Ygtjki

Redundant comparison & "if" before assignment

What does "Scientists rise up against statistical significance" mean? (Comment in Nature)

Why does AES have exactly 10 rounds for a 128-bit key, 12 for 192 bits and 14 for a 256-bit key size?

Plot of a tornado-shaped surface

What are some good ways to treat frozen vegetables such that they behave like fresh vegetables when stir frying them?

What if a revenant (monster) gains fire resistance?

Why does the Sun have different day lengths, but not the gas giants?

Why did the EU agree to delay the Brexit deadline?

15% tax on $7.5k earnings. Is that right?

Mixing PEX brands

Temporarily disable WLAN internet access for children, but allow it for adults

Do the primes contain an infinite almost arithmetic progression?

Picking the different solutions to the time independent Schrodinger eqaution

What should you do when eye contact makes your subordinate uncomfortable?

How do you respond to a colleague from another team when they're wrongly expecting that you'll help them?

Why should universal income be universal?

Mimic lecturing on blackboard, facing audience

What is the evidence for the "tyranny of the majority problem" in a direct democracy context?

Electoral considerations aside, what are potential benefits, for the US, of policy changes proposed by the tweet recognizing Golan annexation?

How to cover method return statement in Apex Class?

What exact color does ozone gas have?

Strong empirical falsification of quantum mechanics based on vacuum energy density

Angel of Condemnation - Exile creature with second ability

Biological Blimps: Propulsion

Forward ssh for Git user to Git server

4

It is surprisingly difficult to find information on this simple problem.

Like many people we run a gitlabs/gogs server on a remote instance. Currently it listens on port 10022. We also run ssh on that instance to administer the server. It listens on port 22.

We'd like the ssh server listening on port 22 to forward connections for Git@ ONLY to the Git server on 10022.

That way when people use Git locally, they won't have to manually specify the port of our remote Git server each time.

How can we do this?

ssh git sshd openssh gitlab

share|improve this question

edited Apr 2 '17 at 11:37

Jeff Schaller

43.8k1161141

asked Feb 7 '16 at 13:36

DMCodingDMCoding

1315

add a comment | 

4

It is surprisingly difficult to find information on this simple problem.

Like many people we run a gitlabs/gogs server on a remote instance. Currently it listens on port 10022. We also run ssh on that instance to administer the server. It listens on port 22.

We'd like the ssh server listening on port 22 to forward connections for Git@ ONLY to the Git server on 10022.

That way when people use Git locally, they won't have to manually specify the port of our remote Git server each time.

How can we do this?

ssh git sshd openssh gitlab

share|improve this question

edited Apr 2 '17 at 11:37

Jeff Schaller

43.8k1161141

asked Feb 7 '16 at 13:36

DMCodingDMCoding

1315

add a comment | 

It is surprisingly difficult to find information on this simple problem.

Like many people we run a gitlabs/gogs server on a remote instance. Currently it listens on port 10022. We also run ssh on that instance to administer the server. It listens on port 22.

We'd like the ssh server listening on port 22 to forward connections for Git@ ONLY to the Git server on 10022.

That way when people use Git locally, they won't have to manually specify the port of our remote Git server each time.

How can we do this?

ssh git sshd openssh gitlab

share|improve this question

edited Apr 2 '17 at 11:37

Jeff Schaller

43.8k1161141

asked Feb 7 '16 at 13:36

DMCodingDMCoding

1315

share|improve this question

edited Apr 2 '17 at 11:37

Jeff Schaller

43.8k1161141

asked Feb 7 '16 at 13:36

DMCodingDMCoding

1315

share|improve this question

edited Apr 2 '17 at 11:37

Jeff Schaller

43.8k1161141

asked Feb 7 '16 at 13:36

DMCodingDMCoding

1315

edited Apr 2 '17 at 11:37

Jeff Schaller

43.8k1161141

edited Apr 2 '17 at 11:37

Jeff Schaller

43.8k1161141

asked Feb 7 '16 at 13:36

DMCodingDMCoding

1315

asked Feb 7 '16 at 13:36

DMCodingDMCoding

1315

3 Answers
3

active

oldest

votes

1

I have never done that but maybe this does what you want:

You can put a Match block for the user git in sshd_config which contains ForceCommand. The forced command can be an ssh login to the real server. You can use public key authentication without passphrase so the users might not even notice this.

share|improve this answer

answered Feb 7 '16 at 13:43

Hauke LagingHauke Laging

57.5k1287136

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Can we not forward the user's own public key auth token? The public key authentications and the repos they allow access to are managed by the git server itself -- just like github.
  
  – DMCoding
  Feb 7 '16 at 13:59
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  No, it is not possible with openssh. As late as you are in Match block, you can't redirect the connection to different ssh server.
  
  – Jakuje
  Feb 7 '16 at 15:14
  

  
  
  
  

add a comment | 

1

A simpler approach would be:

Just tell your users to add an alias for your git-server to the ~/.ssh/config. Then they have the same convenience as with github and you don't have to do some weird redirections on the server side.

