Gitea starts SSH server on incorrect port

[gamelaster]

• Gitea version (or commit ref): 1.10.0+dev-402-g1fe81bc22
• Git version: 2.22.0
• Operating system: Linux Ubuntu
• Database (use [x]):
  • PostgreSQL
  • MySQL
  • MSSQL
  • SQLite
• Can you reproduce the bug at https://try.gitea.io:
  • Yes (provide example URL)
  • No
  • Not relevant
• Log gist:

Description

I have been using docker container gitea/gitea:1 (1.9.2) with following configuration:

...
      - START_SSH_SERVER=true
      - SSH_PORT=222
      - SSH_LISTEN_PORT=22
    restart: always
    networks:
      - gitea
    volumes:
      - ./gitea:/data
    ports:
      - "3000:3000"
      - "222:22"
    depends_on:
      - db

Everything have been working fine, until I switched to gitea/gitea:latest, after this, I see in log the log that servers starts on port 222, instead of 22, even in config is specified 22, so this means I'm getting connection refused when trying to connect to built in git server. After changing the port forwarding, everything works well. Switching back 1.9.2 makes everything work correctly again

[zeripath]

Hi!

I can't see any change that could be a reason for this. The SSH host is opened on SSH.ListenPort

gitea/routers/init.go

Line 112 in df2c11a

ssh.Listen(setting.SSH.ListenHost, setting.SSH.ListenPort, setting.SSH.ServerCiphers, setting.SSH.ServerKeyExchanges, setting.SSH.ServerMACs)

Which is defined as:

gitea/modules/setting/setting.go

Line 649 in df2c11a

SSH.ListenPort = sec.Key("SSH_LISTEN_PORT").MustInt(SSH.Port)

Which assuming you're running the s6 setup gets set here:

gitea/docker/root/etc/s6/gitea/setup

Line 34 in df2c11a

SSH_LISTEN_PORT=${SSH_LISTEN_PORT:-"${SSH_PORT}"} \

So either you're running a version of gitea that doesn't have this i.e. <1.10 or your docker isn't running the setup properly.

Take a look at your /etc/s6/gitea/setup file and ensure that you're on 1.10-dev not 1.9.x

[techknowlogick]

A somewhat related note: Gitea likely can't listen on port 22 (although opensshd in the container can) in the docker container due to it not having root capabilities.

[gamelaster]

Hi @zeripath and @techknowlogick
zeripath: I have been looking for possible issue too in source code, I didn't found anything suspicious. Also, I checked out /etc/s6/gitea/setup file inside my container with latest gitea, it's same 1.10-dev version, not 1.9.x
techknowlogick: well, if this would be a issue, then it wouldn't work on 1.9.2, which I have been using before, but it have been working finely.

I used this tutorial to compose my gitea server, only change I had is image: gitea/gitea:1 (installed 1.9.2), instead of image: gitea/gitea:latest. the only thing I really just did is that I changed to latest docker container and recomposed the project. Everything works fine, just this changed behavior without any other changes in docker-compose.yml or elsewhere. Even if I change it back to 1.9.2, it start work again correctly, so it doesn't giving any sense for me.

[zeripath]

Hmm. I wonder... Were you running the openssh server or the inbuilt SSH server previously? @techknowlogick have we switched to inbuilt by default for docker yet?

On 1.9 we were definitely still using opensshd which would explain why 22 worked, if we're now inbuilt by default that would explain why 22 would no longer work.

[techknowlogick]

1.10 includes SSH improvements, but still has opensshd as default ssh provider in container

[zeripath]

Ah ok well that explains why this setting is likely being ignored in any case!

gitea/docker/root/etc/s6/openssh/setup

Lines 27 to 32 in f1fdd78

	if [ -d /etc/ssh ]; then
	SSH_PORT=${SSH_PORT:-"22"} \
	envsubst < /etc/templates/sshd_config > /etc/ssh/sshd_config
	chmod 0644 /etc/ssh/sshd_config
	fi

gitea/docker/root/etc/templates/sshd_config

Line 1 in f1fdd78

Port ${SSH_PORT}

SSH_LISTEN_PORT isn't supported there.

Would be a v. Quick fix.

[gamelaster]

Thank you guys for fast fix. I will test it at Monday and confirm it's fixed

[gamelaster]

I tested it, it works finely! Thanks :)