Failed to start SSH server: listen tcp :22: bind: permission denied

Hi,

I’m trying to get a Gitea instance working inside an Ubuntu 18.04 VM, running as guest in VMWare Player. My host machine is Windows 10.

The issue is that I’m unable to SSH from my host machine:

ssh -T -v git@10.100.10.18
OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5
debug1: Connecting to 10.100.10.18 [10.100.10.18] port 22.
debug1: connect to address 10.100.10.18 port 22: Connection refused
ssh: connect to host 10.100.10.18 port 22: Connection refused

The gitea log file indicates that the SSL server is being denied permission to bind to port 22:

SSH server started on :22. Cipher list ([aes128-ctr aes192-ctr aes256-ctr aes128-gcm@openssh.com arcfour256 arcfour128]), key exchange algorithms ([diffie-hellman-group1-sha1 diffie-hellman-group14-sha1 ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 curve25519-sha256@libssh.org]), MACs ([hmac-sha2-256-etm@openssh.com hmac-sha2-256 hmac-sha1 hmac-sha1-96])
2019/05/29 14:13:32 [...a/modules/ssh/ssh.go:119 listen()] [E] Failed to start SSH server: listen tcp :22: bind: permission denied

I have followed the tutorial as closely as possible, although I did end up deviating slightly from the suggested supervisor configuration file. It looks to me like this file is expecting paths which were never created in previous steps:

directory=/home/git/go/src/github.com/go-gitea/gitea/
command=/home/git/go/src/github.com/go-gitea/gitea/gitea web

Specifically: the gitea binary was moved to a global location previously in the tutorial, and I don’t think the source-code was ever installed using the binary-install instructions. Anyway, I believe this is not relevant to my issue, just mentioning for completeness.

Other things I should mention:

  • Using Gitea 1.7.0
  • All configuration points to ‘git’ user
  • I have added ‘git’ to sudoers, does not fix my issue

Googling around, it seems that it’s normal for a non-root user to be unable to bind to port 22. The instructions for allowing a user to bind to port 22 seem quite complex and it feels like that may be the wrong answer.

So, to put it simply: what is the recommended method to allow Gitea to listen on port 22? (or any other SSL port)?

Is the standard approach to use a different SSL socket to avoid this issue?

Ok, I ended up using an alternative SSL port instead of 22.

This lead to some minor issues in GitExtensions which is a bit finicky about non-standard SSL ports; the Connection Test function suggests that it’s not configured correctly, apparently because the test-remote-connection function ignores the port settings. However, if you just ignore this message, the actual git functions work correctly.

Anyway, at least everything is working now.

I don’t think it’s a good idea to use a port other than 22 for Gitea, citing your concerns above.

I use non-standard ports for running OpenSSH as a matter of course. I believe it is the most prudent thing to do and so do most sysadmins. you can change your port number in /etc/ssh/sshd_config and restart your sshd daemon. After that it will listen on that port.

The only issue I’ve ever seen is that now you’ve broken the ability to simply ‘ssh-copy-id’, which is no big deal, you only generally place your public key on a server once anyway, so if that’s the method you use then do the ssh-copy-id first and then change your port numbers.

Now that you’ve done that, I think the information in my post here will explain “most” of everything that you were trying to do, with explanations as to how: https://bit.ly/2G2JElW

I hope that helps :slight_smile:
.

As a remark: On Unix systems IP ports up to and including 1023 are privileged ports and only privileged users like root can bind to them.