I will try to give you a thorough explanation to the ssh configuration and the need for a seperate gitea user.
First of all: The user running gitea, the
app.ini and the ssh user are all the same.
RUN_USER configuration just tells gitea that it should promote this user for its ssh clone urls as users have to connect by this special user to the server.
The only reason for this is that this user has a special ssh configuration in his
This configuration prevents users from accessing any other part on the system besides git related ones from gitea! This is especially important for security!
Because you used your own user instead of a separate one gitea only appended the public key and other vital parts in the
authorized_keys file, which means your manually imported public key is on top. And that’s the problem here.
So what happens if you clone with your user is that the ssh server is granted permission to access the server because of your manually imported key and it doesn’t get to the line written by gitea.
So gitea is left out of the process.
For that reason your path behind the colon doesn’t work as gitea would be responsible for extracting the actual user of the connection and the repository bath.
But you don’t get an alert either as you obviously have established an ssh connection with your server.
The important part here to remember that not the ssh user is used to map the author of a commit but the public key added via gitea and the maintained
Also IMHO it would be insane to create a system user for each gitea user
To come to an end:
MYUSER to access the server normally and create/use a separate user, favorably
git for gitea.
After that you should clean up the
authorized_keys file from the user