ssh: allow overriding SSH_LISTEN_PORT in SSH_LISTEN_HOST

Support listening on multiple address with different ports by
overridding the default SSH_LISTEN_ADDRESS like `0.0.0.0,127.0.0.1:2022,[::1]:222,::`

custom/conf/app.example.ini

@@ -150,7 +150,8 @@ RUN_USER = ; git
 ;; SSH username displayed in clone URLs.
 ;SSH_USER = %(BUILTIN_SSH_SERVER_USER)s
 ;;
-;; The network interface(s) the builtin SSH server should listen on
+;; The network interface(s) the builtin SSH server should listen on.
+;; Individual addresses can include a port statement to override SSH_LISTEN_PORT value, like 127.0.0.1:2022,0.0.0.0
 ;SSH_LISTEN_HOST =
 ;;
 ;; Port number to be exposed in clone URL

docs/content/administration/config-cheat-sheet.en-us.md

@@ -332,7 +332,7 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 - `SSH_USER`: **%(BUILTIN_SSH_SERVER_USER)s**: SSH username displayed in clone URLs. This is only for people who configure the SSH server themselves; in most cases, you want to leave this blank and modify the `BUILTIN_SSH_SERVER_USER`.
 - `SSH_DOMAIN`: **%(DOMAIN)s**: Domain name of this server, used for displayed clone URL.
 - `SSH_PORT`: **22**: SSH port displayed in clone URL.
-- `SSH_LISTEN_HOST`: **0.0.0.0**: Listen address(es) for the built-in SSH server; multiple addresses can be separated by comma.
+- `SSH_LISTEN_HOST`: **0.0.0.0**: Listen address(es) for the built-in SSH server; multiple addresses can be separated by comma, addresses can include a port statement to override SSH_LISTEN_PORT.
 - `SSH_LISTEN_PORT`: **%(SSH\_PORT)s**: Port for the built-in SSH server.
 - `SSH_ROOT_PATH`: **~/.ssh**: Root path of SSH directory.
 - `SSH_CREATE_AUTHORIZED_KEYS_FILE`: **true**: Gitea will create a authorized_keys file by default when it is not using the internal ssh server. If you intend to use the AuthorizedKeysCommand functionality then you should turn this off.

modules/ssh/init.go

@@ -27,10 +27,15 @@ func Init() error {
 			graceful.GetManager().IncreaseListenerCountBy(len(setting.SSH.ListenHost) - 1)
 		}
 		for _, listenHost := range setting.SSH.ListenHost {
-			Listen(listenHost, setting.SSH.ListenPort, setting.SSH.ServerCiphers, setting.SSH.ServerKeyExchanges, setting.SSH.ServerMACs)
+			var addr string
+			if _, _, err := net.SplitHostPort(listenHost); err == nil {
+				addr = listenHost
+			} else {
+				addr = net.JoinHostPort(listenHost, strconv.Itoa(setting.SSH.ListenPort))
+			}
+			Listen(addr, setting.SSH.ServerCiphers, setting.SSH.ServerKeyExchanges, setting.SSH.ServerMACs)
 			log.Info("SSH server started on %s. Cipher list (%v), key exchange algorithms (%v), MACs (%v)",
-				net.JoinHostPort(listenHost, strconv.Itoa(setting.SSH.ListenPort)),
-				setting.SSH.ServerCiphers, setting.SSH.ServerKeyExchanges, setting.SSH.ServerMACs,
+				addr, setting.SSH.ServerCiphers, setting.SSH.ServerKeyExchanges, setting.SSH.ServerMACs,
 			)
 		}
 		return nil

modules/ssh/ssh.go

@@ -17,7 +17,6 @@ import (
 	"os"
 	"os/exec"
 	"path/filepath"
-	"strconv"
 	"strings"
 	"sync"
 	"syscall"
@@ -280,10 +279,10 @@ func sshConnectionFailed(conn net.Conn, err error) {
 	log.Warn("Failed authentication attempt from %s", conn.RemoteAddr())
 }
 
-// Listen starts a SSH server listens on given port.
-func Listen(host string, port int, ciphers, keyExchanges, macs []string) {
+// Listen starts a SSH server listens on given addr (host, port combination).
+func Listen(addr string, ciphers, keyExchanges, macs []string) {
 	srv := ssh.Server{
-		Addr:             net.JoinHostPort(host, strconv.Itoa(port)),
+		Addr:             addr,
 		PublicKeyHandler: publicKeyHandler,
 		Handler:          sessionHandler,
 		ServerConfigCallback: func(ctx ssh.Context) *gossh.ServerConfig {