SSH_LISTEN_HOST accepts only one address

[ehaupt]

• Gitea version (or commit ref): 1.12.2
• Git version: 2.27.0
• Operating system: FreeBSD 12.1-RELEASE-p7 amd64
• Database (use [x]):
  • [ ] PostgreSQL
  • [ ] MySQL
  • [ ] MSSQL
  • [x] SQLite
• Can you reproduce the bug at https://try.gitea.io:
  • [ ] Yes (provide example URL)
  • [ ] No
  • [x] Not relevant
• Log gist:

Description

I have a host with multiple interfaces and addresses. Therefore I'd like to have the dedicated SSH daemon listen on only two particular addresses. In my case a IPv4 and a IPv6 address.

The configuration parameter SSH_LISTEN_HOST does not seem to accept more than one address and defining it on a second line will overwrite the first one.

I tried the following combinations:

Try 1:

SSH_LISTEN_PORT = 2222
SSH_LISTEN_HOST = 10.10.10.10 [2001:0db8:85a3:08d3:1319:8a2e:0370]

Result try 1:

2020/08/03 17:12:09 ...s/graceful/server.go:79:ListenAndServe() [E] Unable to GetListener: address 10.10.10.10 [2001:0db8:85a3:08d3:1319:8a2e:0370]:2222: too many colons in address
2020/08/03 17:12:09 .../ssh/ssh_graceful.go:23:listen() [F] Failed to start SSH server: address 10.10.10.10 [2001:0db8:85a3:08d3:1319:8a2e:0370]:2222: too many colons in address

---

Try 2:

SSH_LISTEN_PORT = 2222
SSH_LISTEN_HOST = 10.10.10.10,[2001:0db8:85a3:08d3:1319:8a2e:0370]

Result:

2020/08/03 17:13:56 ...s/graceful/server.go:79:ListenAndServe() [E] Unable to GetListener: address 10.10.10.10,[2001:0db8:85a3:08d3:1319:8a2e:0370]:2222: too many colons in address
2020/08/03 17:13:56 .../ssh/ssh_graceful.go:23:listen() [F] Failed to start SSH server: address 10.10.10.10,[2001:0db8:85a3:08d3:1319:8a2e:0370]:2222: too many colons in address

---

Try 3:

SSH_LISTEN_PORT = 2222
SSH_LISTEN_HOST = 10.10.10.10, [2001:0db8:85a3:08d3:1319:8a2e:0370]

Result:

2020/08/03 17:23:24 ...s/graceful/server.go:79:ListenAndServe() [E] Unable to GetListener: address 10.10.10.10, [2001:0db8:85a3:08d3:1319:8a2e:0370]:2222: too many colons in address
2020/08/03 17:23:24 .../ssh/ssh_graceful.go:23:listen() [F] Failed to start SSH server: address 10.10.10.10, [2001:0db8:85a3:08d3:1319:8a2e:0370]:2222: too many colons in address

---

Try 4:

SSH_LISTEN_PORT = 2222
SSH_LISTEN_HOST = 10.10.10.10; [2001:0db8:85a3:08d3:1319:8a2e:0370];

Result: Will only listen to 10.10.10.10 but not 2001:0db8:85a3:08d3:1319:8a2e:0370

---

Workaround: comment SSH_LISTEN_HOST so the gitea SSH daemon will listen on every device and firewall undesired access.

[raspher]

Have reproduced, but dived deeper.

I've created my gitea.yml setup, made a lot of changes and... Just discovered that if you have existing docker volume, changes made to .yml file won't take effect.

1. Make yml file and specify SSH options, you must use docker volume to store your data
2. Build and start container
3. Change options in .yml file
4. Destroy all docker data but don't touch existing volume
5. rebuild and start container
6. You'll see that making changes in .yml file doesn't take any effect

Cheers and please fix it, as it's impossible to :

• change configuration in .yml file, you'll need to somehow get into container that have mounted used volume and change .ini file by hand
• it's hard to recover persisted data with different configuration while making changes to yml file
• even changing domain in yml woudn't have any effect

_Even changing APPNAME does not work. By removing volume which result in data loss changes in yml file will have effect.

It's not only docker-compose issue, but docker in general

Funny fact: declaring SSH_LISTEN_PORT=2222 works, but GITEA_server_SSH_LISTEN_PORT=2222 does not, even if i've removed volume.

