Fully disable of SSH setup if SSH is not enabled #321

New Issue

AnkitShankdhar · 2022-05-10T08:07:24Z

AnkitShankdhar commented

2022-05-10 08:07:24 +00:00

While installing Gitea, the ssh is been disabled.
The requirement is to remove the ssh-svc as well when ssh is disabled in Gitea.

Below are the comment as received in Gitea.

The SSH Service is disabled , but the SVC shows the port 22. The port 22 is been scanned by the scanner and report the issue.

It's not related to Gitea itself, but docker-compose/helmchart or other methods you used to deploy Gitea.

For helmchart, see: https://gitea.com/gitea/helm-chart/src/branch/master/templates/gitea/ssh-svc.yaml

You could propose PRs on the helmchar repository.

While installing Gitea, the ssh is been disabled. The requirement is to remove the ssh-svc as well when ssh is disabled in Gitea. Below are the comment as received in Gitea. The SSH Service is disabled , but the SVC shows the port 22. The port 22 is been scanned by the scanner and report the issue. It's not related to Gitea itself, but docker-compose/helmchart or other methods you used to deploy Gitea. For helmchart, see: https://gitea.com/gitea/helm-chart/src/branch/master/templates/gitea/ssh-svc.yaml You could propose PRs on the helmchar repository.

👍 1

AnkitShankdhar commented

2022-05-18 06:11:40 +00:00

Hi

Please suggest If the ssh-svc can be removed while installing Gitea.

Hi Please suggest If the ssh-svc can be removed while installing Gitea.

luhahn commented

2022-05-18 07:37:20 +00:00

Of course, if ssh has been disabled, there would be no need for the service. Feel free to provide a PR for this Issue.

justusbunsi commented

2022-06-11 11:44:55 +00:00

Hi @AnkitShankdhar. If I understand you correctly, you are talking about a way to completely disable any SSH related feature within the Helm Chart. Is this correct?

In that case there would be a few things to do:

Allow disabling .Values.service.ssh
Skip any injection of SSH related settings for app.ini composing
Prevent SSH related environment variables being exposed to the container
Do not expose the SSH port from the container to the Kubernetes cluster

IMO the enable/disable logic of .Values.service.ssh would be the feature toggle for the SSH capability. Without a Kubernetes service as centralized endpoint for incoming SSH traffic, no SSH logic inside Gitea allows for accessing it via SSH, AFAIK.

Hi @AnkitShankdhar. If I understand you correctly, you are talking about a way to completely disable any SSH related feature within the Helm Chart. Is this correct? In that case there would be a few things to do: - Allow disabling `.Values.service.ssh` - Skip any injection of SSH related settings for `app.ini` composing - Prevent SSH related environment variables being exposed to the container - Do not expose the SSH port from the container to the Kubernetes cluster IMO the enable/disable logic of `.Values.service.ssh` would be the _feature toggle_ for the SSH capability. Without a Kubernetes service as centralized endpoint for incoming SSH traffic, no SSH logic inside Gitea allows for accessing it via SSH, AFAIK.

justusbunsi added the

kind

proposal

label 2022-07-05 10:02:05 +00:00

justusbunsi changed title from ~~helm-chart/templates/gitea/ssh-svc.yaml~~ to Fully disable of SSH setup if SSH is not enabled

2022-09-23 13:31:30 +00:00

justusbunsi referenced this issue

2022-09-25 12:08:36 +00:00

Support for SSH log level #358

pat-s referenced this issue

2022-09-25 19:46:32 +00:00

Support for SSH log level #358