SSH does not work in container image (rootless Podman)

pratham · July 28, 2022, 7:08am

Deploying Gitea container with rootless Podman

I am trying to deploy my own git server using Gitea as a containerized software. For container deployment, I am using Podman and running Gitea as a rootless container with PostgreSQL as the database.

OS information:

$ cat /etc/os-release

NAME="Fedora Linux"
VERSION="36 (Server Edition)"
ID=fedora
VERSION_ID=36
VERSION_CODENAME=""
PLATFORM_ID="platform:f36"
PRETTY_NAME="Fedora Linux 36 (Server Edition)"
ANSI_COLOR="0;38;2;60;110;180"
LOGO=fedora-logo-icon
CPE_NAME="cpe:/o:fedoraproject:fedora:36"
HOME_URL="https://fedoraproject.org/"
DOCUMENTATION_URL="https://docs.fedoraproject.org/en-US/fedora/f36/system-administrators-guide/"
SUPPORT_URL="https://ask.fedoraproject.org/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Fedora"
REDHAT_BUGZILLA_PRODUCT_VERSION=36
REDHAT_SUPPORT_PRODUCT="Fedora"
REDHAT_SUPPORT_PRODUCT_VERSION=36
PRIVACY_POLICY_URL="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
VARIANT="Server Edition"
VARIANT_ID=server

podman-compose version:

$ podman-compose --version

['podman', '--version', '']
using podman version: 4.1.1
podman-composer version  1.0.3
podman --version
podman version 4.1.1
exit code: 0

gitea-compose.yml: (excluded other services)

version: 3.7

services:

    reverse-proxy:
        image: caddy:alpine
        container_name: caddy-vishwambhar
        command: caddy run --config /etc/caddy/Caddyfile
        restart: always
        ports:
            - "8080:80"
            - "8443:443"
        volumes:
            - /trayimurti/containers/volumes/caddy/Caddyfile:/etc/caddy/Caddyfile:Z
            - /trayimurti/containers/volumes/caddy/site:/srv:Z
            - /trayimurti/containers/volumes/caddy/caddy_data:/data:Z
            - /trayimurti/containers/volumes/caddy/caddy_config:/config:Z
            - /trayimurti/containers/volumes/caddy/ssl:/etc/ssl:Z
        depends_on:
            - gitea-web
            - thefossguy-blog
            - nextcloud-web
            - thefossguy-mach

    gitea-web:
        image: gitea/gitea:latest
        container_name: gitea-govinda
        restart: always
        ports:
            - "127.0.0.1:8010:3000"
            - "127.0.0.1:8011:22"
#            - "8010:3000"
#            - "8011:2222"
        volumes:
            - /trayimurti/containers/volumes/gitea/web:/data:Z
            - /trayimurti/containers/volumes/gitea/ssh:/data/git/.ssh:Z
#            - /trayimurti/containers/volumes/gitea/web/data:/var/lib/gitea:Z
#            - /trayimurti/containers/volumes/gitea/web/config:/etc/gitea:Z
            - /etc/localtime:/etc/localtime:ro
        environment:
            - SSH_PORT=22
            - SSH_LISTEN_PORT=22
            - ROOT_URL=https://git.thefossguy.com
            - DOMAIN=git.thefossguy.com
            - SSH_DOMAIN=git.thefossguy.com
            - GITEA__database__DB_TYPE=postgres
            - GITEA__database__HOST=gitea-db:5432
            - GITEA__database__NAME=gitea
            - GITEA__database__USER=gitea
            - GITEA__database__PASSWD=/run/secrets/gitea_database_user_password
            - TZ=Asia/Kolkata
        depends_on:
            - gitea-db
        secrets:
            - gitea_database_user_password

    gitea-db:
        image: postgres:alpine
        container_name: gitea-chitragupta
        restart: always
        volumes:
            - /trayimurti/containers/volumes/gitea/database:/var/lib/postgresql/data:Z
        environment:
            - POSTGRES_USER=gitea
            - POSTGRES_PASSWORD=/run/secrets/gitea_database_user_password
            - POSTGRES_DB=gitea
            - TZ=Asia/Kolkata
        secrets:
            - gitea_database_user_password

secrets:
    gitea_database_user_password:
        external: true

Open ports:

