More than 1 year has passed since last update.

gitea でsshを使ってみる

Last updated at 2022-09-23Posted at 2022-09-10

gitea ssh問題調査

OS

テスト用なので、デスクトップ版のUbuntu22.04のミニマムインストール。

ベースのインストール

参考にしたサイト１：

初期は、app.iniでSSH がOnになっていない状態

今のところ、ssh は動いていない.

ken@ubuntu22:~$ systemctl status ssh.service
Unit ssh.service could not be found.

接続できないことを確認

PS F:\temp\temp> ssh -T git@ubuntu22.local
ssh: connect to host ubuntu22.local port 22: Connection refused

PS F:\temp\temp> git clone git@ubuntu22.local:ken/test.git
Cloning into 'test'...
ssh: connect to host ubuntu22.local port 22: Connection refused
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
PS F:\temp\temp>

設定を入れてポートをあけた

app.ini

[server]
START_SSH_SERVER: true

sudo ufw allow 22/tcp

起動するとエラーになり、httpもsshにもつながらない。

ken@ubuntu22:~$ sudo systemctl status gitea
● gitea.service - Gitea (Git with a cup of tea)
     Loaded: loaded (/etc/systemd/system/gitea.service; enabled; vendor preset: enabled)
     Active: activating (auto-restart) (Result: exit-code) since Sat 2022-09-10 16:10:30 JST; 1s ago
    Process: 20503 ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini (code=exited, status=1/FAILURE)
   Main PID: 20503 (code=exited, status=1/FAILURE)
        CPU: 490ms

 9月 10 16:10:30 ubuntu22 systemd[1]: gitea.service: Main process exited, code=exited, status=1/FAILURE
 9月 10 16:10:30 ubuntu22 systemd[1]: gitea.service: Failed with result 'exit-code'.

logファイルを出すことにする

https://docs.gitea.io/en-us/logging-configuration/#log-outputs

とりあえず、[log] の MODE を file に変更して確認

2022/09/10 16:05:42 ...s/graceful/server.go:61:NewServer() [I] [631c3746-42] Starting new SSH server: tcp::22 on PID: 18166
2022/09/10 16:05:42 ...s/graceful/server.go:87:ListenAndServe() [E] [631c3746-42] Unable to GetListener: listen tcp :22: bind: permission denied
2022/09/10 16:05:42 .../ssh/ssh_graceful.go:26:listen() [F] [631c3746-42] Failed to start SSH server: listen tcp :22: bind: permission denied

1024以下のサービスポートはRoot以外だとListenできないことを思い出す

参考にしたサイト２：

サービスのユニットファイルは /etc/systemd/system/ にあり、最初のセットアップでダウンロードしてきている。

https://raw.githubusercontent.com/go-gitea/gitea/main/contrib/systemd/gitea.service

AmbientCapabilities=CAP_NET_BIND_SERVICE がコメントアウトされてるのでコメントインして再起動。
エラーが出たので、Daemonをリロード。

ken@ubuntu22:~$ sudo systemctl restart gitea
Warning: The unit file, source configuration file or drop-ins of gitea.service changed on disk. Run 'systemctl daemon-reload' to reload units.
ken@ubuntu22:~$ sudo systemctl daemon-reload
ken@ubuntu22:~$ sudo systemctl restart gitea
ken@ubuntu22:~$ sudo systemctl status gitea
● gitea.service - Gitea (Git with a cup of tea)
     Loaded: loaded (/etc/systemd/system/gitea.service; enabled; vendor preset: enabled)
     Active: active (running) since Sat 2022-09-10 16:21:09 JST; 10s ago
   Main PID: 25686 (gitea)
      Tasks: 8 (limit: 4584)
     Memory: 129.7M
        CPU: 895ms
     CGroup: /system.slice/gitea.service
             └─25686 /usr/local/bin/gitea web --config /etc/gitea/app.ini

9月 10 16:21:09 ubuntu22 systemd[1]: Started Gitea (Git with a cup of tea).
9月 10 16:21:09 ubuntu22 gitea[25686]: 2022/09/10 16:21:09 cmd/web.go:106:runWeb() [I] Starting Gitea on PID: 25686
9月 10 16:21:09 ubuntu22 gitea[25686]: 2022/09/10 16:21:09 cmd/web.go:157:runWeb() [I] Global init
9月 10 16:21:09 ubuntu22 gitea[25686]: 2022/09/10 16:21:09 routers/init.go:104:GlobalInitInstalled() [I] Git Version: 2.34.1, Wire Protocol Version 2 Enabled (home: />
9月 10 16:21:09 ubuntu22 gitea[25686]: 2022/09/10 16:21:09 routers/init.go:107:GlobalInitInstalled() [I] AppPath: /usr/local/bin/gitea
9月 10 16:21:09 ubuntu22 gitea[25686]: 2022/09/10 16:21:09 routers/init.go:108:GlobalInitInstalled() [I] AppWorkPath: /var/lib/gitea
9月 10 16:21:09 ubuntu22 gitea[25686]: 2022/09/10 16:21:09 routers/init.go:109:GlobalInitInstalled() [I] Custom path: /var/lib/gitea/custom
9月 10 16:21:09 ubuntu22 gitea[25686]: 2022/09/10 16:21:09 routers/init.go:110:GlobalInitInstalled() [I] Log path: /var/lib/gitea/log
9月 10 16:21:09 ubuntu22 gitea[25686]: 2022/09/10 16:21:09 routers/init.go:111:GlobalInitInstalled() [I] Configuration file: /etc/gitea/app.ini
9月 10 16:21:09 ubuntu22 gitea[25686]: 2022/09/10 16:21:09 routers/init.go:112:GlobalInitInstalled() [I] Run Mode: Prod

Windows側からのSSH接続テスト, clone, push もうまく行った

PS F:\temp\temp> ssh -T git@ubuntu22.local
The authenticity of host 'ubuntu22.local (fe80::594f:f9be:71eb:8ef4%8)' can't be established.
RSA key fingerprint is SHA256:pcCjLGPEi/jcN77mNnrJOs7BAP0FxMJce5fD8kkNf8o.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'ubuntu22.local,fe80::594f:f9be:71eb:8ef4%8' (RSA) to the list of known hosts.
Hi there, ken! You've successfully authenticated with the key named hoge.moge@example.com, but Gitea does not provide shell access.
If this is unexpected, please log in with password and setup Gitea under another user.

PS F:\temp\temp> git clone git@ubuntu22.local:ken/test.git
Cloning into 'test'...
remote: Enumerating objects: 5, done.
remote: Counting objects: 100% (5/5), done.
remote: Compressing objects: 100% (4/4), done.
remote: Total 5 (delta 0), reused 0 (delta 0), pack-reused 0
Receiving objects: 100% (5/5), done.
PS F:\temp\temp>

参考にしたサイト

助かりました。ありがとうございます。

You get articles that match your needs
You can efficiently read back useful information
You can use dark theme

What you can do with signing up