diff options
author | Patrick Schratz <patrick.schratz@gmail.com> | 2021-01-21 03:25:18 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-01-20 21:25:18 -0500 |
commit | 1c230f69d9951af1174f2956064f18e2d135723d (patch) | |
tree | 50b28ca98d7c6b4fb21850b8b5a5eec202ab98f7 | |
parent | 83c920d7fa2111853b2ef22c4d9c8cd352de3d79 (diff) | |
download | gitea-1c230f69d9951af1174f2956064f18e2d135723d.tar.gz gitea-1c230f69d9951af1174f2956064f18e2d135723d.zip |
update ssh passthrough (#14403)
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
-rw-r--r-- | docs/content/doc/installation/with-docker.en-us.md | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/docs/content/doc/installation/with-docker.en-us.md b/docs/content/doc/installation/with-docker.en-us.md index 563e85c226..b8017e64de 100644 --- a/docs/content/doc/installation/with-docker.en-us.md +++ b/docs/content/doc/installation/with-docker.en-us.md @@ -345,19 +345,23 @@ ports: - "127.0.0.1:2222:22" ``` -In addition, `/home/git/.ssh/authorized_keys` on the host needs to be modified. It needs to act in the same way as `authorized_keys` within the Gitea container. Therefore add +In addition, `/home/git/.ssh/authorized_keys` on the host needs to be modified. It needs to act in the same way as `authorized_keys` within the Gitea container. Therefore add the public key of the key you created above ("Gitea Host Key") to `~/git/.ssh/authorized_keys`. +This can be done via `echo "$(cat /home/git/.ssh/id_rsa.pub)" >> /home/git/.ssh/authorized_keys`. +Important: The pubkey from the `git` user needs to be added "as is" while all other pubkeys added via the Gitea web interface will be prefixed with `command="/app [...]`. -```bash -command="/app/gitea/gitea --config=/data/gitea/conf/app.ini serv key-1",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa <YOUR_SSH_PUBKEY> -``` +The file should then look somewhat like -and replace `<YOUR_SSH_PUBKEY>` with a valid SSH public key of yours. +```bash +# SSH pubkey from git user +ssh-rsa <Gitea Host Key> -In addition the public key of the `git` user on the host needs to be added to `/home/git/.ssh/authorized_keys` so authentication against the container can succeed: `echo "$(cat /home/git/.ssh/id_rsa.pub)" >> /home/git/.ssh/authorized_keys`. +# other keys from users +command="/app/gitea/gitea --config=/data/gitea/conf/app.ini serv key-1",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty <user pubkey> +``` Here is a detailed explanation what is happening when a SSH request is made: -1. A SSH request is made against the host using the `git` user, e.g. `git clone git@domain:user/repo.git`. +1. A SSH request is made against the host (usually port 22) using the `git` user, e.g. `git clone git@domain:user/repo.git`. 2. In `/home/git/.ssh/authorized_keys` , the command executes the `/app/gitea/gitea` script. 3. `/app/gitea/gitea` forwards the SSH request to port 2222 which is mapped to the SSH port (22) of the container. 4. Due to the existence of the public key of the `git` user in `/home/git/.ssh/authorized_keys` the authentication host → container succeeds and the SSH request get forwarded to Gitea running in the docker container. |