$ sudo firewall-cmd --list-ports

1313/tcp 8010/tcp 8011/tcp 8020/tcp 8030/tcp 8040/tcp 8050/tcp 8051/tcp 8052/tcp 8060/tcp 8061/tcp 8080/tcp 8443/tcp

File system:

$ tree -d /trayimurti/containers/volumes/gitea

/trayimurti/containers/volumes/gitea
├── database  [error opening dir]
├── ssh
└── web
    ├── git
    │   ├── lfs
    │   └── repositories
    │       └── shivohamx3
    │           └── test.git
    │               ├── branches
    │               ├── hooks
    │               │   ├── post-receive.d
    │               │   ├── pre-receive.d
    │               │   ├── proc-receive.d
    │               │   └── update.d
    │               ├── info
    │               ├── objects
    │               │   ├── 57
    │               │   ├── cb
    │               │   ├── e3
    │               │   ├── info
    │               │   └── pack
    │               └── refs
    │                   ├── heads
    │                   └── tags
    ├── gitea
    │   ├── attachments
    │   ├── avatars
    │   ├── conf
    │   ├── home
    │   ├── indexers  [error opening dir]
    │   ├── jwt
    │   ├── log
    │   ├── packages
    │   ├── queues
    │   │   └── common
    │   ├── repo-archive
    │   ├── repo-avatars
    │   ├── sessions  [error opening dir]
    │   └── tmp
    │       └── package-upload
    └── ssh

41 directories

Container logs:

