New settings option for a custom SSH host (#3763) (#446)

* New settings option for a custom SSH host (#3763)

* let default ssh listen addr empty

4 files changed, 10 insertions, 7 deletions

diff --git a/conf/app.ini b/conf/app.ini
index 18ad9c3d21..84cb05b27e 100644
--- a/conf/app.ini
+++ b/conf/app.ini
@@ -103,6 +103,8 @@ DISABLE_SSH = false
 START_SSH_SERVER = false
 ; Domain name to be exposed in clone URL
 SSH_DOMAIN = %(DOMAIN)s
+; Network interface builtin SSH server listens on
+SSH_LISTEN_HOST = 
 ; Port number to be exposed in clone URL
 SSH_PORT = 22
 ; Port number builtin SSH server listens on
diff --git a/modules/setting/setting.go b/modules/setting/setting.go
index d78b22c484..9c00eb7437 100644
--- a/modules/setting/setting.go
+++ b/modules/setting/setting.go
@@ -82,6 +82,7 @@ var (
 		StartBuiltinServer  bool           `ini:"START_SSH_SERVER"`
 		Domain              string         `ini:"SSH_DOMAIN"`
 		Port                int            `ini:"SSH_PORT"`
+		ListenHost          string         `ini:"SSH_LISTEN_HOST"`
 		ListenPort          int            `ini:"SSH_LISTEN_PORT"`
 		RootPath            string         `ini:"SSH_ROOT_PATH"`
 		KeyTestPath         string         `ini:"SSH_KEY_TEST_PATH"`
diff --git a/modules/ssh/ssh.go b/modules/ssh/ssh.go
index b35973cc32..056ef084ef 100644
--- a/modules/ssh/ssh.go
+++ b/modules/ssh/ssh.go
@@ -110,10 +110,10 @@ func handleServerConn(keyID string, chans <-chan ssh.NewChannel) {
 	}
 }
 
-func listen(config *ssh.ServerConfig, port int) {
-	listener, err := net.Listen("tcp", "0.0.0.0:"+com.ToStr(port))
+func listen(config *ssh.ServerConfig, host string, port int) {
+	listener, err := net.Listen("tcp", host+":"+com.ToStr(port))
 	if err != nil {
-		panic(err)
+		log.Fatal(4, "Fail to start SSH server: %v", err)
 	}
 	for {
 		// Once a ServerConfig has been configured, connections can be accepted.
@@ -148,7 +148,7 @@ func listen(config *ssh.ServerConfig, port int) {
 }
 
 // Listen starts a SSH server listens on given port.
-func Listen(port int) {
+func Listen(host string, port int) {
 	config := &ssh.ServerConfig{
 		PublicKeyCallback: func(conn ssh.ConnMetadata, key ssh.PublicKey) (*ssh.Permissions, error) {
 			pkey, err := models.SearchPublicKeyByContent(strings.TrimSpace(string(ssh.MarshalAuthorizedKey(key))))
@@ -185,5 +185,5 @@ func Listen(port int) {
 	}
 	config.AddHostKey(private)
 
-	go listen(config, port)
+	go listen(config, host, port)
 }
diff --git a/routers/init.go b/routers/init.go
index 3d5235d79d..697f33835c 100644
--- a/routers/init.go
+++ b/routers/init.go
@@ -73,7 +73,7 @@ func GlobalInit() {
 	checkRunMode()
 
 	if setting.InstallLock && setting.SSH.StartBuiltinServer {
-		ssh.Listen(setting.SSH.ListenPort)
-		log.Info("SSH server started on :%v", setting.SSH.ListenPort)
+		ssh.Listen(setting.SSH.ListenHost, setting.SSH.ListenPort)
+		log.Info("SSH server started on %s:%v", setting.SSH.ListenHost, setting.SSH.ListenPort)
 	}
 }