You are not logged in.

Pages: 1

#1 2026-03-18 11:37:01

AtmIgn
Member
Registered: 2024-12-18
Posts: 19

[SOLVED] Pass Forgejo's authorized_keys file to sshd

Hi,

I have recently installed Forgejo on my server, and I've been trying to fix my access to git operations over SSH after I changed Forgejo from running under the "forgejo" user to running under "git". I think the authentication failures point to sshd looking for the authorized_keys file through systemd-userdbd, but can't find it, because userdbd didn't load them. How can I tell userdbd where to get the keys from?

Mar 18 07:28:44 sshd-session[218179]: debug3: subprocess: AuthorizedKeysCommand command "/usr/bin/userdbctl ssh-authorized-keys git" running as root (flags 0x6)
Mar 18 07:28:44 sshd-session[218179]: debug1: temporarily_use_uid: 0/0 (e=0/0)
Mar 18 07:28:44 sshd-session[218179]: debug1: restore_uid: 0/0
Mar 18 07:28:44 sshd-session[218179]: debug3: subprocess: AuthorizedKeysCommand pid 218184
Mar 18 07:28:44 sshd-session[218179]: debug1: temporarily_use_uid: 0/0 (e=0/0)
Mar 18 07:28:44 sshd-session[218184]: debug3: sigaction(Killed): Invalid argument
Mar 18 07:28:44 sshd-session[218184]: debug3: sigaction(Stopped (signal)): Invalid argument
Mar 18 07:28:44 sshd-session[218184]: debug3: sigaction(Unknown signal 32): Invalid argument
Mar 18 07:28:44 sshd-session[218184]: debug3: sigaction(Unknown signal 33): Invalid argument
Mar 18 07:28:44 sshd-session[218179]: debug2: auth_check_authkeys_file: /usr/bin/userdbctl ssh-authorized-keys %u: processed 0/0 lines
Mar 18 07:28:44 sshd-session[218179]: debug1: restore_uid: 0/0
Mar 18 07:28:44 sshd-session[218179]: debug3: mm_answer_keyallowed: publickey authentication test: ED25519 key is not allowed

Thank you for any answers.

Last edited by AtmIgn (2026-03-31 18:21:58)

Offline

#2 2026-03-18 19:47:27

stu
Member
Registered: 2021-10-19
Posts: 26

Re: [SOLVED] Pass Forgejo's authorized_keys file to sshd

How did you change that?

This might mean that also the home directory changed, and depending on how it's configured, forgejo might still write the file to its old home.
sshd will normally only look in the git user's $HOME/.ssh/authorized_keys - and if you copied / moved the file there, are the directory / file permission correct (e.g. not still owned / writable by the old forgejo user)? sshd is very picky about those things.

Offline

#3 2026-03-19 04:33:48

AtmIgn
Member
Registered: 2024-12-18
Posts: 19

Re: [SOLVED] Pass Forgejo's authorized_keys file to sshd

I overrode the user systemd starts Forgejo under with a drop-in unit file.

/etc/systemd/system/forgejo.service.d/override.conf
[Service]
User=git
Group=git
WorkingDirectory=/var/lib/forgejo
ReadWritePaths=/etc/forgejo/app.ini /etc/forgejo/.ssh/authorized_keys
ReadOnlyPaths=/etc/forgejo/ssh-signing
RuntimeDirectory=git
LogsDirectory=git
StateDirectory=git
/etc/forgejo/app.ini
SSH_ROOT_PATH = /etc/forgejo/.ssh

The fix ended up being running:

sudo usermod -d /etc/forgejo/ git

Offline

Pages: 1

Board footer

Powered by FluxBB