Forgejo built-in SSH server not authenticating public keys
-
Hi all,
I have Forgejo 14.0.3 running on Cloudron and I'm unable to authenticate via SSH using public key authentication. HTTPS with a personal access token works fine, so the issue is specific to SSH.
Setup:
- Forgejo 14.0.3+gitea-1.22.0
- SSH domain: git.albiobola.nl
- SSH port: 29418 (built-in SSH server, not system SSH)
- Running on Cloudron
What I have verified:
- Port 29418 is open and reachable (confirmed with netcat)
- The SSH key is correctly stored in the PostgreSQL database (verified directly in the public_key table)
- The key fingerprint in the database matches the local key exactly
- The Forgejo user account is active
- DISABLE_SSH = false and START_SSH_SERVER = true in app.ini
- SSH_ROOT_PATH = /app/data/ssh
- The /app/data/ssh/ directory exists and is owned by the cloudron user
- Forgejo process runs as the cloudron user
The error:
ssh -T git@git.albiobola.nl -p 29418 git@git.albiobola.nl: Permission denied (publickey).What's strange:
- No log files are being written anywhere under /app or /run/forgejo
- The [log] section in app.ini is present but empty
- The /app/data/ssh/ folder remains empty — Forgejo never writes an authorized_keys file there
- Verbose SSH output shows the key is being offered correctly and the connection reaches Forgejo's built-in SSH server (remote software version: Go)
Relevant app.ini:
[server] DISABLE_SSH = false START_SSH_SERVER = true SSH_DOMAIN = git.albiobola.nl SSH_PORT = 29418 SSH_LISTEN_HOST = 0.0.0.0 SSH_LISTEN_PORT = 29418 SSH_ROOT_PATH = /app/data/ssh [database] DB_TYPE = postgres [log] ROOT_PATH = /run/forgejoHas anyone experienced this with the Cloudron Forgejo package? Is there any additional configuration needed to make the built-in SSH server work properly? Any help appreciated!
-
Hello @chrisbol
Just tested a fresh Forgejo installation and could not reproduce your issue.
I did not configure anything in the settings file.Simply added my public key to my profile, created an empty repo, cloned wiith ssh with zero issues.
git clone ssh://cloudron@forrgejo.cloudron.dev:29418/james/sshtest.git && \ cd sshtest && \ cat README.md Cloning into 'sshtest'... remote: Enumerating objects: 3, done. remote: Counting objects: 100% (3/3), done. remote: Total 3 (delta 0), reused 0 (delta 0), pack-reused 0 Receiving objects: 100% (3/3), done. File: README.md # SSHTEST -
OK, thanks to your answer I now know that I had to change "ssh -T git@git.albiobola.nl -p 29418" to "ssh -T cloudron@git.albiobola.nl -p 29418"
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login