$ podman logs gitea-govinda

Generating /data/ssh/ssh_host_ed25519_key...
Generating /data/ssh/ssh_host_rsa_key...
Generating /data/ssh/ssh_host_dsa_key...
Generating /data/ssh/ssh_host_ecdsa_key...
Server listening on :: port 22.
Server listening on 0.0.0.0 port 22.
2022/07/27 22:03:15 cmd/web.go:106:runWeb() [I] Starting Gitea on PID: 12
2022/07/27 22:03:15 ...s/install/setting.go:21:PreloadSettings() [I] AppPath: /usr/local/bin/gitea
2022/07/27 22:03:15 ...s/install/setting.go:22:PreloadSettings() [I] AppWorkPath: /app/gitea
2022/07/27 22:03:15 ...s/install/setting.go:23:PreloadSettings() [I] Custom path: /data/gitea
2022/07/27 22:03:15 ...s/install/setting.go:24:PreloadSettings() [I] Log path: /data/gitea/log
2022/07/27 22:03:15 ...s/install/setting.go:25:PreloadSettings() [I] Configuration file: /data/gitea/conf/app.ini
2022/07/27 22:03:15 ...s/install/setting.go:26:PreloadSettings() [I] Prepare to run install page
2022/07/27 22:03:15 ...s/install/setting.go:29:PreloadSettings() [I] SQLite3 is supported
2022/07/27 22:03:16 cmd/web.go:217:listen() [I] [62e168cc] Listen: http://0.0.0.0:3000
2022/07/27 22:03:16 cmd/web.go:221:listen() [I] [62e168cc] AppURL(ROOT_URL): https://git.thefossguy.com/
2022/07/27 22:03:16 ...s/graceful/server.go:61:NewServer() [I] [62e168cc] Starting new Web server: tcp:0.0.0.0:3000 on PID: 12
Received signal 15; terminating.
2022/07/27 22:14:19 ...eful/manager_unix.go:150:handleSignals() [W] [62e168cb] PID 12. Received SIGTERM. Shutting down...
2022/07/27 22:14:19 cmd/web.go:270:listen() [I] [62e168cc] HTTP Listener: 0.0.0.0:3000 Closed
2022/07/27 22:14:19 .../graceful/manager.go:205:doHammerTime() [W] Setting Hammer condition
2022/07/27 22:14:19 ...eful/manager_unix.go:150:handleSignals() [W] PID 12. Received SIGTERM. Shutting down...
2022/07/27 22:14:19 ...eful/server_hooks.go:47:doShutdown() [I] [62e168cc] PID: 12 Listener ([::]:3000) closed.
2022/07/27 22:14:20 .../graceful/manager.go:224:doTerminate() [W] Terminating
2022/07/27 22:14:20 ...eful/manager_unix.go:158:handleSignals() [W] PID: 12. Background context for manager closed - context canceled - Shutting down...
2022/07/27 22:14:20 cmd/web.go:138:runWeb() [I] PID: 12 Gitea Web Finished
Server listening on :: port 22.
Server listening on 0.0.0.0 port 22.
2022/07/27 22:17:32 cmd/web.go:106:runWeb() [I] Starting Gitea on PID: 12
2022/07/27 22:17:32 ...s/install/setting.go:21:PreloadSettings() [I] AppPath: /usr/local/bin/gitea
2022/07/27 22:17:32 ...s/install/setting.go:22:PreloadSettings() [I] AppWorkPath: /app/gitea
2022/07/27 22:17:32 ...s/install/setting.go:23:PreloadSettings() [I] Custom path: /data/gitea
2022/07/27 22:17:32 ...s/install/setting.go:24:PreloadSettings() [I] Log path: /data/gitea/log
2022/07/27 22:17:32 ...s/install/setting.go:25:PreloadSettings() [I] Configuration file: /data/gitea/conf/app.ini
2022/07/27 22:17:32 ...s/install/setting.go:26:PreloadSettings() [I] Prepare to run install page
2022/07/27 22:17:32 ...s/install/setting.go:29:PreloadSettings() [I] SQLite3 is supported
2022/07/27 22:17:34 cmd/web.go:217:listen() [I] [62e16c26] Listen: http://0.0.0.0:3000
2022/07/27 22:17:34 cmd/web.go:221:listen() [I] [62e16c26] AppURL(ROOT_URL): https://git.thefossguy.com/
2022/07/27 22:17:34 ...s/graceful/server.go:61:NewServer() [I] [62e16c26] Starting new Web server: tcp:0.0.0.0:3000 on PID: 12
2022/07/28 09:08:52 ...eb/routing/logger.go:99:func1() [I] [62e204cc] router: completed GET / for 10.89.0.3:0, 200 OK in 30.1ms @ install/install.go:90(install.Install)
