Trouble trying to clone repo with SSH

Hi all and thank you for any advice i will be getting!

i was setting up gitea on my qnap NAS via this tutorial:

after setting up a user account and repo, i tried to clone and got this:

$ git clone git@localhost:drjstudios/Samsara_UE.git
Cloning into 'Samsara_UE'...
ssh: connect to host localhost port 22: Connection refused
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

i have set up the SSH key and verified it in gitea.

and my server config settings are as follows:

also when running

ssh localhost -vvv

i get this:

$ ssh localhost -vvv
OpenSSH_9.1p1, OpenSSL 1.1.1s  1 Nov 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/c/Users/user/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/c/Users/user/.ssh/known_hosts2'
debug2: resolving "localhost" port 22
debug3: resolve_host: lookup localhost:22
debug3: ssh_connect_direct: entering
debug1: Connecting to localhost [::1] port 22.
debug3: set_sock_tos: set socket 4 IPV6_TCLASS 0x48
debug1: connect to address ::1 port 22: Connection refused
debug1: Connecting to localhost [127.0.0.1] port 22.
debug3: set_sock_tos: set socket 4 IP_TOS 0x48
debug1: connect to address 127.0.0.1 port 22: Connection refused
ssh: connect to host localhost port 22: Connection refused

I had turned off my firewall when doing this if that helps.

i will any instructions explained to me as someone completely new as i am not familiar with where i should be running commands (esp on the NAS, on my windows machine i have limited experience using cmd and git bash). any help would be great, thanks!

The linked tutorial sets up SSH server at port 222 instead of default 22, which explains the “Connection refused” errors you are receiving. They simply mean that there is no application/server listening on port 22. You should currently be able to clone with command git clone ssh://git@localhost:222/drjstudios/Samsara_UE.git.

Since you do not have qnap’s SSH server enabled, it is pretty straight forward to fix this issue. You can simply change Docker configuration to put Gitea’s SSH server at 22 instead of 222, like so:

...
    volumes:
      - /share/docker-data/gitea-server:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "3000:3000"
      - "22:22" # I changed from 222:22 to 22:22
...

You will have to restart container after making this change.

Note it will become more difficult if you want to enable qnap’s SSH server later and have them both run at port 22. You will have to follow SSH Container Passthrough guide. Alternatively, you could run qnap’s SSH server at port 222 instead.

thanks jake for the reply!

i first tried your suggestion for changing the Docker configuration via editing the application as shown and then the gitea app could no longer start:

then i wiped everything and installed gitea again, then tried to clone again with your command and this happened:

$ git clone ssh://git@localhost:222/ROOT/Samsara_UE.git
Cloning into 'Samsara_UE'...
ssh: connect to host localhost port 222: Connection refused
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

and checking the localhost again gives me this:

$ ssh localhost -vvv
OpenSSH_9.1p1, OpenSSL 1.1.1s  1 Nov 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/c/Users/user/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/c/Users/user/.ssh/known_hosts2'
debug2: resolving "localhost" port 22
debug3: resolve_host: lookup localhost:22
debug3: ssh_connect_direct: entering
debug1: Connecting to localhost [::1] port 22.
debug3: set_sock_tos: set socket 4 IPV6_TCLASS 0x48
debug1: connect to address ::1 port 22: Connection refused
debug1: Connecting to localhost [127.0.0.1] port 22.
debug3: set_sock_tos: set socket 4 IP_TOS 0x48
debug1: connect to address 127.0.0.1 port 22: Connection refused
ssh: connect to host localhost port 22: Connection refused

finally if i tried to check for ssh://git@localhost:222:

$ ssh ssh://git@localhost:222 -vvv
OpenSSH_9.1p1, OpenSSL 1.1.1s  1 Nov 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/c/Users/user/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/c/Users/user/.ssh/known_hosts2'
debug2: resolving "localhost" port 222
debug3: resolve_host: lookup localhost:222
debug3: ssh_connect_direct: entering
debug1: Connecting to localhost [::1] port 222.
debug3: set_sock_tos: set socket 4 IPV6_TCLASS 0x48
debug1: connect to address ::1 port 222: Connection refused
debug1: Connecting to localhost [127.0.0.1] port 222.
debug3: set_sock_tos: set socket 4 IP_TOS 0x48
debug1: connect to address 127.0.0.1 port 222: Connection refused
ssh: connect to host localhost port 222: Connection refused


Ah, I think I see the problem now. I had assumed you were running the git clone command on the computer that is running Gitea, but I think you are cloning from a separate computer. Since Gitea failed to run after changing port mapping, I think qnap’s SSH server is enabled so there are a few options:

  • You can just clone/pull/push with HTTP
  • You can just clone/pull/push with SSH on port 222 like git clone ssh://git@[insert qnap computer's IP]:222/drjstudios/Samsara_UE.git.
  • You can setup SSH Container Passthrough as linked above
  • You can change qnap’s SSH port to something other than 22, and move Gitea’s SSH to port 22

Localhost/ 127.x.x.x IPs all refer to the local computer, so localhost on my machine will go to my machine, localhost on your machine goes to your machine. You will have to substitute it for the IP address of your qnap system, so for example git clone ssh://git@192.168.1.208:222/drjstudios/Samsara_UE.git (you will have to find IP from qnap, probably on some network page).

