Unable to use SSH with Gitea

Having issues with your DietPi installation or found a bug? Post it here.
LTM
Posts: 5
Joined: Mon Aug 02, 2021 4:26 am

Unable to use SSH with Gitea

Post by LTM »

I am trying to enable SSH on my Gitea instance. Though I feel like I have done everything right to achieve this including the guide that Gitea recommends, I am unable to push anything to my Gitea instance via SSH. I am able to push via HTTP.

One of the things I am trying to do is to use this guide to automate backups of my Home Assistant config files. I have followed the guide multiple times (after deleting previous work like the .ssh folder and even known_hosts in the system .ssh folder. I have even tried a clean install of dietpi.) and when I get to the part where I try to push the commit to my repo (git push -u origin master), I get a return asking for a password even though I have already generated a key and posted the public key to the repository (and have also tried posting it to the account as a whole). I also made sure to give write permissions to the repo. This is the response I get:
➜ /config git:(master) git push -u origin master
dietpi@dietpi.sudo's password:
fatal: 'ltm/Home-Assistant-Backup.git' does not appear to be a git repository
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
I have also tried to make a key pair on my desktop and adding it to the account using the same guide to add one to Github and am unable to connect.

Here is my Gitea [server] config in custom/app.ini:

Code: Select all

[server]
SSH_DOMAIN       = dietpi.sudo
DOMAIN           = dietpi.sudo
HTTP_PORT        = 3000
ROOT_URL         = http://dietpi.sudo:3000/
DISABLE_SSH      = false
SSH_PORT         = 22
LFS_START_SERVER = true
LFS_CONTENT_PATH = /mnt/dietpi_userdata/gitea/data/lfs
LFS_JWT_SECRET   = [redacted]
OFFLINE_MODE     = true
I am hoping someone can shed some light and point me in the right direction to be able to get SSH working.

Thanks
User avatar
trendy
Posts: 362
Joined: Tue Feb 25, 2020 2:54 pm

Re: Unable to use SSH with Gitea

Post by trendy »

Are you able to connect from an SSH client like Putty? This error seems to be related to git, not SSH.
User avatar
Joulinar
Posts: 5657
Joined: Sat Nov 16, 2019 12:49 am

Re: Unable to use SSH with Gitea

Post by Joulinar »

yep, SSH seems to be working. It looks more like Git repository did not exist

Code: Select all

fatal: 'ltm/Home-Assistant-Backup.git' does not appear to be a git repository
fatal: Could not read from remote repository.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
LTM
Posts: 5
Joined: Mon Aug 02, 2021 4:26 am

Re: Unable to use SSH with Gitea

Post by LTM »

Yes, SSH is working fine, but I can not do anything with pushing or pulling from Gitea. The repository does exist. I pulled the SSH url directly from the Gitea UI repository page.

The only way to get that message up is if I enter in the password for the dietpi user. It does not work with key pair files at all like it should using SSH.

To get rid of the repository not existing message, I have to enter in the full path to the git file like "dietpi@dietpi.sudo:/mnt/dietpi_userdata/gitea/gitea-repositories/ltm/Home-Assistant-Backup.git" in the git config file for origin. It does work, but seems to be a very hacky solution to me and does not fix why I have to enter in a password when it should be using a key pair.
User avatar
Joulinar
Posts: 5657
Joined: Sat Nov 16, 2019 12:49 am

Re: Unable to use SSH with Gitea

Post by Joulinar »

does your SSH key is working using putty? Did you tried to use OpenSSH server instead of Dropbear? Sometimes this makes a difference as Dropbear has less functions compare to OpenSSH. But this would require new keys :)
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
LTM
Posts: 5
Joined: Mon Aug 02, 2021 4:26 am

Re: Unable to use SSH with Gitea

Post by LTM »

Yes, my SSH key works while using PuTTY. I am using OpenSSH (one of the first things I do on a fresh installation) and made sure dropbear was cleanly uninstalled.

I did a fresh install today with new keys and everything and have came to the same result. My thoughts are still along the lines of a permissions issue between Gitea and the system but I can not find any sort of logs to back that claim up.

I may try to mess with the Gitea internal SSH server tonight to see if I can get it working that way.
User avatar
Joulinar
Posts: 5657
Joined: Sat Nov 16, 2019 12:49 am

Re: Unable to use SSH with Gitea

Post by Joulinar »

Maybe you can open an issue at Gitea https://github.com/go-gitea/gitea/issues in parallel. Maybe these guys have some better experience than we have.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
LTM
Posts: 5
Joined: Mon Aug 02, 2021 4:26 am

Re: Unable to use SSH with Gitea

Post by LTM »

I hopped on the Gitea Discord server and made some headway on this.

Basically, the correct way the devs (I actually talked with a dev) very highly recommend is to create a separate user for Gitea. I did this by using "adduser" listed in the official documentation and modified the home directory to be "/mnt/dietpi_userdata/gitea":

Code: Select all

adduser \
   --system \
   --shell /bin/bash \
   --gecos 'Git Version Control' \
   --group git\
   --disabled-password \
   --home /mnt/dietpi_userdata/gitea \
   git
Next, I created the ssh directory and created the authorized_keys file that I will be using:

Code: Select all

mkdir /mnt/dietpi_userdata/gitea/.ssh && touch /mnt/dietpi_userdata/gitea/.ssh/authorized_keys
Next, I changed the gitea directory to be recursively owned by the new git user:

Code: Select all

chown -R git:git /mnt/dietpi_userdata/gitea
Next, I edited "/etc/systemd/system/gitea.service" to run the service to run as the git user:

Code: Select all

[Unit]
Description=Gitea (DietPi)

[Service]
User=git
WorkingDirectory=/mnt/dietpi_userdata/gitea/gitea-repositories
Environment=USER=git HOME=/mnt/dietpi_userdata/gitea
ExecStart=/mnt/dietpi_userdata/gitea/gitea web

[Install]
WantedBy=multi-user.target
Next, I edited the app.ini file to reflect the changes we made:

Code: Select all

nano /mnt/dietpi_userdata/gitea/custom/conf/app.ini
Change "RUN_USER = dietpi" to "RUN_USER = git"
Under [server], add the line under "DISABLE_SSH":

Code: Select all

SSH_ROOT_PATH    = /mnt/dietpi_userdata/gitea/.ssh
Next, I took the recommended precaution to secure a couple of things a little bit:

Code: Select all

chmod 750 /mnt/dietpi_userdata/gitea && chmod 640 /mnt/dietpi_userdata/gitea/custom/conf/app.ini
Finally, I had to restart the system. I couldn't just restart Gitea because even though I restarted the service, it was still running under the dietpi user when it needs to be running under the new user. After restarting the system, everything is working as it should.
User avatar
Joulinar
Posts: 5657
Joined: Sat Nov 16, 2019 12:49 am

Re: Unable to use SSH with Gitea

Post by Joulinar »

Ok running as own user might be a good idea but on DietPi usually application user will be setup with /usr/sbin/nologin option, means user is not able to login via SSH. This would not fix your issue. Btw, this is best practice and a security aspect. Next to this, setting up SSH key access would be an own, user individual setting, anyway.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
User avatar
MichaIng
Site Admin
Posts: 3254
Joined: Sat Nov 18, 2017 6:21 pm

Re: Unable to use SSH with Gitea

Post by MichaIng »

/usr/sbin/nologin is not necessarily an issue, as the SSH client may pass an own command here, to perform the Git action. But needs to be tested, of course. If required, we can change the default shell to /bin/dash while still keeping the password disabled.
Post Reply