My gitea.yml (docker-compose)

version: "3"

networks:
  gitea:
    external: false

services:
  server:
    env_file: 
      - gitea.env
    image: gitea/gitea:1.17.3
    container_name: gitea
    environment:
      - RUN_MODE=prod
      - APP_NAME=test
      # Repository
      - GITEA__repository__FORCE_PRIVATE=true
      - GITEA__repository__DEFAULT_PUSH_CREATE_PRIVATE=true
      - GITEA__repository__DISABLE_HTTP_GIT=true
      - GITEA__repository__DEFAULT_BRANCH=master
      - GITEA__repository.pull-request__DEFAULT_MERGE_STYLE="squash"
      - GITEA__repository.pull-request__DEFAULT_MERGE_MESSAGE_COMMITS_LIMIT=-1
      - GITEA__repository.pull-request__DEFAULT_MERGE_MESSAGE_ALL_AUTHORS=true
      - GITEA__repository.pull-request__ADD_CO_COMMITTER_TRAILERS=true
      - GITEA__repository.release__ALLOWED_TYPES="*/*"
      # UI
      - GITEA__ui__EXPLORE_PAGING_NUM=50
      - GITEA__ui__ISSUE_PAGING_NUM=50
      - GITEA__ui__MEMBERS_PAGING_NUM=50
      - GITEA__ui__FEED_MAX_COMMIT_NUM=10
      - GITEA__ui__FEED_PAGING_NUM=50
      - GITEA__ui__SITEMAP_PAGING_NUM=50
      - GITEA__ui__DEFAULT_SHOW_FULL_NAME=50
      - GITEA__ui__DEFAULT_SHOW_FULL_NAME=true
      - GITEA__service__DEFAULT_ORG_MEMBER_VISIBLE=true
      - GITEA__ui.meta__AUTHOR="UrnTea"
      - GITEA__ui.meta__DESCRIPTION="selfhosted Gitea"
      - GITEA__ui.meta__KEYWORDS="git,gitea,self-hosted"
      # Server
      - GITEA__server__HTTP_ADDR="0.0.0.0"
      - GITEA__server__HTTP_PORT="3000"
      - GITEA__server__START_SSH_SERVER=false
      - GITEA__server__SSH_PORT=22
      - GITEA__server__SSH_LISTEN_HOST="0.0.0.0"
      - GITEA__server__SSH_LISTEN_PORT=2222
      - GITEA__database__DB_TYPE="sqlite3"
      # Security
      - GITEA__security__SECRET_KEY=${GITEA__security__SECRET_KEY}
      - GITEA__security__INTERNAL_TOKEN=${GITEA__security__INTERNAL_TOKEN}
      - GITEA__security__PASSWORD_HASH_ALGO="bcrypt"
      - GITEA__security__MIN_PASSWORD_LENGTH=8
      - GITEA__security__PASSWORD_COMPLEXITY="lower,upper,digit,spec"
      - GITEA__security__PASSWORD_CHECK_PWN=true
      - GITEA__service__DISABLE_REGISTRATION=true
      - GITEA__service.explore__REQUIRE_SIGNIN_VIEW=true
      # Proxy
      - GITEA__security__REVERSE_PROXY_LIMIT=1
      - GITEA__security__REVERSE_PROXY_TRUSTED_PROXIES="127.0.0.0/8,::1/128"
      # Webhooks
      - GITEA__webhook__DELIVER_TIMEOUT=10 #secs
      - GITEA__webhook__PAGING_NUM=20
      # Cache
      - GITEA__cache__ITEM_TTL=1h
    restart: always
    networks:
      - gitea
    volumes:
      - gitea-data:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "3000:3000"
      - "22:2222"

volumes:
  gitea-data:

[raspher]

Please change labels as it is not enchancement/proposal but a bug (with low priority), which exist in a long time. @lunny

Sorry for mentioning, but i think this bug shouldn't be lost in 1.8k others, as docker is today de facto standard. Even if it's a won't fix type of issue, this behavior should be explictly described in docs. Will this be fixed in future or can i improve documentation?

// If i'd know golang, i would take it myself. If more research is needed, please tell me what data do you need, what scenarios to test.

[voidzero]

Not everyone uses Docker. I use NixOS. There's no such thing as any one "de facto" standard, but that is imho and not relevant for this issue. And I do have the same issue: I want to explicitly specify which hosts (IPv4 and IPv6) the SSH server should listen on, because my system has many IPv4 and IPv6 addresses.