  • You can just clone/pull/push with SSH on port 222 like git clone ssh://git@[insert qnap computer's IP]:222/drjstudios/Samsara_UE.git.

this worked, thank you so much jake!

yes i did not mention that i was in fact trying to clone from another computer and using the qnap only as a git server. sorry about that!

going forward perhaps doing the passthrough will be the best course of action but i guess i can leave that for another time. Thank you again!

sorry to bump this thread again but recently i had replaced my laptop SSD and needed to reinstall windows and now can no longer clone my repo from my gitea NAS server. I had generated new SSH keys and updated the info in the relevant gitea account.

when i check in the agent it appears to recognize the SSH key:

drjst@DrJ MINGW64 /d/Workspace
$ eval $(ssh-agent -s)
Agent pid 643

drjst@DrJ MINGW64 /d/Workspace
$ ssh-add
Identity added: /c/Users/drjst/.ssh/id_ed25519 (account@email.com)

this happens when i try to clone:

$ git clone ssh://192.168.50.144:222/ROOT/Samsara_UE.git --verbose
Cloning into 'Samsara_UE'...
drjst@192.168.50.144: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

and a quick SSH check with my NAS yielded this:

$ ssh -vT ssh://192.168.50.144:222
OpenSSH_9.5p1, OpenSSL 3.1.4 24 Oct 2023
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.50.144 [192.168.50.144] port 222.
debug1: Connection established.
debug1: identity file /c/Users/drjst/.ssh/id_rsa type -1
debug1: identity file /c/Users/drjst/.ssh/id_rsa-cert type -1
debug1: identity file /c/Users/drjst/.ssh/id_ecdsa type -1
debug1: identity file /c/Users/drjst/.ssh/id_ecdsa-cert type -1
debug1: identity file /c/Users/drjst/.ssh/id_ecdsa_sk type -1
debug1: identity file /c/Users/drjst/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /c/Users/drjst/.ssh/id_ed25519 type 3
debug1: identity file /c/Users/drjst/.ssh/id_ed25519-cert type -1
debug1: identity file /c/Users/drjst/.ssh/id_ed25519_sk type -1
debug1: identity file /c/Users/drjst/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /c/Users/drjst/.ssh/id_xmss type -1
debug1: identity file /c/Users/drjst/.ssh/id_xmss-cert type -1
debug1: identity file /c/Users/drjst/.ssh/id_dsa type -1
debug1: identity file /c/Users/drjst/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.5
debug1: Remote protocol version 2.0, remote software version OpenSSH_9.0
debug1: compat_banner: match: OpenSSH_9.0 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.50.144:222 as 'drjst'
debug1: load_hostkeys: fopen /c/Users/drjst/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: sntrup761x25519-sha512@openssh.com
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:D8fgBb9IXIchFG9IVSAe/n71lEZ8KJeTRCgFFae8YI0
debug1: load_hostkeys: fopen /c/Users/drjst/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '[192.168.50.144]:222' is known and matches the ED25519 host key.
debug1: Found key in /c/Users/drjst/.ssh/known_hosts:2
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: agent returned 1 keys
debug1: Will attempt key: /c/Users/drjst/.ssh/id_ed25519 ED25519 SHA256:N8qnwVWpXoji2Yc10FZSJ5dsh0mgnFP1oe6UTWJjU3U agent
debug1: Will attempt key: /c/Users/drjst/.ssh/id_rsa
debug1: Will attempt key: /c/Users/drjst/.ssh/id_ecdsa
debug1: Will attempt key: /c/Users/drjst/.ssh/id_ecdsa_sk
debug1: Will attempt key: /c/Users/drjst/.ssh/id_ed25519_sk
debug1: Will attempt key: /c/Users/drjst/.ssh/id_xmss
debug1: Will attempt key: /c/Users/drjst/.ssh/id_dsa
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com>
debug1: kex_ext_info_check_ver: publickey-hostbound@openssh.com=<0>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /c/Users/drjst/.ssh/id_ed25519 ED25519 SHA256:N8qnwVWpXoji2Yc10FZSJ5dsh0mgnFP1oe6UTWJjU3U agent
debug1: Authentications that can continue: publickey
debug1: Trying private key: /c/Users/drjst/.ssh/id_rsa
debug1: Trying private key: /c/Users/drjst/.ssh/id_ecdsa
debug1: Trying private key: /c/Users/drjst/.ssh/id_ecdsa_sk
debug1: Trying private key: /c/Users/drjst/.ssh/id_ed25519_sk
debug1: Trying private key: /c/Users/drjst/.ssh/id_xmss
debug1: Trying private key: /c/Users/drjst/.ssh/id_dsa
debug1: No more authentication methods to try.
drjst@192.168.50.144: Permission denied (publickey).

any help would be much appreciated, thank you!