SSH doesn't work on ports other than 22 in dockerized gogs

[simonacca]

Trying to changed the docker ssh port from default to 2222 in a dockerized environment doesn't work as expected.

Steps to reproduce:

1. Bring up a gogs container with the following docker-compose config:

gogs:
  image: gogs/gogs
  ports:
    - "10080:10080"
    - "2222:2222"
  volumes:
    - "/var/gogs/data:/data"

2. change the config file in: /var/gogs/data/gogs/conf/app.ini as follow:

[server]
DOMAIN = git.mydomain.com
HTTP_PORT = 10080
ROOT_URL = http://git.mydomain.com
DISABLE_SSH = false
SSH_PORT = 2222
OFFLINE_MODE = false

• create a repo (let's say myuser/myrepo)
• the gogs interface will give you this address, which is correct: ssh://git@git.mydomain.com:2222/myuser/myrepo.git
• push some content from a local repo:
  • git remote add origin ssh://git@git.mydomain.com:2222/myuser/myrepo.git
  • git push -u origin master

In pushing, you will get this error:

ssh: connect to host git.mydomain.com port 2222: Connection refused
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Additional info:

• The UI says: Version 0.6.16.1008 Beta
• I tried this on 2 machines with identical results.

Workaround

A temporary solution is to use the port 22 inside the container and map it with -p 2222:22.

This is suboptimal since the urls generated by the UI will be wrong, in this case the url would have been git@git.mydomain.com:cnb/scraper.git, which is incorrect.

[tboerger]

You still have to use port 22 for the publish part. Set port 2222 within the gogs config and use -p 2222:22 for docker, than it will work.

[simonacca]

That is, I belive, the workaround I described.
The problem with that is that all the urls showed in the User interface are wrong.

[tboerger]

Please read my comment again. It's not exactly like you have written. The value within the gogs config is just for displaying the SSH port, so set it to 2222, map the publish attribute of docker still to 22 within the container and everything works like it should be.

[simonacca]

Ok, it's clearer now.
Thank you

[xiaoping378]

不明白,，，，
那app.ini里的SSH_PORT到底是干什么的
@tboerger 难道就是为了展示用的
我之所以要改这个端口,是为了项目里提示ssh clone的地址是正确的
按照你说的，下面的case，是ＯＫ的么

如下创建我的容器
docker run -d --name=gogs --restart=always -p 29418:22 -p 8730:8730 -v ~/Docker/gogs:/data gogs/gogs

初始化 sandal-ui project后，得到这样的项目地址
git clone git@10.0.0.78:xiaoping.xu/sandal-ui.git
Reponse:
ssh: connect to host 10.0.0.78 port 22: Connection refused

暂时的两种解决办法
１．进入容器里,netstat -an 发现还是监听的22端口
手动更改/app/gogs/docker/sshd_config里PORT，工作正常．．．
２．修改Host的~/.ssh/config
Host 10.0.0.78
Port 29418

Note.
Gogs version 0.8.3.1213

[unknwon]

Please speak English.

[langdead]

em....

I can't figure out to make it work. Feedback & suggestion are appreciated.
env: docker on vagrant+coreos

fuple@fuple-laptop MINGW64 /d/work/github
$ git clone ssh://git@172.28.128.3:10022/fuple/ring.git
Cloning into 'ring'...
Permission denied (publickey,keyboard-interactive).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

fuple@fuple-laptop MINGW64 /d/work/github
$ pwd
/d/work/github

fuple@fuple-laptop MINGW64 /d/work/github
$ git clone http://172.28.128.3:10080/fuple/ring.git
Cloning into 'ring'...
remote: Counting objects: 4, done.
remote: Compressing objects: 100% (3/3), done.
remote: Total 4 (delta 0), reused 0 (delta 0)
Unpacking objects: 100% (4/4), done.
Checking connectivity... done.

fuple@fuple-laptop MINGW64 /d/work/github
$ cd ring/

fuple@fuple-laptop MINGW64 /d/work/github/ring (master)
$ ssh git@172.28.128.3:10022
ssh: Could not resolve hostname 172.28.128.3:10022: Name or service not known

fuple@fuple-laptop MINGW64 /d/work/github/ring (master)
$ cd ..

fuple@fuple-laptop MINGW64 /d/work/github

#using the same id_rsa key, I can clone from github without problem.
$ git clone git@github.com:struct/mms.git
Cloning into 'mms'...
The authenticity of host 'github.com (192.30.253.112)' can't be established.
RSA key fingerprint is SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'github.com,192.30.253.112' (RSA) to the list of known hosts.
Enter passphrase for key '/c/Users/fuple/.ssh/id_rsa':
remote: Counting objects: 16, done.
remote: Compressing objects: 100% (9/9), done.
remote: Total 16 (delta 3), reused 0 (delta 0), pack-reused 7
Receiving objects: 100% (16/16), 3.81 MiB | 49.00 KiB/s, done.
Resolving deltas: 100% (4/4), done.
Checking connectivity... done.

