I followed this page:
and it is working but when I clone over HTTPS I have to enter my username/password to push anything and cloning with SSH does not work. When using SSH to clone it just never starts (I have a valid key and it is loaded in ssh-agent).
Can you ssh into the server at all? The ssh config is just done through services.openssh, using the forgejo user as the ssh user.
Yes I can as my own user, should as Forgejo work even without a password set for that user?
I remember having some problems when setting it up initially.
I’m sure the OpenSSH server can be set up too but I’ve just switched to using the internal SSH server of Forgejo which has worked fine for me.
Any tips for doing that?
If you really want to do it that way, search “built-in SSH” on this page: Configuration Cheat Sheet | Forgejo – Beyond coding. We forge.
then configure accordingly via services.forgejo.settings.
SSH keys have nothing to do with user passwords. Unless forgejo has some way of handling this, you’d need to configure EDIT: seems that forgejo can list out the authorized keys via users.users.${config.services.forgejo.user}.openssh.authorizedKeys.keys the same way as you did for your own user.admin regenerate keys, which the nixos module already handles. Then of course make sure to provide the correct username to any ssh or git commands that involve ssh. Still, strange that you’re not getting any error even, I’ll have to check on my end…
Also, the AcceptEnv stuff is redundant, the module already sets that up:
Though I’m not surprised the wiki is just suggesting unnecessary stuff.
It does have a way of handling this, you’re supposed to add your ssh key to the authorized users via its UI.
I don’t know what happens if you use the services.openssh settings to do that, for me it just works™ via the UI.
You can try ssh-ing into the forgejo user and adding -vvv to your ssh command; though I’m pretty sure you’ve just not configured your ssh key for forgejo (or you’ve set up openssh to ignore ~/.ssh/authorized_keys or such).
I have my SSH key added using the UI like I do on GitHub and GitLab but I did not do this:
forgejo.settings.server.SSH_PORT = lib.head config.services.openssh.ports;
so I’ll check that.
That should also be unnecessary unless you changed the openssh port.
Also, per the cheat sheet it only affects the UI?
SSH_PORT: 22: SSH port displayed in the clone URL.
I tried to clone like this:
git clone ssh://ahoneybun@git.ahoneybun.net/ahoneybun/lazarus.git
and it never actually clones, the command just hang like using forgejo instead of my username.
Well the user should definitely be forgejo.
Also, can you check the contents of /mnt/DATA/Git/.ssh/authorized_keys and see if your ssh public key is listed there?
My public key is indeed listed in that file.
Okay, can you check in your own user’s ~/.ssh/config and see if you have an entry there for that host? Something like
Host git.ahoneybun.net
User forgejo
IdentityFile /PATH/TO/KEY
(replacing /PATH/TO/KEY with your private key’s path, of course)
If you’ve confirmed that your ssh config looks fine, you can test your connection with ssh -T ssh://git.ahoneybun.net.
Mm I don’t have a config file actually just authorized_keys and known_hosts
As @waffle8946 said, you will need to use the forgejo user on the ssh level:
git clone ssh://forgejo@git.ahoneybun.net/ahoneybun/lazarus.git
The web UI should have suggested exactly that link.
EDIT: Huh, no, your web UI does not even suggest the SSH url. That’ll be the problem. ahoneybun/lazarus: Just testing CI stuff in here - Forgejo: Beyond coding. We Forge.
EDIT2: None of the open ports on your machine seem to be for ssh, are you sure you didn’t close the firewall for ssh? (services.openssh.openFirewall=true). Maybe some fail2ban service is locking you out yourself?
You can create that config file and just paste in @waffle8946 's config, it doesn’t exist by default.
But yeah, if you have ssh locked down, or not even enabled, as @nobodyinperson says you do, of course ssh won’t work.
That’s inconvenient (maybe forgejo only suggests the ssh url when you use their built-in server?) but ultimately not a problem, as ssh will still work if correctly configured.
Unlikely, I also encountered the hanging before I added the entry to ~/.ssh/config, and I don’t use fail2ban or anything like it. But as @TLATER said, adding -vvv to the ssh commands will clear up what’s happening.
networking.firewall.allowedTCPPortswith 22