2022/07/28 09:08:52 ...eb/routing/logger.go:99:func1() [I] [62e204cc-2] router: completed GET /assets/css/index.css?v=9ab833a031df67b5e031baa9ba951d16 for 10.89.0.3:0, 200 OK in 2.
3ms @ public/public.go:42(InstallAssetsHandler)
2022/07/28 09:08:52 ...eb/routing/logger.go:99:func1() [I] [62e204cc-3] router: completed GET /assets/css/theme-auto.css?v=9ab833a031df67b5e031baa9ba951d16 for 10.89.0.3:0, 200 OK
in 0.4ms @ public/public.go:42(InstallAssetsHandler)
2022/07/28 09:08:52 ...eb/routing/logger.go:99:func1() [I] [62e204cc-4] router: completed GET /assets/img/loading.png for 10.89.0.3:0, 200 OK in 0.5ms @ public/public.go:42(Install
AssetsHandler)
2022/07/28 09:08:52 ...eb/routing/logger.go:99:func1() [I] [62e204cc-5] router: completed GET /assets/js/index.js?v=9ab833a031df67b5e031baa9ba951d16 for 10.89.0.3:0, 200 OK in 1.6m
s @ public/public.go:42(InstallAssetsHandler)
2022/07/28 09:08:53 ...eb/routing/logger.go:99:func1() [I] [62e204cd] router: completed GET /assets/img/favicon.svg for 10.89.0.3:0, 200 OK in 0.2ms @ public/public.go:42(InstallAs
setsHandler)
2022/07/28 09:10:01 ...c/net/http/server.go:2084:ServeHTTP() [I] [62e20511] PING DATABASE postgres
2022/07/28 09:10:05 ...eb/routing/logger.go:68:func1() [W] [62e16c25] router: slow      POST / for 10.89.0.3:0, elapsed 3973.6ms @ install/install.go:229(install.SubmitInstall)
2022/07/28 09:10:06 ...s/install/install.go:486:SubmitInstall() [I] [62e20511] Save settings to custom config file /data/gitea/conf/app.ini
2022/07/28 09:10:06 routers/common/db.go:20:InitDBEngine() [I] [62e20511] Beginning ORM engine initialization.
2022/07/28 09:10:06 routers/common/db.go:27:InitDBEngine() [I] [62e20511] ORM engine initialization attempt #1/10...
2022/07/28 09:10:06 .../web/wrap_convert.go:47:func3() [I] [62e20511] PING DATABASE postgres
2022/07/28 09:10:06 ...s/install/install.go:502:SubmitInstall() [W] [62e20511] Table user Column max_repo_creation db default is '-1', struct default is -1
2022/07/28 09:10:09 ...s/install/setting.go:45:reloadSettings() [I] [62e20511] ORM engine initialization successful!
2022/07/28 09:10:10 ...s/install/install.go:551:SubmitInstall() [I] [62e20511] First-time run install finished!
2022/07/28 09:10:10 ...eb/routing/logger.go:99:func1() [I] [62e20511] router: completed POST / for 10.89.0.3:0, 200 OK in 9091.2ms @ install/install.go:229(install.SubmitInstall)
2022/07/28 09:10:10 cmd/web.go:270:listen() [I] [62e16c26] HTTP Listener: 0.0.0.0:3000 Closed
2022/07/28 09:10:10 cmd/web.go:157:runWeb() [I] Global init
2022/07/28 09:10:10 routers/init.go:104:GlobalInitInstalled() [I] Git Version: 2.36.2, Wire Protocol Version 2 Enabled (home: /data/gitea/home)
2022/07/28 09:10:10 routers/init.go:107:GlobalInitInstalled() [I] AppPath: /usr/local/bin/gitea
2022/07/28 09:10:10 routers/init.go:108:GlobalInitInstalled() [I] AppWorkPath: /app/gitea
2022/07/28 09:10:10 routers/init.go:109:GlobalInitInstalled() [I] Custom path: /data/gitea
2022/07/28 09:10:10 routers/init.go:110:GlobalInitInstalled() [I] Log path: /data/gitea/log
2022/07/28 09:10:10 routers/init.go:111:GlobalInitInstalled() [I] Configuration file: /data/gitea/conf/app.ini
2022/07/28 09:10:10 routers/init.go:112:GlobalInitInstalled() [I] Run Mode: Prod
2022/07/28 09:10:10 ...dules/setting/log.go:288:newLogService() [I] Gitea v1.17.0+rc2 built with GNU Make 4.3, go1.18.4 : bindata, timetzdata, sqlite, sqlite_unlock_notify
2022/07/28 09:10:10 ...dules/setting/log.go:335:newLogService() [I] Gitea Log Mode: Console(Console:info)
