Hello all! Yesterday I started hosting forgejo, and in order to clone repos outside my home network through ssh://, I seem to need to open a port for it in my router. Is that safe to do? I can’t use a vpn because I am sharing this with a friend. Here’s a sample docker compose file:
version: "3"
networks:
forgejo:
external: false
services:
server:
image: codeberg.org/forgejo/forgejo:7
container_name: forgejo
environment:
- USER_UID=1000
- USER_GID=1000
- FORGEJO__database__DB_TYPE=postgres
- FORGEJO__database__HOST=db:5432
- FORGEJO__database__NAME=forgejo
- FORGEJO__database__USER=forgejo
- FORGEJO__database__PASSWD=forgejo
restart: always
networks:
- forgejo
volumes:
- ./forgejo:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "3000:3000"
- "222:22" # <- port 222 is the one I'd open, in this case
depends_on:
- db
db:
image: postgres:14
restart: always
environment:
- POSTGRES_USER=forgejo
- POSTGRES_PASSWORD=forgejo
- POSTGRES_DB=forgejo
networks:
- forgejo
volumes:
- ./postgres:/var/lib/postgresql/data
And to clone I’d do
git clone ssh://git@<my router ip>:<the port I opened, in this case 222>/path/to/repo
Is that safe?
EDIT: Thank you for your answers. I have come to the conclusion that, regardless of whether it is safe, it doesn’t make sense to increase the attack surface when I can just use https and tokens, so that’s what I am going to do.
I am still very much a noob to self-hosting, but I am not the one managing this ssh port, forgero is. Is there not any difference between the two? I think you can only access the forgejo ssh if you have a matching private key for one of the user’s public keys…
(And although it surprised me too, I couldn’t find information about the safety of specifically this online)
Git works fine over https though, no need to increase the attack surface by enabling SSH access in Forgejo.
That’s also a possibility, yes. Probably what I should do, taking the rest of the answers into account
There’s a lot of wrong advice about this subject on this post. Forgejo, and any other Git forge server, have a completely different security model than regular SSH. All authenticated users run with the same PID and are restricted to accessing Git commands. It uses the secure shell protocol but it is not a shell. The threat model is different. Anybody can sign up for a GitHub or Codeberg account and they will be granted SSH access, but that access only allows them to push and pull Git data according to their account permissions.