it.

@adyanth commented on GitHub (Aug 7, 2021): This is the way, if implemented. Gitea has to manage pub/priv key pairs per repo where enabled and use it.
GiteaMirror commented 2025-11-02 07:30:41 -06:00
Author
Owner
Copy Link

@zeripath commented on GitHub (Aug 7, 2021):

Which one of the options are you suggesting?

If we're not expecting users to upload private keys - how do you deal with the entropy problem with generating so many keypairs? Would you be expecting a keypair per user or per repo?

If we're expecting users to upload their private keys - how do we store them and encrypt them?

@zeripath commented on GitHub (Aug 7, 2021): Which one of the options are you suggesting? If we're not expecting users to upload private keys - how do you deal with the entropy problem with generating so many keypairs? Would you be expecting a keypair per user or per repo? If we're expecting users to upload their private keys - how do we store them and encrypt them?
GiteaMirror commented 2025-11-02 07:30:41 -06:00
Author
Owner
Copy Link

@adyanth commented on GitHub (Aug 7, 2021):

I'm suggesting Gitea to generate per repo. But this is not done for every single repo. Only when someone requests a SSH mirror to be configured, right? If we do not have enough entropy, I would just say to notify the user of the same and try again later, or (maybe complex, just a thought) to upload one manually. Private keys have to be saved at the end of the day, should not matter who generated it. Maybe add them to the SSH agent and delete them? (Where does SSH agent persist data? I'm not too sure here)

@adyanth commented on GitHub (Aug 7, 2021): I'm suggesting Gitea to generate per repo. But this is not done for every single repo. Only when someone requests a SSH mirror to be configured, right? If we do not have enough entropy, I would just say to notify the user of the same and try again later, or (maybe complex, just a thought) to upload one manually. Private keys have to be saved at the end of the day, should not matter who generated it. Maybe add them to the SSH agent and delete them? (Where does SSH agent persist data? I'm not too sure here)
GiteaMirror commented 2025-11-02 07:30:41 -06:00
Author
Owner
Copy Link

@techknowlogick commented on GitHub (Aug 7, 2021):

Merging this into #1635 as mirror & migrate would have the same logic in the backend, just that mirror would be called multiple times.

@techknowlogick commented on GitHub (Aug 7, 2021): Merging this into #1635 as mirror & migrate would have the same logic in the backend, just that mirror would be called multiple times.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#7589
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?