2022/07/28 09:10:10 ...dules/setting/log.go:249:generateNamedLogger() [I] Router Log: Console(console:info)
2022/07/28 09:10:10 ...les/setting/cache.go:76:newCacheService() [I] Cache Service Enabled
2022/07/28 09:10:10 ...les/setting/cache.go:91:newCacheService() [I] Last Commit Cache Service Enabled
2022/07/28 09:10:10 ...s/setting/session.go:73:newSessionService() [I] Session Service Enabled
2022/07/28 09:10:10 ...s/storage/storage.go:176:initAttachments() [I] Initialising Attachment storage with type:
2022/07/28 09:10:10 ...les/storage/local.go:46:NewLocalStorage() [I] Creating new Local Storage at /data/gitea/attachments
2022/07/28 09:10:10 ...s/storage/storage.go:170:initAvatars() [I] Initialising Avatar storage with type:
2022/07/28 09:10:10 ...les/storage/local.go:46:NewLocalStorage() [I] Creating new Local Storage at /data/gitea/avatars
2022/07/28 09:10:10 ...s/storage/storage.go:188:initRepoAvatars() [I] Initialising Repository Avatar storage with type:
2022/07/28 09:10:10 ...les/storage/local.go:46:NewLocalStorage() [I] Creating new Local Storage at /data/gitea/repo-avatars
2022/07/28 09:10:10 ...s/storage/storage.go:182:initLFS() [I] Initialising LFS storage with type:
2022/07/28 09:10:10 ...les/storage/local.go:46:NewLocalStorage() [I] Creating new Local Storage at /data/git/lfs
2022/07/28 09:10:10 ...s/storage/storage.go:194:initRepoArchives() [I] Initialising Repository Archive storage with type:
2022/07/28 09:10:10 ...les/storage/local.go:46:NewLocalStorage() [I] Creating new Local Storage at /data/gitea/repo-archive
2022/07/28 09:10:10 ...s/storage/storage.go:200:initPackages() [I] Initialising Packages storage with type:
2022/07/28 09:10:10 ...les/storage/local.go:46:NewLocalStorage() [I] Creating new Local Storage at /data/gitea/packages
2022/07/28 09:10:10 routers/init.go:130:GlobalInitInstalled() [I] SQLite3 support is enabled
2022/07/28 09:10:10 routers/common/db.go:20:InitDBEngine() [I] Beginning ORM engine initialization.
2022/07/28 09:10:10 routers/common/db.go:27:InitDBEngine() [I] ORM engine initialization attempt #1/10...
2022/07/28 09:10:10 cmd/web.go:160:runWeb() [I] PING DATABASE postgres
2022/07/28 09:10:11 routers/init.go:135:GlobalInitInstalled() [W] Table user Column max_repo_creation db default is '-1', struct default is -1
2022/07/28 09:10:14 routers/init.go:136:GlobalInitInstalled() [I] ORM engine initialization successful!
2022/07/28 09:10:20 ...er/issues/indexer.go:174:func2() [I] [62e20524-3] PID 12: Initializing Issue Indexer: bleve
2022/07/28 09:10:20 ...xer/stats/indexer.go:39:populateRepoIndexer() [I] Populating the repo stats indexer with existing repositories
2022/07/28 09:10:20 ...er/issues/indexer.go:270:func3() [I] [62e20524-3] Issue Indexer Initialization took 11.303915ms
2022/07/28 09:10:20 routers/init.go:83:syncAppPathForGit() [I] AppPath changed from '' to '/usr/local/bin/gitea'
2022/07/28 09:10:20 routers/init.go:85:syncAppPathForGit() [I] re-sync repository hooks ...
2022/07/28 09:10:20 routers/init.go:88:syncAppPathForGit() [I] re-write ssh public keys ...
2022/07/28 09:10:21 cmd/web.go:217:listen() [I] [62e20525] Listen: http://0.0.0.0:3000
2022/07/28 09:10:21 cmd/web.go:221:listen() [I] [62e20525] AppURL(ROOT_URL): https://git.thefossguy.com/
2022/07/28 09:10:21 cmd/web.go:224:listen() [I] [62e20525] LFS server enabled
2022/07/28 09:10:21 ...s/graceful/server.go:61:NewServer() [I] [62e20525] Starting new Web server: tcp:0.0.0.0:3000 on PID: 12
