Skip to content

(Docker) Fix SSH not working in Gitea or Forgejo

Links if this tutorial is outdated: * Github issue * Digital Ocean // archive * Gitea docs, specifically SSH shimming, should be roughly the same as digital ocean but it's going to be more technical and harder to understand

Your docker-compose.yml file and volumes should be in a seperate folder from the git user. I like to make them in /usr/local/forgejo for example

Your default SSH port should be 22 and that should be used by the VPS itself for you to log in etc.

In docker-compose.yml, set it to 222:22 or 2222:22. I will use 2222:22 (only change the left port, you can change it to whatever you want)

1. Create the git user

FOLLOW THE DIGITAL OCEAN GUIDE, THIS IS A SUMMARIZED VERSION OF IT AND I MAY HAVE MISSED SOMETHING

I assume you haven't created a git user:

sudo adduser --system --shell /bin/bash --gecos 'Git Version Control' --group --disabled-password --home /home/git git

You should get a GID and a UID (if you missed them type id git), replace them in docker-compose.yml.

2. SSH Shim

sudo -u git ssh-keygen -t rsa -b 4096 -C "Gitea Host Key"

Will generate an ssh key for the user git

DO NOT SET A PASSWORD

sudo -u git cat /home/git/.ssh/id_rsa.pub | sudo -u git tee -a /home/git/.ssh/authorized_keys

sudo -u git chmod 600 /home/git/.ssh/authorized_keys

Creating the SSH Shim Script¶

Paste them line by line

cat <<"EOF" | sudo tee /usr/local/bin/gitea
#!/bin/sh
ssh -p 2222 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"
EOF

The port I used in docker-compose was 2222, if you chose something else - change it here

sudo chmod +x /usr/local/bin/gitea

docker compose down

docker compose up -d

You should have a folder called forgejo, gitea, data or whatever where the docker-compose volume is pointing to

    volumes:
      - ./forgejo:/data

Create a second volume below it as follows: 

    volumes:
      - ./forgejo:/data
      - /home/git/.ssh/:/data/git/.ssh
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro

home/git/.ssh/:/data/git/.ssh corresponds with the git user's ssh folder

Again

docker compose down

docker compose up -d

3. One final thing that I'm not entirely sure is needed but I did it regardless

In my ./forgejo folder > forgejo/git/.ssh/authorized_keys, use nano and add your git user's public ssh key

How to obtain it:

cat /home/git/.ssh/id_rsa.pub

Copy it and paste it above all other SSH keys if you have any (copy the entire thing - including ssh-rsa at the beginning and Gitea Host Key at the end) and paste it as is without add command etc

In forgejo/gitea/conf/app.ini change the SSH ports to whichever ones you picked in my case 2222, these settings should be under [server]

[server]
DISABLE_SSH = false
SSH_PORT = 2222
SSH_LISTEN_PORT = 2222

Again

docker compose down

docker compose up -d

Using your admin account, navigate to Site Administration > Monitoring > Cron Tasks and finally Update the .ssh/authorized_keys file with Forgejo SSH keys.

ssh://git@git.yourSite.com:2222/username/gitRepository.git

and it should have automagically added 2222 if it hasn't youve done goofed. Follow the links above and bear in mind i could have missed something I did that was in those links!

Last update: December 27, 2023