Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Gitea docker container's SSHD fails due to missing MaxStartups and MaxSessions in sshd_config #16044

Closed
sutusa opened this issue Jun 1, 2021 · 1 comment · Fixed by #16046
Closed

Gitea docker container's SSHD fails due to missing MaxStartups and MaxSessions in sshd_config #16044

sutusa opened this issue Jun 1, 2021 · 1 comment · Fixed by #16046

Comments

@sutusa
Copy link

sutusa commented Jun 1, 2021

  • Gitea version (or commit ref): 1.15.0+dev-375-g072df3ff8 built with GNU Make 4.3, go1.16.4 : bindata, timetzdata, sqlite, sqlite_unlock_notify
  • Operating system: docker image

Today, I bounced the docker container/image using gitea/gitea:latest in my kubernetes configurations. The container log showed that sshd fails to start due to Missing MaxStartups spec on line 8. I was no longer able to communicate to gitea on ssh as suspected:

$ kubectl get pods
NAME                     READY   STATUS    RESTARTS   AGE
gitea-6b7b9c8f79-4kv6t   1/1     Running   0          22m

$ kubectl logs pod/gitea-6b7b9c8f79-4kv6t | head -n 30
/etc/ssh/sshd_config line 8: Missing MaxStartups spec.
/etc/ssh/sshd_config line 8: Missing MaxStartups spec.
/etc/ssh/sshd_config line 8: Missing MaxStartups spec.
2021/06/01 17:58:01 cmd/web.go:81:runWeb() [I] Starting Gitea on PID: 16
2021/06/01 17:58:01 ...dules/setting/git.go:101:newGit() [I] Git Version: 2.30.2, Wire Protocol Version 2 Enabled
2021/06/01 17:58:01 cmd/web.go:125:runWeb() [I] Global init
2021/06/01 17:58:01 ...dules/setting/git.go:101:newGit() [I] Git Version: 2.30.2, Wire Protocol Version 2 Enabled
2021/06/01 17:58:01 routers/init.go:134:GlobalInit() [T] AppPath: /app/gitea/gitea
2021/06/01 17:58:01 routers/init.go:135:GlobalInit() [T] AppWorkPath: /app/gitea
2021/06/01 17:58:01 routers/init.go:136:GlobalInit() [T] Custom path: /data/gitea
2021/06/01 17:58:01 routers/init.go:137:GlobalInit() [T] Log path: /data/gitea/log
2021/06/01 17:58:01 routers/init.go:49:checkRunMode() [I] Run Mode: Prod
/etc/ssh/sshd_config line 8: Missing MaxStartups spec.
/etc/ssh/sshd_config line 8: Missing MaxStartups spec.

I executed a shell within the container and looked at the sshd_config, and it has empty values for MaxStartups and MaxSessions as the log indicated:

$ kubectl exec --stdin --tty gitea-6b7b9c8f79-4kv6t -- /bin/bash
bash-5.1# cat /etc/ssh/sshd_config | head -n 12
Port 22
Protocol 2

AddressFamily any
ListenAddress 0.0.0.0
ListenAddress ::

MaxStartups
MaxSessions

LogLevel INFO

Went looking through recent changes to the gitea code here on github and found this commit from 14 hours ago where MaxStartups ${SSH_MAX_STARTUPS} and MaxSessions ${SSH_MAX_SESSIONS} were just added to the sshd_config in the following commit:

5de01e2

I didn't investigate any further, but the environment variables of SSH_MAX_STARTUPS and SSH_MAX_SESSIONS appear to not have defaults preset and sshd_config values ultimately come up empty.

Thanks.
@sutusa
Copy link
Author

sutusa commented Jun 1, 2021

I submitted this issue before I knew about this pull thread discussing a potential fix:
#16009

zeripath added a commit to zeripath/gitea that referenced this issue Jun 1, 2021
@zeripath
Fix bug due to missing MaxStartups and MaxSessions
024ae5c 
Unforunately go-gitea#16009 makes these settings mandatory. This PR uses the same technique
as used for the certificates to make these settings non-mandatory.

Fix go-gitea#16044

Signed-off-by: Andrew Thornton <[email protected]>
@zeripath zeripath mentioned this issue Jun 1, 2021
Merged
techknowlogick pushed a commit that referenced this issue Jun 1, 2021
@zeripath @6543
Fix bug due to missing MaxStartups and MaxSessions (#16046)
8947422 
Unforunately #16009 makes these settings mandatory. This PR uses the same technique
as used for the certificates to make these settings non-mandatory.

Fix #16044

Signed-off-by: Andrew Thornton <[email protected]>

Co-authored-by: 6543 <[email protected]>
AbdulrhmnGhanem pushed a commit to kitspace/gitea that referenced this issue Aug 10, 2021
@zeripath @6543 @AbdulrhmnGhanem
Fix bug due to missing MaxStartups and MaxSessions (go-gitea#16046)
43f5f89 
Unforunately go-gitea#16009 makes these settings mandatory. This PR uses the same technique
as used for the certificates to make these settings non-mandatory.

Fix go-gitea#16044

Signed-off-by: Andrew Thornton <[email protected]>

Co-authored-by: 6543 <[email protected]>
@go-gitea go-gitea locked and limited conversation to collaborators Oct 19, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix bug due to missing MaxStartups and MaxSessions zeripath/gitea
1 participant
@sutusa