2022/07/28 09:10:21 [62e20525-2] router: completed GET /user/login for 10.89.0.3:0, 303 See Other in 19.0ms @ auth/auth.go:149(auth.SignIn)
2022/07/28 09:10:21 [62e20525-3] router: completed GET / for 10.89.0.3:0, 200 OK in 60.7ms @ web/home.go:26(web.Home)
2022/07/28 09:10:22 [62e20526] router: completed GET /avatar/5ab808841681d9c8e3c93fbc7e135b66?size=84 for 10.89.0.3:0, 303 See Other in 153.3ms @ user/avatar.go:45(user.AvatarByEma
ilHash)
2022/07/28 09:10:22 [62e20526-2] router: completed GET /avatar/5ab808841681d9c8e3c93fbc7e135b66?size=72 for 10.89.0.3:0, 303 See Other in 6.3ms @ user/avatar.go:45(user.AvatarByEma
ilHash)
2022/07/28 09:10:22 [62e20526-3] router: completed GET /assets/img/logo.svg for 10.89.0.3:0, 200 OK in 0.3ms @ public/public.go:42(AssetsHandler)
2022/07/28 09:10:22 [62e20526-4] router: completed GET / for 10.89.0.3:0, 200 OK in 29.4ms @ web/home.go:26(web.Home)
2022/07/28 09:10:22 [62e20526-6] router: completed GET /assets/img/logo.svg for 10.89.0.3:0, 304 Not Modified in 0.3ms @ public/public.go:42(AssetsHandler)
2022/07/28 09:10:22 [62e20526-5] router: completed GET /avatar/5ab808841681d9c8e3c93fbc7e135b66?size=84 for 10.89.0.3:0, 303 See Other in 13.0ms @ user/avatar.go:45(user.AvatarByEm
ailHash)
2022/07/28 09:10:22 [62e20526-7] router: completed GET /avatar/5ab808841681d9c8e3c93fbc7e135b66?size=72 for 10.89.0.3:0, 303 See Other in 15.8ms @ user/avatar.go:45(user.AvatarByEm
ailHash)
2022/07/28 09:10:22 [62e20526-8] router: completed GET /repo/search?count_only=1&uid=1&team_id=0&q=&page=1&mode= for 10.89.0.3:0, 0  in 30.5ms @ repo/repo.go:511(repo.SearchRepo)
2022/07/28 09:10:23 [62e20527-2] router: completed GET /assets/js/eventsource.sharedworker.js for 10.89.0.3:0, 200 OK in 0.3ms @ public/public.go:42(AssetsHandler)
2022/07/28 09:10:23 [62e20527] router: completed GET /repo/search?sort=updated&order=desc&uid=1&team_id=0&q=&page=1&limit=15&mode=&archived=false for 10.89.0.3:0, 200 OK in 24.1ms
@ repo/repo.go:511(repo.SearchRepo)
2022/07/28 09:10:26 [62e2052a] router: completed GET /admin for 10.89.0.3:0, 200 OK in 164.1ms @ admin/admin.go:126(admin.Dashboard)
2022/07/28 09:10:27 [62e2052b] router: completed GET /avatar/5ab808841681d9c8e3c93fbc7e135b66?size=72 for 10.89.0.3:0, 303 See Other in 5.6ms @ user/avatar.go:45(user.AvatarByEmail
Hash)
2022/07/28 09:10:27 [62e20524-24] router: polling   GET /user/events for 10.89.0.3:0, elapsed 3958.6ms @ events/events.go:19(events.Events)
2022/07/28 09:10:29 [62e2052d] router: completed GET /admin/config for 10.89.0.3:0, 200 OK in 18.1ms @ admin/admin.go:238(admin.Config)
2022/07/28 09:10:30 [62e2052e] router: completed GET /avatar/5ab808841681d9c8e3c93fbc7e135b66?size=72 for 10.89.0.3:0, 303 See Other in 6.0ms @ user/avatar.go:45(user.AvatarByEmail
Hash)
2022/07/28 09:10:31 [62e20524-24] router: polling   GET /user/events for 10.89.0.3:0, elapsed 3921.8ms @ events/events.go:19(events.Events)
2022/07/28 09:10:34 [62e20524-24] router: polling   GET /user/events for 10.89.0.3:0, elapsed 3861.1ms @ events/events.go:19(events.Events)
2022/07/28 09:10:53 [62e20527-3] router: completed GET /user/events for 10.89.0.3:0, 200 OK in 30290.4ms @ events/events.go:19(events.Events)
2022/07/28 09:10:57 [62e2052b-2] router: completed GET /user/events for 10.89.0.3:0, 200 OK in 30100.1ms @ events/events.go:19(events.Events)
2022/07/28 09:13:00 [62e2052e-2] router: completed GET /user/events for 10.89.0.3:0, 200 OK in 150080.4ms @ events/events.go:19(events.Events)

