7

I've just installed GitLab CE on my VPS running Ubuntu 14.0.4 LTS via omnibus, made the following changes to /etc/gitlab/gitlab.rb and re-ran sudo gitlab-ctl reconfigure:

gitlab_workhorse['listen_network'] = "tcp"
gitlab_workhorse['listen_addr'] = "127.0.0.1:8181"
external_url 'https://gitlab.myserver.com/'
gitlab_rails['gitlab_shell_ssh_port'] = 2222
web_server['external_users'] = ['www-data']
nginx['enable'] = false

My Apache VirtualHost configuration is working and I can access the web interface on https://gitlab.myserver.com/, where I've added my SSH key, but when cloning/pushing/etc to or from ssh://git@gitlab.myserver.com:2222/mygroup/myproject.git I receive

ssh: connect to host gitlab.myserver.com port 2222: Connection refused
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

$ ssh -vvv -T -p 2222 gitlab.myserver.com:

OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /home/me/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to gitlab.myserver.com [12.34.56.78] port 2222.
debug1: connect to address 12.34.56.78 port 2222: Connection refused
ssh: connect to host gitlab.myserver.com port 2222: Connection refused

$ netstat -tlpn does not list any process listening on port 2222
$ sudo gitlab-rake gitlab:check does not produce any errors or warnings (http://pastebin.com/ThCJ0nU7)

Port 2222/tcp is allowed in ufw

Johannes Trümpelmann
  • 173
  • 1
  • 1
  • 5

1 Answers1

10

You need to to set up option gitlab_rails['gitlab_shell_ssh_port'] = 2222 based on the port where is your sshd server running.

Gitlab is not running separate ssh server, if I am right. If you run sshd on standard port, just swap to 22, restart gitlab and sshd and try again on standard port.

If you insist on running on different port, you need to modify also your sshd_config and potentially other stuff on your VPS.

Maicon Mauricio
  • 103
  • 4
Jakuje
  • 9,145
  • 2
  • 40
  • 44
  • 1
    This is correct. Gitlab sets up a special user to do what it does, so it relies on the system ssh daemon. The config for rails is used for internal config. – sysadmin1138 Dec 17 '15 at 00:30
  • Thanks, I've added `Port 2222` and `AllowUsers ... git` to my `sshd_config` and I can use git without any problems -- but neither do I want my other users to be able to use "real" SSH on port 2222, nor GitLab running on my default SSH port. – Johannes Trümpelmann Dec 17 '15 at 12:08
  • Did you try it with normal `ssh`? It should be forbidden by some `ForceCommand` in front of the keys in `authorized_keys`, if I am right. – Jakuje Dec 17 '15 at 12:25
  • With my administrative account I can `ssh` on port 2222 just as on my other ssh port, which makes sense as `/home/admin/.ssh/authorized_keys` is loaded, which does not contain anything else but my ssh key – Johannes Trümpelmann Dec 18 '15 at 15:52