# so tried adding a new account, and updated the ssh public key, but still not able to clone from gogs ssh 
fuple@fuple-laptop MINGW64 /d/work/github
$ ssh-agent bash

fuple@fuple-laptop MINGW64 /d/work/github
$ ssh-add -l
The agent has no identities.

fuple@fuple-laptop MINGW64 /d/work/github
$ ssh-add ~/.ssh/id_rsa_gogs_langdead
Identity added: /c/Users/fuple/.ssh/id_rsa_gogs_langdead (/c/Users/fuple/.ssh/id_rsa_gogs_langdead)

fuple@fuple-laptop MINGW64 /d/work/github
$ ssh-add -l
4096 SHA256:dC1wLvk2Af3X+Squ2PaKswyZf9tw/lhuFWmTA6Tmr/g /c/Users/fuple/.ssh/id_rsa_gogs_langdead (RSA)

fuple@fuple-laptop MINGW64 /d/work/github
$ git clone ssh://git@172.28.128.3:10022/fuple/ring.git ring_1
Cloning into 'ring_1'...
Permission denied (publickey,keyboard-interactive).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

fuple@fuple-laptop MINGW64 /d/work/github
$

I just followed the instruction at https://github.com/gogits/gogs/tree/master/docker

Specifically, below is the cmds I executed:

#step 1: postgres db
docker run --name gogs-postgres -p 5432:5432 -e POSTGRES_PASSWORD=postgres -d postgres
docker run -it --rm --link gogs-postgres:postgres postgres psql -h postgres -U postgres 
create DATABASE gogs; 
\l 
\q ENTER

#step 2: gogs container
mkdir /fuple/data/gogs
docker run --name=gogs -p 10022:22 -p 10080:3000 -v /fuple/data/gogs:/data gogs/gogs

#step 3: gogs install
#my coreos ip: 172.28.128.3
#replaced all localhost with this ip
# replaced all 3000 with 10080
# replaced all 22 with 10022
# added admin fuple

#step 4: added pub key in https://172.28.128.3:10080/fuple/settings/ssh

#create new repo ring in web page.

Also tried to not use data volumn in gogs to exclude possible influence from other dependency, still the same.

Searching on web, someone says that root can't login, and proposed to change sshd_config as below.

PermitRootLogin yes
PasswordAuthentication yes

While some other saying the permission to authorized_keys should be 600.

core@core-01 /fuple/src $ ls -al /fuple/data/gogs/git/.ssh/
total 3
drwxrwxrwx. 1 bin bin    0 Jul 24 14:48 .
drwxrwxrwx. 1 bin bin    0 Jul 24 14:21 ..
-rwxrwxrwx. 1 bin bin 1758 Jul 24 14:48 authorized_keys
-rwxrwxrwx. 1 bin bin   23 Jul 24 14:19 environment
core@core-01 /fuple/src $

I've not tried either of above two as I'm using docker gogs/gogs, and I assume the standard image should work out of box.

thx very much in advance!

[unknwon]

Try change /fuple/data/gogs/git/.ssh/ permission to 600.

[langdead]

Hi @unknwon, thx for your help!

Today, I tried with local coreos file system, it works without any problem for both sqlite and ssh.
The reason for my issue before relates to the user permission management in vagrant for shared folder by winnsf.

Thx very much to implement such an amazing OS software!

Regards
Langdead

[ghost]

Hi, I'm having the same problem then @simonacca.
The workaround of @tboerger is not fit to me: I need to work inside and outside a docker-compose environment on same port.
There is any solution for this?
Thanks!

[badabing2005]

Try change /fuple/data/gogs/git/.ssh/ permission to 600.

This is not possible when running in WSL2 under windows.
Any way to not enforce that restriction?