I have added my public SSH key in Gitea and I have a repository named ‘test’ with an empty README.md in the master branch. When I try to pull it using ssh, I get that the port 22 is disabled. But it is not.

I forgot to mention, but I am using Caddy Server for reverse proxy and easy SSL certificate generation. Below is my Caddyfile (config for Caddy Server):

git.thefossguy.com {
        tls /etc/ssl/certs/certificate.pem /etc/ssl/private/key.pem
        reverse_proxy gitea-govinda:3000
}

git.thefossguy.com:22 {
        tls /etc/ssl/certs/certificate.pem /etc/ssl/private/key.pem
        reverse_proxy gitea-govinda:22
}

On my router, I have opened ports 80, 443 and 22. They all are forwarded to internal IP 10.0.0.19

internet:80 → 10.0.0.19:8008 (Podman maps this host port to Caddy container’s internal port 80)
internet:443 → 10.0.0.19:8443 (Podman maps this host port to Caddy container’s internal port 443)
internet:22 → 10.0.0.19:8011 (Podman maps this host port to Gitea container’s internal port 22)

When I clone a repo with ssh, below is the output:

$ git clone git@git.thefossguy.com:shivohamx3/test.git

Cloning into 'test'...
ssh: connect to host git.thefossguy.com port 22: Network is unreachable
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

The web GUI shows that the built in SSH Server is disabled.

My setup is vastly different from an average setup…

Using ARMv8 instead of AMD64
Using Fedora Server instead of Debian/Ubuntu/RHEL
Using rootless Podman instead of Docker

I tried using the latest-rootless tag initially, but the I had a few issues during the initial setup (I apologize, for I do not remember said issues). I tried the latest tag and everything except for the SSH server seems to be working for me.

If there is any more information required, do let me know.

mra · July 28, 2022, 6:10pm

From the looks of it you’re not exposing port 22 at any point. The fix might be as easy as including
- "22:22" in the ports: list in docker-compose.yml, you may also need to update the firewall, as I don’t see port 22 in there either. I’m a little confused by the exact error Network is unreachable but that could be the firewall at play. Hopefully this helps.

pratham · July 29, 2022, 3:13am

Hello @mra, thanks for replying.

I am exposing port 22 of the Gitea container as port 8011

pratham:

gitea-web:
        image: gitea/gitea:latest
        container_name: gitea-govinda
        restart: always
        ports:
            - "127.0.0.1:8010:3000"
            - "127.0.0.1:8011:22"

My router forwards external port 22 to the port 8011 on my host (where Gitea is listening for SSH connections).

pratham · July 29, 2022, 6:53am

I can login (sort of) using SSH using the port 8011… So I don’t know what is going wrong here.

$ ssh git@localhost -p 8011 -i ~/.ssh/gitea
PTY allocation request failed on channel 0
Hi there, shivohamx3! You've successfully authenticated with the key named pratham@bluefeds, but Gitea does not provide shell access.
If this is unexpected, please log in with password and setup Gitea under another user.
Connection to localhost closed.

pratham · July 30, 2022, 4:34pm

Solved

Cloudflare, my domain resolver, was proxying all the connections. The good thing abobut this is that my IP is masked and cloudflare also reduces traffic + prevents DDOS attacks.

The bad thing is that when I do ssh git@git.thefossguy.com, Cloudflare does not use port 22 for proxying connections.

The solution is to edit my ~/.ssh/config file as follows:

Host git.thefossguy.com
        Hostname <MY-REAL-IP-ADDRESS-HERE>
        User git
        IdentityFile ~/.ssh/gitea
        Port 22

Topic		Replies	Views
SSH pass through container on Fedora 30 Install/Maintain/Configure	2	534	December 20, 2019
Docker ssh passthrough fails General	0	571	February 10, 2023
Cannot do any ssh operation on docker Install/Maintain/Configure	0	1281	October 10, 2019
SSH connection refused Install/Maintain/Configure	3	2970	June 20, 2023
Docker SSH keys Install/Maintain/Configure	1	946	May 22, 2023

SSH does not work in container image (rootless Podman)

Deploying Gitea container with rootless Podman

Solved

Related Topics