Homelab Documentation
Software
Frontend
Forgejo SSH

Forgejo SSH

Since forgejo (TODO insert link) is running in kubernetes on jlpks8888 but the ingress is on jlpgreencloud it requires additional steps to get SSH to forward through appropriately.

Host to Kubernetes

Specifically from jlpgreencloud to the Traefik Gateway on jlpks8888 that is listening on 2222. Originally I had additional hops/logic to go from one ssh port to another than have it hit the gateway from the local machine, but the port is exposed over Tailscale so I was able to eliminate the extra hops.

The command is also kept inline rather than as a separate shell script since it is only needed to generate the hop rule and should not be re-used anywhere else

/etc/ssh/sshd_config
Match User git
    AllowUsers git@*
    AuthorizedKeysCommand /usr/bin/ssh -p 2222 -o StrictHostKeyChecking=no git@jlpks8888 /usr/local/bin/gitea keys -c /data/gitea/conf/app.ini -e git -u %u -t %t -k %k
    AuthorizedKeysCommandUser git
    PasswordAuthentication no

Forgejo config

For the above to work the git user on the jump host must be included in the authorized_keys for the forgejo git user.

/data/git/.ssh/0\authorized_keys
<ssh_key_generated for user git on jlpgreencloud> Gitea jlpgreencloud
# gitea public key
command="/usr/local/bin/gitea --config=/data/gitea/conf/app.ini serv key-1",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,no-user-rc,restrict ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALEjLKB3bs0k/VfF4+JVaXf3uyjwJ2ZToz0Xe33+iLX openpgp:0x1F3543A7
Caddy