Trying to setup SSH, but getting 'Too many authentication failures'

Install/Maintain/Configure
1

Hello, I have freshly installed gitea as a docker container and have worked through the instructions for ssh Container Passtrough, specifically “SSHing Shim”. Now I have added and verified an ssh key on the web interface on windows, but when I try to clone a test repo, the following error occurs:

Cloning into 'test'...
Received disconnect from [ip] port 22:2: Too many authentication failures
Disconnected from [ip] port 22
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Here is the docker-compose.yml:

version: "3.8"

services:
  server:
    image: gitea/gitea:1.21.7
    container_name: gitea
    environment:
      - USER_UID=1000
      - USER_GID=1000
      - GITEA__database__DB_TYPE=postgres
      - GITEA__database__HOST=db:5432
      - GITEA__database__NAME=gitea
      - GITEA__database__USER=gitea
      - GITEA__database__PASSWD=gitea
    restart: always
    volumes:
      - ./gitea:/data
      - /home/git/.ssh/:/data/git/.ssh
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "3000:3000"
      - "2222:22"
    depends_on:
      - db

  db:
    image: postgres:14
    restart: always
    environment:
      - POSTGRES_USER=gitea
      - POSTGRES_PASSWORD=gitea
      - POSTGRES_DB=gitea
    volumes:
      - ./postgres:/var/lib/postgresql/data

I’ve followed the instructions for SSHing Shim. Here is the following steps I took:

  • The USER_UID and GID is both 1000
  • .ssh has been set as volume

Then as user ‘root’ I’ve executed

sudo -u git ssh-keygen -t rsa -b 4096 -C "Gitea Host Key"
sudo -u git cat /home/git/.ssh/id_rsa.pub | sudo -u git tee -a /home/git/.ssh/authorized_keys
sudo -u git chmod 600 /home/git/.ssh/authorized_keys

Then I’ve also executed:

cat <<"EOF" | sudo tee /usr/local/bin/gitea
#!/bin/sh
ssh -p 2222 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"
EOF
sudo chmod +x /usr/local/bin/gitea

On app.ini, I’ve also changed:

[server]
DOMAIN = gitea.[url]
SSH_DOMAIN = gitea.[url]
ROOT_URL = https://gitea.[url]

[service]
DISABLE_REGISTRATION = true

After that I’ve restarted the docker containers. On my windows PC, I’ve generated an ed25519 type ssh-key and copy pasted the content of the public key inside gitea > settings > SSH-/GPG Keys. I’ve then verified the ssh public key by executing

echo -n '9d1992e77feb20335fc3e05bcd5145800e4d3cde1fea834a962aca1afe31a6dd' | ssh-keygen -Y sign -n gitea -f / [public_key] (apparently I cannot use the command on macos, gives back incorrect passphrase supplied to decrypt private key).

Then I’ve copied the url from gitea and git cloned ot to my pc. Thats when the error message came.

So can anyone help me fixing my ssh server, so I can use it to clone repositories?

2

I have changed app.ini to this:

[server]
DOMAIN = gitea.[url]
SSH_DOMAIN = gitea.[url]
ROOT_URL = https://gitea.[url]
START_SSH_SERVER = true
SSH_PORT = 2222
SSH_LISTEN_PORT = 2222

[service]
DISABLE_REGISTRATION = true

I still got this response, but with the changed port:

Cloning into 'test'...
Received disconnect from [ip] port 2222:2: Too many authentication failures
Disconnected from [ip] port 2222
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
3

I think you are misunderstanding docker a little. The last section where you update app.ini to be 2222. I think this should remain 22. 2222 is the port on the host but as gitea should listen on port 22 within the container unless you update your docker-compose port section to say 2222:2222

4

Oh thanks, I quickly changed it.

I also found the problem for mine. The ssh-key I was generating had a passphrase which is why it was not working.

If it is possible to use ssh-keys with passphrases on gitea, what do I have to setup?