Fully disable of SSH setup if SSH is not enabled #321

New Issue

Open

opened 2022-05-10 08:07:24 +00:00 by AnkitShankdhar · 3 comments

AnkitShankdhar commented 2022-05-10 08:07:24 +00:00 (Migrated from gitea.com)

Copy Link

While installing Gitea, the ssh is been disabled.
The requirement is to remove the ssh-svc as well when ssh is disabled in Gitea.

Below are the comment as received in Gitea.

The SSH Service is disabled , but the SVC shows the port 22. The port 22 is been scanned by the scanner and report the issue.

It's not related to Gitea itself, but docker-compose/helmchart or other methods you used to deploy Gitea.

For helmchart, see: https://gitea.com/gitea/helm-chart/src/branch/master/templates/gitea/ssh-svc.yaml

You could propose PRs on the helmchar repository.

While installing Gitea, the ssh is been disabled. The requirement is to remove the ssh-svc as well when ssh is disabled in Gitea. Below are the comment as received in Gitea. The SSH Service is disabled , but the SVC shows the port 22. The port 22 is been scanned by the scanner and report the issue. It's not related to Gitea itself, but docker-compose/helmchart or other methods you used to deploy Gitea. For helmchart, see: https://gitea.com/gitea/helm-chart/src/branch/master/templates/gitea/ssh-svc.yaml You could propose PRs on the helmchar repository.

👍 1

AnkitShankdhar commented 2022-05-18 06:11:40 +00:00 (Migrated from gitea.com)

Copy Link

Hi

Please suggest If the ssh-svc can be removed while installing Gitea.

Hi Please suggest If the ssh-svc can be removed while installing Gitea.

luhahn commented 2022-05-18 07:37:20 +00:00 (Migrated from gitea.com)

Copy Link

Of course, if ssh has been disabled, there would be no need for the service. Feel free to provide a PR for this Issue.

Of course, if ssh has been disabled, there would be no need for the service. Feel free to provide a PR for this Issue.

justusbunsi commented 2022-06-11 11:44:55 +00:00 (Migrated from gitea.com)

Copy Link

Hi @AnkitShankdhar. If I understand you correctly, you are talking about a way to completely disable any SSH related feature within the Helm Chart. Is this correct?

In that case there would be a few things to do:

• Allow disabling .Values.service.ssh
• Skip any injection of SSH related settings for app.ini composing
• Prevent SSH related environment variables being exposed to the container
• Do not expose the SSH port from the container to the Kubernetes cluster

IMO the enable/disable logic of .Values.service.ssh would be the feature toggle for the SSH capability. Without a Kubernetes service as centralized endpoint for incoming SSH traffic, no SSH logic inside Gitea allows for accessing it via SSH, AFAIK.

Hi @AnkitShankdhar. If I understand you correctly, you are talking about a way to completely disable any SSH related feature within the Helm Chart. Is this correct? In that case there would be a few things to do: - Allow disabling `.Values.service.ssh` - Skip any injection of SSH related settings for `app.ini` composing - Prevent SSH related environment variables being exposed to the container - Do not expose the SSH port from the container to the Kubernetes cluster IMO the enable/disable logic of `.Values.service.ssh` would be the _feature toggle_ for the SSH capability. Without a Kubernetes service as centralized endpoint for incoming SSH traffic, no SSH logic inside Gitea allows for accessing it via SSH, AFAIK.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

No results found.

v10.6.0

v10.5.0

v10.4.1

v10.4.0

v10.3.0

v10.2.0

v10.1.4

v10.1.3

v10.1.2

v10.1.1

v10.1.0

v10.0.2

v10.0.1

v10.0.0

v9.6.1

v9.6.0

v9.5.1

v9.5.0

v9.4.0

v9.3.0

v9.2.1

v9.2.0

v9.1.0

v9.0.4

v9.0.3

v9.0.2

v9.0.1

v9.0.0

v8.3.0

v8.2.0

v8.1.0

v8.0.3

v8.0.2

v8.0.1

v8.0.0

v7.0.4

v7.0.3

v7.0.2

v7.0.1

v7.0.0

v6.0.5

v6.0.4

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.9

v5.0.8

v5.0.7

v5.0.6

v5.0.5

v5.0.4

v5.0.3

v5.0.2

v5.0.1

v5.0.0

v4.1.1

v4.1.0

v4.0.3

v4.0.2

v4.0.1

v4.0.0

v3.1.4

v3.1.3

v3.1.2

v3.1.1

v3.1.0

v3.0.0

v2.2.5

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.11

v2.1.10

v2.1.9

v2.1.8

v2.1.7

v2.1.6

v2.1.5

v2.1.4

v2.1.3

v2.1.2

v2.1.1

v2.1.0

v2.0.7

v2.0.6

v2.0.5

v2.0.4

v2.0.3

v2.0.2

v2.0.0

v1.5.5

v1.5.4

v1.5.3

v1.5.2

v1.5.1

v1.5.0

v1.4.9

v1.4.8

v1.4.7

v1.4.6

v1.4.5

v1.4.4

v1.4.3

v1.4.2

Labels

Clear labels

has/backport

in progress

invalid

kind/breaking

kind/bug

kind/build

kind/dependency

kind/deployment

kind/docs

kind/enhancement

kind/feature

kind/lint

kind/proposal

kind/question

kind/refactor

kind/security

kind/testing

kind/translation

kind/ui

need/backport

priority/critical

priority/low

priority/maybe

priority/medium

reviewed/duplicate

reviewed/invalid

reviewed/wontfix

skip-changelog

status/blocked

status/needs-feedback

status/needs-reviews

status/wip

upstream/gitea

upstream/other

No Label

kind/proposal

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: lunny/helm-chart#321

No description provided.