For example:

# put into ~/.ssh/config
Host mygitlab
Hostname git.example.org
Port 10022

Then your users can just clone etc. like this:

$ git clone mygitlab:someuser/somerepo.git

share|improve this answer

edited Feb 7 '16 at 14:21

answered Feb 7 '16 at 14:09

maxschlepzigmaxschlepzig

34.5k33140214

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  They are users, not administrators so that would not in any way be simpler. I really dont see how this is a weird idea -- what do github, bitbucket, etc. do? You're telling me they don't use SSH to administer their server fleet just because that port happens to be taken by their git software?
  
  – DMCoding
  Feb 7 '16 at 21:49
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @DanielJames probably they use a different port for admin?
  
  – nafg
  Mar 31 '17 at 5:53
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @nafg, doubtful when there's a more elegant way. You have a list of git users and a list of shell users. Shell users are allowed to use their default shell, git users are forced to use a special git shell binary which only allows git commands. Not difficult, not complicated, not hard to understand. Gitlabs do it (gitlab.com/gitlab-org/gitlab-shell) I'd bet money github does as well.
  
  – DMCoding
  Mar 31 '17 at 18:16
  

  
  
  
  

add a comment | 

0

the solution lies in the gitlab GUI: just click on the clone button, and paste in the command line.

$ git clone ssh://git@gitlab.mydomain.org:10022/mygroup/myproject.git

and you can verify everything is correct with:

$ git remote -v
origin ssh://git@gitlab.mydomain.org:10022/mygroup/myproject.git (fetch)
origin ssh://git@gitlab.mydomain.org:10022/mygroup/myproject.git (push)

share|improve this answer

edited 13 hours ago

answered yesterday

MaxiReglisseMaxiReglisse

1012

New contributor

MaxiReglisse is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  How does this address the question?
  
  – RalfFriedl
  yesterday
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f260564%2fforward-ssh-for-git-user-to-git-server%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

1

I have never done that but maybe this does what you want:

You can put a Match block for the user git in sshd_config which contains ForceCommand. The forced command can be an ssh login to the real server. You can use public key authentication without passphrase so the users might not even notice this.

share|improve this answer

answered Feb 7 '16 at 13:43

Hauke LagingHauke Laging

57.5k1287136

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Can we not forward the user's own public key auth token? The public key authentications and the repos they allow access to are managed by the git server itself -- just like github.
  
  – DMCoding
  Feb 7 '16 at 13:59
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  No, it is not possible with openssh. As late as you are in Match block, you can't redirect the connection to different ssh server.
  
  – Jakuje
  Feb 7 '16 at 15:14
  

  
  
  
  

add a comment | 

1

I have never done that but maybe this does what you want:

You can put a Match block for the user git in sshd_config which contains ForceCommand. The forced command can be an ssh login to the real server. You can use public key authentication without passphrase so the users might not even notice this.

share|improve this answer

answered Feb 7 '16 at 13:43

Hauke LagingHauke Laging

57.5k1287136

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Can we not forward the user's own public key auth token? The public key authentications and the repos they allow access to are managed by the git server itself -- just like github.
  
  – DMCoding
  Feb 7 '16 at 13:59
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  No, it is not possible with openssh. As late as you are in Match block, you can't redirect the connection to different ssh server.
  
  – Jakuje
  Feb 7 '16 at 15:14
  

  
  
  
  

add a comment | 

I have never done that but maybe this does what you want:

You can put a Match block for the user git in sshd_config which contains ForceCommand. The forced command can be an ssh login to the real server. You can use public key authentication without passphrase so the users might not even notice this.

share|improve this answer

answered Feb 7 '16 at 13:43

Hauke LagingHauke Laging

57.5k1287136

share|improve this answer

answered Feb 7 '16 at 13:43

Hauke LagingHauke Laging

57.5k1287136

answered Feb 7 '16 at 13:43

Hauke LagingHauke Laging

57.5k1287136

answered Feb 7 '16 at 13:43

Hauke LagingHauke Laging

57.5k1287136

1

A simpler approach would be:

Just tell your users to add an alias for your git-server to the ~/.ssh/config. Then they have the same convenience as with github and you don't have to do some weird redirections on the server side.

For example:

# put into ~/.ssh/config
Host mygitlab
Hostname git.example.org
Port 10022

Then your users can just clone etc. like this:

$ git clone mygitlab:someuser/somerepo.git

share|improve this answer

edited Feb 7 '16 at 14:21

answered Feb 7 '16 at 14:09

maxschlepzigmaxschlepzig

34.5k33140214

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  They are users, not administrators so that would not in any way be simpler. I really dont see how this is a weird idea -- what do github, bitbucket, etc. do? You're telling me they don't use SSH to administer their server fleet just because that port happens to be taken by their git software?
  
  – DMCoding
  Feb 7 '16 at 21:49
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @DanielJames probably they use a different port for admin?
  
  – nafg
  Mar 31 '17 at 5:53
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @nafg, doubtful when there's a more elegant way. You have a list of git users and a list of shell users. Shell users are allowed to use their default shell, git users are forced to use a special git shell binary which only allows git commands. Not difficult, not complicated, not hard to understand. Gitlabs do it (gitlab.com/gitlab-org/gitlab-shell) I'd bet money github does as well.
  
