How do I use xinetd to forward port 22 for SSH connections to Stash

'How Do I...' and 'How to...' Guide to Stash

このページの内容

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

このページの内容は、サポート対象外のプラットフォームに関連しています。したがって、アトラシアンは、そのためのサポートの提供を保証できません 。この資料は情報提供のみを目的としているため、お客様自身の責任でご使用ください。

目的

By default, Stash listens for SSH connections on port 7999, this guide will help forward port 22 so that SSH operations can be accessed at ssh://git@stash.mycompany.com/PROJECT/repo.git instead of ssh://git@stash.mycompany.com:7999/PROJECT/repo.git. The default sshd service will need to be moved to an alternative port other than 22.

This is an alternative to using HAProxy as described in Setting up SSH port forwarding.

ソリューション

Single IP Address Available

  • Using the package manager for your distribution (apt-get, yum, or rpm), install xinetd
  • Create a configuration file named stash_ssh under /etc/xinetd.d with the following content

    service stash_ssh
    {
            disable         = no
            type            = UNLISTED
            socket_type     = stream
            protocol        = tcp
            user            = nobody
            wait            = no
            redirect        = 127.0.0.1 7999
            port            = 22
    }
  • Restart xinetd with /etc/init.d/xinetd restart
  • Once port forwarding is set up, you will need to configure the SSH base URL in Stash so that the clone urls presented in Stash indicate the correct host and port to clone from. See the SSH base URL section in Enabling SSH access to Git repositories in Stash.

Multiple IP Addresses Available

This option is available if more than one IP address is available on the server. sshd_config will need to be modified so that it listens to only one of the IP addresses.


  • Using the package manager for your distribution (apt-get, yum, or rpm), install xinetd
  • Create a configuration file named stash_ssh under /etc/xinetd.d with the following content

    service stash_ssh
    {
            disable         = no
            type            = UNLISTED
            socket_type     = stream
            protocol        = tcp
            user            = nobody
            wait            = no
            redirect        = 127.0.0.1 7999
            bind            = 192.168.1.11
            port            = 22
    }
  • Modify /etc/ssh/sshd_config so that it will only bind to one of the IP addresses (different from what xinetd is listening on

    /etc/ssh/sshd_config
    # Package generated configuration file
    # See the sshd_config(5) manpage for details
    
    # What ports, IPs and protocols we listen for
    Port 22
    
    # Use these options to restrict which interfaces/protocols sshd will bind to
    #ListenAddress ::
    ListenAddress 192.168.1.10
    ListenAddress 127.0.0.1
    Protocol 2
    
    # HostKeys for protocol version 2
    HostKey /etc/ssh/ssh_host_rsa_key
    HostKey /etc/ssh/ssh_host_dsa_key
  • Restart xinetd with /etc/init.d/xinetd restart
  • Restart sshd with service sshd restart
  • Once port forwarding is set up, you will need to configure the SSH base URL in Stash so that the clone urls presented in Stash indicate the correct host and port to clone from. See the SSH base URL section in Enabling SSH access to Git repositories in Stash.
最終更新日 2016 年 3 月 30 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.