ssh Archives - blog.icod.de

gitea log configuration for fail2ban

19. March 2025

Gitea since 1.21 has a different logging configuration format. TL;DR If you want to configure fail2ban to ban those failed ssh login attempts, use this log section in app.ini

[log]
LEVEL = Info
MODE = file
ROOT_PATH = /var/lib/gitea/log/
logger.default.MODE = file
logger.access.MODE =
logger.xorm.MODE =
logger.router.MODE =
ENABLE_SSH_LOG = true
[log.file]
default.FILE_NAME = gitea.log
LOG_ROTATE = true
MAX_SIZE_SHIFT = 28
DAILY_ROTATE = true
MAX_DAYS = 7
COMPRESS = true
COMPRESSION_LEVEL = -1

[log]

LEVEL = Info

MODE = file

ROOT_PATH = /var/lib/gitea/log/

logger.default.MODE = file

logger.access.MODE =

logger.xorm.MODE =

logger.router.MODE =

ENABLE_SSH_LOG = true

[log.file]

default.FILE_NAME = gitea.log

LOG_ROTATE = true

MAX_SIZE_SHIFT = 28

DAILY_ROTATE = true

MAX_DAYS = 7

COMPRESS = true

COMPRESSION_LEVEL = -1

Sadly you can’t turn off all logging except the SSH log. You have to wear your SSD. The actual fail2ban configuration is described on their […]

sshd sftp chroot jail howto

5. October 2023

Problem description: You would like to jail users to their home directories and not allow shell access, only sftp access. Solution: SFTP chroot jail 1. Create a system group. Here I call it sftponly.

groupadd -r sftponly

1	groupadd -r sftponly

2. edit the sshd_config file, usually residing in /etc/ssh/sshd_config (in weird opensuse it’s in /usr/etc/sshd/ ) and append (it needs […]