Closed the-lay closed 3 years ago
you can use sshd in docker .. but you have to add install & enable it.
If you aren't running the internal ssh why would you expect the gitea logs to provide that information? Just set up fail2ban to use the sshd logs.
Adjust the config of /etc/ssh/sshd_config
as necessary,
If you aren't running the internal ssh why would you expect the gitea logs to provide that information? Just set up fail2ban to use the sshd logs.
Adjust the config of
/etc/ssh/sshd_config
as necessary,
That makes sense, thanks. Sorry, I've assumed the logs would be "redirected" for some reason.
I've tried to switch to the internal ssh, but it seems that the default ssh provider for Docker image is openssh and it gets run even if internal ssh is turned on. For example, if I set START_SSH_SERVER=true
in the app.ini, container crashes on startup because it can not bind to the port that openssh already took:
Server listening on :: port 2222.
Server listening on 0.0.0.0 port 2222.
2021/01/28 11:18:24 cmd/web.go:108:runWeb() [I] Starting Gitea on PID: 15
2021/01/28 11:18:24 ...dules/setting/git.go:91:newGit() [I] Git Version: 2.26.2, Wire Protocol Version 2 Enabled
....
2021/01/28 11:18:25 routers/init.go:56:checkRunMode() [I] Run Mode: Production
2021/01/28 11:18:25 routers/init.go:188:GlobalInit() [I] SSH server started on :2222. Cipher list ([aes128-ctr aes192-ctr aes256-ctr aes128-gcm@openssh.com arcfour256 arcfour128]), key exchange algorithms ([diffie-hellman-group1-sha1 diffie-hellman-group14-sha1 ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 curve25519-sha256@libssh.org]), MACs ([hmac-sha2-256-etm@openssh.com hmac-sha2-256 hmac-sha1 hmac-sha1-96])
2021/01/28 11:18:25 ...s/graceful/server.go:55:NewServer() [I] Starting new server: tcp::2222 on PID: 15
2021/01/28 11:18:25 ...s/graceful/server.go:79:ListenAndServe() [E] Unable to GetListener: listen tcp :2222: bind: address already in use
2021/01/28 11:18:25 .../ssh/ssh_graceful.go:23:listen() [F] Failed to start SSH server: listen tcp :2222: bind: address already in use
Received signal 15; terminating.
Also it seems that the default openssh server does not write logs: /var/log/ folder is empty.
https://stackoverflow.com/questions/22526016/docker-container-sshd-logs
There's also a rootless variant of the docker.
https://stackoverflow.com/questions/22526016/docker-container-sshd-logs
Thank you, I also found this question on SO, but it is not straightforward. Gitea docker image is based on alpine (not Ubuntu as in SO question) and even after downloading and installing rsyslog (apk add rsyslog; rsyslogd) the logs are not there. I will try some more tomorrow.
There's also a rootless variant of the docker.
It seems there is no stable version of rootless Gitea image, so I don't think it's a good alternative. Even though docs say For a stable release you can use :1-rootless or specify a certain release like :1.13.1-rootless.
, in reality on Dockerhub there is only latest-rootless.
[x]
):Description
I'm trying to setup fail2ban with Gitea that uses SSHD (
START_SSH_SERVER=false
). I can see unsucessful SSH connection attempts in docker logs, but not in log files, even when file logging enabled. Gitea documentation about fail2ban seem to assume that it is an internal ssh server running, not sshd.Excerpt from
docker logs
:Here's my app.ini regarding logging: