So yesterday I set up forgejo, which is the software behind codeberg, and imported all my 88 git repos from github, so far so good.
But then I spent the rest of the day trying to figure out how to be able to use port 22, which I already use for sshd to share it with forgejo so I could clone and push to it without the need of a non standart Port and I am almost giving up on it, almost. I will try today again, but I’m running out of options and the documentation is not telling me how to set it up.
So interesting, actually yesterday I was sporadically reading that page but not following it exactly. Now that you posted the link I really paid attention and followed it again, and I have the feeling I did exactly the same steps, but now it just worked!
Thanks so much, this is awesome, now I really don’t need GitHub anymore.
I’m glad it helped! From what I remember when I checked out forgejo their documentation was really lacking, but some of it has gotten better since they did the hard fork
Because otherwise I will need to set up a different way of logging in to authenticate on every computer. I’m using ssh for every git server. How do you authenticate, with a different access token for each git server in ~/.gitconfig?
How would they get my private key? I mean if they already have access to my private key on my computer then I have much bigger problems than them having access to the anyway public git repos.
Perhaps I’m misunderstanding the thread model you have, but isn’t ssh the standard way of accessing git repos because it is so much more secure compared to a username and password?
They can impersonate you and push code into the repos in your name with a high likelyhood of you not noticing it.
The typical hobby dev machine isn’t particularly secure and for sure less secure than the typical server. Accessing everything from there with a single key is a pretty gaping security hole IMHO.
There seems to be this common misconception that ssh keys are more secure than passwords, but that is only true when you use really weak passwords that you keep in your head instead of a password manager.
If you want to actually increase your security then you need to set up a second factor auth with a seperate device.
So yesterday I set up forgejo, which is the software behind codeberg, and imported all my 88 git repos from github, so far so good.
But then I spent the rest of the day trying to figure out how to be able to use port 22, which I already use for sshd to share it with forgejo so I could clone and push to it without the need of a non standart Port and I am almost giving up on it, almost. I will try today again, but I’m running out of options and the documentation is not telling me how to set it up.
Any tips are welcome!
You have to
Odd, setting this up with gitea (which forgejo was forked from) was painless, maybe their guide will help. There is a few different options
So interesting, actually yesterday I was sporadically reading that page but not following it exactly. Now that you posted the link I really paid attention and followed it again, and I have the feeling I did exactly the same steps, but now it just worked!
Thanks so much, this is awesome, now I really don’t need GitHub anymore.
Here is the script I used to migrate: https://git.jeena.net/jeena/github2forgejo
I’m glad it helped! From what I remember when I checked out forgejo their documentation was really lacking, but some of it has gotten better since they did the hard fork
Why the need to push via ssh? I am genuinely wondering, since you can easily push without having that enabled at all.
That’s an odd question as ssh is very convenient and secure compared to https.
Convenient, yes. But if used like that quite insecure.
Oh, no. It’s more secure than https if done properly (i.e. backed by hardware key and/or a quality password) I’d say.
Because otherwise I will need to set up a different way of logging in to authenticate on every computer. I’m using ssh for every git server. How do you authenticate, with a different access token for each git server in ~/.gitconfig?
Ok, I understand that this is a bit inconvenient, but you can use a password manager for the required git push logins.
But you are not concerened that someone compromising your ssh keys gets full access to all your repos?
How would they get my private key? I mean if they already have access to my private key on my computer then I have much bigger problems than them having access to the anyway public git repos.
Perhaps I’m misunderstanding the thread model you have, but isn’t ssh the standard way of accessing git repos because it is so much more secure compared to a username and password?
They can impersonate you and push code into the repos in your name with a high likelyhood of you not noticing it.
The typical hobby dev machine isn’t particularly secure and for sure less secure than the typical server. Accessing everything from there with a single key is a pretty gaping security hole IMHO.
There seems to be this common misconception that ssh keys are more secure than passwords, but that is only true when you use really weak passwords that you keep in your head instead of a password manager.
If you want to actually increase your security then you need to set up a second factor auth with a seperate device.