Hello all! Yesterday I started hosting forgejo, and in order to clone repos outside my home network through ssh://, I seem to need to open a port for it in my router. Is that safe to do? I can’t use a vpn because I am sharing this with a friend. Here’s a sample docker compose file:
version: "3"
networks:
forgejo:
external: false
services:
server:
image: codeberg.org/forgejo/forgejo:7
container_name: forgejo
environment:
- USER_UID=1000
- USER_GID=1000
- FORGEJO__database__DB_TYPE=postgres
- FORGEJO__database__HOST=db:5432
- FORGEJO__database__NAME=forgejo
- FORGEJO__database__USER=forgejo
- FORGEJO__database__PASSWD=forgejo
restart: always
networks:
- forgejo
volumes:
- ./forgejo:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "3000:3000"
- "222:22" # <- port 222 is the one I'd open, in this case
depends_on:
- db
db:
image: postgres:14
restart: always
environment:
- POSTGRES_USER=forgejo
- POSTGRES_PASSWORD=forgejo
- POSTGRES_DB=forgejo
networks:
- forgejo
volumes:
- ./postgres:/var/lib/postgresql/data
And to clone I’d do
git clone ssh://git@<my router ip>:<the port I opened, in this case 222>/path/to/repo
Is that safe?
EDIT: Thank you for your answers. I have come to the conclusion that, regardless of whether it is safe, it doesn’t make sense to increase the attack surface when I can just use https and tokens, so that’s what I am going to do.
I am still very much a noob to self-hosting, but I am not the one managing this ssh port, forgero is. Is there not any difference between the two? I think you can only access the forgejo ssh if you have a matching private key for one of the user’s public keys…
(And although it surprised me too, I couldn’t find information about the safety of specifically this online)
There’s a lot of wrong advice about this subject on this post. Forgejo, and any other Git forge server, have a completely different security model than regular SSH. All authenticated users run with the same PID and are restricted to accessing Git commands. It uses the secure shell protocol but it is not a shell. The threat model is different. Anybody can sign up for a GitHub or Codeberg account and they will be granted SSH access, but that access only allows them to push and pull Git data according to their account permissions.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !selfhosted@lemmy.world
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
I am still very much a noob to self-hosting, but I am not the one managing this ssh port, forgero is. Is there not any difference between the two? I think you can only access the forgejo ssh if you have a matching private key for one of the user’s public keys…
(And although it surprised me too, I couldn’t find information about the safety of specifically this online)
There’s a lot of wrong advice about this subject on this post. Forgejo, and any other Git forge server, have a completely different security model than regular SSH. All authenticated users run with the same PID and are restricted to accessing Git commands. It uses the secure shell protocol but it is not a shell. The threat model is different. Anybody can sign up for a GitHub or Codeberg account and they will be granted SSH access, but that access only allows them to push and pull Git data according to their account permissions.
Git works fine over https though, no need to increase the attack surface by enabling SSH access in Forgejo.
That’s also a possibility, yes. Probably what I should do, taking the rest of the answers into account