enable ecdsa and /or ed25519 for buildin ssh server (rootless instances) #11

New issue

Open

opened 2025-12-08 12:51:27 +00:00 by Ghostinvisible-forgejo-org · 1 comment

Ghostinvisible-forgejo-org commented 2025-12-08 12:51:27 +00:00

Copy link

Currently rootless instances only have rsa enabled, we should generate ecdsa and /or ed25519 keys.

Steps:

• generate keys on k8s host

  ssh-keygen -t ed25519 -f /precious/k8s/<pvc>/ssh/ed25519
  ssh-keygen -t ecdsa -f /precious/k8s/<pvc>/ssh/ecdsa
  

• update values config

  gitea:
    config:
      server:
        SSH_SERVER_HOST_KEYS: ssh/gitea.rsa,ssh/ecdsa,ssh/ed25519
  

Currently rootless instances only have rsa enabled, we should generate `ecdsa` and /or `ed25519` keys. ## Steps: - generate keys on k8s host ```sh ssh-keygen -t ed25519 -f /precious/k8s/<pvc>/ssh/ed25519 ssh-keygen -t ecdsa -f /precious/k8s/<pvc>/ssh/ecdsa ``` - update `values` config ```yaml gitea: config: server: SSH_SERVER_HOST_KEYS: ssh/gitea.rsa,ssh/ecdsa,ssh/ed25519 ```

👍 1

Ghostinvisible-forgejo-org commented 2025-12-08 12:51:27 +00:00

Author

Copy link

Sounds like a good idea.

Sounds like a good idea.

root added the

enhancement

label 2025-12-08 13:31:27 +00:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

renovate/ghcr.io-visualon-roundcube-1.6.11

renovate/ghcr.io-visualon-nginx-1.28.0

renovate/bitnami-valkey-9.0.0

renovate/bitnami-kubectl-1.34.2

renovate/ghcr.io-traefik-traefik-3.x

feat/v7-anubis-policy

No results found.

Labels

Clear labels   

bug

Something is not working

  

cleanup

  

duplicate

This issue or pull request already exists

  

enhancement

New feature

  

forgefriends

https://code.forgejo.org/infrastructure/k8s-cluster/src/branch/main/.forgejo/workflows/sync.yml

  

help wanted

Need some help

  

hetzner

Hetzner related problems and work items.

  

invalid

Something is wrong

  

label workflow

a workflow is associated with this issue and will trigger when labels are updated

  

need more info

  

question

More information is needed

  

refactor

No functional change, reorganization

  

static-site

https://code.forgejo.org/infrastructure/k8s-cluster/src/branch/main/.forgejo/workflows/sync.yml

  

sync

https://code.forgejo.org/infrastructure/k8s-cluster/src/branch/main/.forgejo/workflows/build.yml

  

wontfix

This won't be fixed

No labels

bug

cleanup

duplicate

enhancement

forgefriends

help wanted

hetzner

invalid

label workflow

need more info

question

refactor

static-site

sync

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

infrastructure/k8s-cluster#11

No description provided.