SSH not working using Gitea on docker with traefik

  docker, docker-compose, gitea, ssh, traefik

I have installed gitea on docker (docker-compose) with traefik (v2.3) as reverse proxy. I’m trying to set up ssh but it’s failing, both to SSH into and (mainly) to perform git clone and push.

I get

<user>@<domain>: Permission denied (publickey).

I have tried specifying ports in the docker-compose file for the traefik container

ports:
  - "22:22"

and in the docker-compose for gitea I have the following labels:

  # SSH
  - "traefik.http.routers.gitea_ssh.rule=HOST(`gitea.localhost`)"
  - "traefik.http.routers.gitea_ssh.entrypoints=ssh"
  - "traefik.http.routers.gitea_ssh.service=gitea_ssh"
  # Services
  - "traefik.http.services.gitea_ssh.loadbalancer.server.port=22"

I have similar setup for http and https, http is redirected to https.

Entrypoints is defined in traefik.yml as ":22"

This however doesn’t work. I figured signal flow would go like this:

ssh request -> server port 1234 -> docker port 22 -> traefik redirects -> gitea container port 22 

I have uploaded public key to

The response I get with this setup for ssh connection request is:

<login on computer>:/ <user>$ ssh -v <address to gitea>
OpenSSH_8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /<Path to config>/config
debug1: /<Path to config>/config line 12: Applying options for <address to gitea>
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 47: Applying options for *
debug1: Connecting to <address to gitea> port 1234.
debug1: Connection established.
debug1: identity file /<Path to private key>/private-key type 0
debug1: identity file /<Path to private key>/private-key-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.1
debug1: kex_exchange_identification: banner line 0: HTTP/1.1 400 Bad Request
debug1: kex_exchange_identification: banner line 1: Content-Type: text/plain; charset=utf-8
debug1: kex_exchange_identification: banner line 2: Connection: close
debug1: kex_exchange_identification: banner line 3: 
kex_exchange_identification: Connection closed by remote host

And when I try to access git clone:

<login on computer>:/ <user>$ git clone [email protected]<address to gitea>:<path to repo>.git
Cloning into 'some-repo'...
kex_exchange_identification: Connection closed by remote host
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Source: Docker Questions

LEAVE A COMMENT