• Jeena@piefed.jeena.net
    link
    fedilink
    English
    arrow-up
    16
    ·
    2 months ago

    So yesterday I set up forgejo, which is the software behind codeberg, and imported all my 88 git repos from github, so far so good.

    But then I spent the rest of the day trying to figure out how to be able to use port 22, which I already use for sshd to share it with forgejo so I could clone and push to it without the need of a non standart Port and I am almost giving up on it, almost. I will try today again, but I’m running out of options and the documentation is not telling me how to set it up.

    Any tips are welcome!

    • Kairos@lemmy.today
      link
      fedilink
      arrow-up
      6
      ·
      2 months ago

      You have to

      1. Make sure access is allowed on the sshd server side for the user Forgejo is running on
      2. Ensure it’s enabled in Forgejo settings
      3. Add your SSH key into your user settings
    • Gamma@beehaw.org
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      2 months ago

      Odd, setting this up with gitea (which forgejo was forked from) was painless, maybe their guide will help. There is a few different options

      • Jeena@piefed.jeena.net
        link
        fedilink
        English
        arrow-up
        8
        ·
        2 months ago

        So interesting, actually yesterday I was sporadically reading that page but not following it exactly. Now that you posted the link I really paid attention and followed it again, and I have the feeling I did exactly the same steps, but now it just worked!

        Thanks so much, this is awesome, now I really don’t need GitHub anymore.

        Here is the script I used to migrate: https://git.jeena.net/jeena/github2forgejo

        • Gamma@beehaw.org
          link
          fedilink
          English
          arrow-up
          4
          ·
          2 months ago

          I’m glad it helped! From what I remember when I checked out forgejo their documentation was really lacking, but some of it has gotten better since they did the hard fork

    • poVoq@slrpnk.net
      link
      fedilink
      arrow-up
      4
      ·
      2 months ago

      Why the need to push via ssh? I am genuinely wondering, since you can easily push without having that enabled at all.

      • Jeena@piefed.jeena.net
        link
        fedilink
        English
        arrow-up
        5
        ·
        2 months ago

        Because otherwise I will need to set up a different way of logging in to authenticate on every computer. I’m using ssh for every git server. How do you authenticate, with a different access token for each git server in ~/.gitconfig?

        • poVoq@slrpnk.net
          link
          fedilink
          arrow-up
          1
          ·
          2 months ago

          Ok, I understand that this is a bit inconvenient, but you can use a password manager for the required git push logins.

          But you are not concerened that someone compromising your ssh keys gets full access to all your repos?

          • Jeena@piefed.jeena.net
            link
            fedilink
            English
            arrow-up
            3
            ·
            2 months ago

            How would they get my private key? I mean if they already have access to my private key on my computer then I have much bigger problems than them having access to the anyway public git repos.

            Perhaps I’m misunderstanding the thread model you have, but isn’t ssh the standard way of accessing git repos because it is so much more secure compared to a username and password?

            • poVoq@slrpnk.net
              link
              fedilink
              arrow-up
              1
              ·
              edit-2
              2 months ago

              They can impersonate you and push code into the repos in your name with a high likelyhood of you not noticing it.

              The typical hobby dev machine isn’t particularly secure and for sure less secure than the typical server. Accessing everything from there with a single key is a pretty gaping security hole IMHO.

              There seems to be this common misconception that ssh keys are more secure than passwords, but that is only true when you use really weak passwords that you keep in your head instead of a password manager.

              If you want to actually increase your security then you need to set up a second factor auth with a seperate device.

          • tyler@programming.dev
            link
            fedilink
            arrow-up
            1
            ·
            edit-2
            2 months ago

            Huh? ssh is much more secure than https.

            Edit: the security is essentially the same, but having one password every machine vs individual ssh keys seems like a huge advantage to me. Also ssh means you don’t ever accidentally allow read access that you don’t mean to.

            • poVoq@slrpnk.net
              link
              fedilink
              arrow-up
              1
              ·
              2 months ago

              Well, the situation in this case seems to be the exact opposite, i.e. reusing the same SSH key for multiple repos Vs. being easily able to have different passwords for different repos with a password-manager.