BOGOF, ssh for host and git

Wow, that’s a great offer.

Because I tried to containerize service with Podman, I installed gitlab on my server (I definitely need it) and linked the SSH service on a weird port, let’s say 55555 and the 80 on 8080 (no need for https, I stay inside my network and I’m working on installing squid proxy in a container to proxing all my sites (as strange as it may sound, I’m looking to use Podman instead of VM running OpenBSD(my sweet love))) <-Lisp touch ;'(.

podman run -d --restart always --hostname gitlab.arch-libertas.net --publish 8080:80 --publish 55555:22 --name gitlab docker.io/gitlab/gitlab-ce:latest

Of course we open the weird ssh ports in the active zone:

sudo firewall-cmd --add-port=55555/tcp --permanent
sudo firewall-cmd --reload

idem for the http:

sudo firewall-cmd --add-port=8080/tcp --permanent
sudo firewall-cmd --reload

Super cool I can use my gitlab, but, how can I connect to ssh easily on this port?

First, from the http interface, in the client’s settings, go to SSH Key and add your public key located in /home/$(whoami)/.ssh/id_rsa.pub (or id_AnotherCipher.pub), I you don’t have one, do ssh-keygen.
Then you’ll see your fingerprint added (blurred on the picture below)

Cool, I can do a ssh USER@HOST -p 55555, but what a pain in the arse with git. Wait bro, there is a solution, the ssh config file is there for you, just change USER by your gitlab username and my host by yours:

echo "Host gitlab.arch-libertas.net
User USER
Port 55555" >> /home/$(whoami)/.ssh/config

Now, when you ssh USER@HOST, it will automatically connect you to the host through the port configured in the config file and, if you change HOST to IP, it will connect to port 22. 🙂 in this situation, I can use different ssh ports on different services on my host just by configuring different hostnames in /etc/hosts and in ~/.ssh/config

TADAAAM

Much more information here

For exemple you can explicit a key and force to connect by only that key adding:

IdentityFile ~/.ssh/id_rsa_gitlab
IdentitiesOnly yes