  – DMCoding
  Mar 31 '17 at 18:16
  

  
  
  
  

add a comment | 

1

A simpler approach would be:

Just tell your users to add an alias for your git-server to the ~/.ssh/config. Then they have the same convenience as with github and you don't have to do some weird redirections on the server side.

For example:

# put into ~/.ssh/config
Host mygitlab
Hostname git.example.org
Port 10022

Then your users can just clone etc. like this:

$ git clone mygitlab:someuser/somerepo.git

share|improve this answer

edited Feb 7 '16 at 14:21

answered Feb 7 '16 at 14:09

maxschlepzigmaxschlepzig

34.5k33140214

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  They are users, not administrators so that would not in any way be simpler. I really dont see how this is a weird idea -- what do github, bitbucket, etc. do? You're telling me they don't use SSH to administer their server fleet just because that port happens to be taken by their git software?
  
  – DMCoding
  Feb 7 '16 at 21:49
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @DanielJames probably they use a different port for admin?
  
  – nafg
  Mar 31 '17 at 5:53
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @nafg, doubtful when there's a more elegant way. You have a list of git users and a list of shell users. Shell users are allowed to use their default shell, git users are forced to use a special git shell binary which only allows git commands. Not difficult, not complicated, not hard to understand. Gitlabs do it (gitlab.com/gitlab-org/gitlab-shell) I'd bet money github does as well.
  
  – DMCoding
  Mar 31 '17 at 18:16
  

  
  
  
  

add a comment | 

A simpler approach would be:

Just tell your users to add an alias for your git-server to the ~/.ssh/config. Then they have the same convenience as with github and you don't have to do some weird redirections on the server side.

For example:

# put into ~/.ssh/config
Host mygitlab
Hostname git.example.org
Port 10022

Then your users can just clone etc. like this:

$ git clone mygitlab:someuser/somerepo.git

share|improve this answer

edited Feb 7 '16 at 14:21

answered Feb 7 '16 at 14:09

maxschlepzigmaxschlepzig

34.5k33140214

# put into ~/.ssh/config
Host mygitlab
Hostname git.example.org
Port 10022

$ git clone mygitlab:someuser/somerepo.git

share|improve this answer

edited Feb 7 '16 at 14:21

answered Feb 7 '16 at 14:09

maxschlepzigmaxschlepzig

34.5k33140214

answered Feb 7 '16 at 14:09

maxschlepzigmaxschlepzig

34.5k33140214

answered Feb 7 '16 at 14:09

maxschlepzigmaxschlepzig

34.5k33140214

0

the solution lies in the gitlab GUI: just click on the clone button, and paste in the command line.

$ git clone ssh://git@gitlab.mydomain.org:10022/mygroup/myproject.git

and you can verify everything is correct with:

$ git remote -v
origin ssh://git@gitlab.mydomain.org:10022/mygroup/myproject.git (fetch)
origin ssh://git@gitlab.mydomain.org:10022/mygroup/myproject.git (push)

share|improve this answer

edited 13 hours ago

answered yesterday

MaxiReglisseMaxiReglisse

1012

New contributor

MaxiReglisse is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  How does this address the question?
  
  – RalfFriedl
  yesterday
  

  
  
  
  

add a comment | 

0

the solution lies in the gitlab GUI: just click on the clone button, and paste in the command line.

$ git clone ssh://git@gitlab.mydomain.org:10022/mygroup/myproject.git

and you can verify everything is correct with:

$ git remote -v
origin ssh://git@gitlab.mydomain.org:10022/mygroup/myproject.git (fetch)
origin ssh://git@gitlab.mydomain.org:10022/mygroup/myproject.git (push)

share|improve this answer

edited 13 hours ago

answered yesterday

MaxiReglisseMaxiReglisse

1012

New contributor

MaxiReglisse is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  How does this address the question?
  
  – RalfFriedl
  yesterday
  

  
  
  
  

add a comment | 

the solution lies in the gitlab GUI: just click on the clone button, and paste in the command line.

$ git clone ssh://git@gitlab.mydomain.org:10022/mygroup/myproject.git

and you can verify everything is correct with:

$ git remote -v
origin ssh://git@gitlab.mydomain.org:10022/mygroup/myproject.git (fetch)
origin ssh://git@gitlab.mydomain.org:10022/mygroup/myproject.git (push)

share|improve this answer

edited 13 hours ago

answered yesterday

MaxiReglisseMaxiReglisse

1012

New contributor

MaxiReglisse is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

$ git clone ssh://git@gitlab.mydomain.org:10022/mygroup/myproject.git

$ git remote -v
origin ssh://git@gitlab.mydomain.org:10022/mygroup/myproject.git (fetch)
origin ssh://git@gitlab.mydomain.org:10022/mygroup/myproject.git (push)

share|improve this answer

edited 13 hours ago

answered yesterday

MaxiReglisseMaxiReglisse

1012

New contributor

MaxiReglisse is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

answered yesterday

MaxiReglisseMaxiReglisse

1012

New contributor

MaxiReglisse is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

answered yesterday

MaxiReglisseMaxiReglisse

1012