This gist tackles, how I did debug the ssh configuration for gitea.
tl;dr: Only read to have some debugging insights, follow this issue to get the final answer directly.
First of all Gitea uses s6 to supervise sshd and gitea itself.
Which automatically resurrects sshd, whenever sshd shuts down.
To rerun the sshd with some other options, hopefully over the same port, as it's the one correctly exposed through docker
then we need to modify the /etc/s6/openssh/run
For my case, as the image doesn't have strace built on it I couldn't attach to the process' stdout to debug it.
I used the following command inside /etc/s6/openssh/run:
/usr/sbin/sshd -D -ddd -E /var/log/ssh.log
Taking into account the usage of tail -f /proc/<my_proc>/fd/1 doesn't always work.
Now I had the debug logs displayed in the /var/log/ssh.log. And it clearly says it's listening to the port 22.
Which was not what I specified. First place to go to check is /etc/ssh/sshd_config!
S6 not only spwans the sshd process each time it dies,
it also overwrites the /etc/ssh/sshd_config
based on the /etc/templates/sshd_config
and the environment variables, through the gitea/docker/root/etc/s6/openssh/setup.
Based on /etc/s6/openssh/setup the SSH_LISTEN_PORT gets assigned from itself,
or falls back to SSH_PORT or eventually falls back to 22.
And of course I only set the SSH_PORT/SSH_LISTEN_PORT for the app.ini but not as env variables,
which means one has to supply the SSH_LISTEN_PORT=CUSTOM_PORT in the docker run command or the docker-compose file.
NOTE: setting the env variable inside the container, does not work, it should be set while spawning it.