diff --git a/Dockerfile b/Dockerfile
index 1aae5fc6d4245..e0713125007ae 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -21,7 +21,7 @@ RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
 FROM alpine:3.9
 LABEL maintainer="maintainers@gitea.io"
 
-EXPOSE 22 3000
+EXPOSE 2222 3000
 
 RUN apk --no-cache add \
     bash \
@@ -29,11 +29,8 @@ RUN apk --no-cache add \
     curl \
     gettext \
     git \
-    linux-pam \
-    openssh \
-    s6 \
+    openssh-keygen \
     sqlite \
-    su-exec \
     tzdata
 
 RUN addgroup \
@@ -48,14 +45,19 @@ RUN addgroup \
     git && \
   echo "git:$(dd if=/dev/urandom bs=24 count=1 status=none | base64)" | chpasswd
 
-ENV USER git
+
+ENV HOME "/data/git"
+RUN mkdir -p /data /app/gitea && chmod 777 /data
+RUN ln -s /app/gitea/gitea /usr/local/bin/gitea
+
+USER git:git
 ENV GITEA_CUSTOM /data/gitea
 
 VOLUME ["/data"]
 
+WORKDIR /app/gitea
 ENTRYPOINT ["/usr/bin/entrypoint"]
-CMD ["/bin/s6-svscan", "/etc/s6"]
+CMD ["/app/gitea/gitea", "web"]
 
 COPY docker/root /
 COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
-RUN ln -s /app/gitea/gitea /usr/local/bin/gitea
diff --git a/docker/root/etc/s6/.s6-svscan/finish b/docker/root/etc/s6/.s6-svscan/finish
deleted file mode 100755
index 06bd986563d4c..0000000000000
--- a/docker/root/etc/s6/.s6-svscan/finish
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/bash
-exit 0
diff --git a/docker/root/etc/s6/gitea/finish b/docker/root/etc/s6/gitea/finish
deleted file mode 100755
index 06bd986563d4c..0000000000000
--- a/docker/root/etc/s6/gitea/finish
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/bash
-exit 0
diff --git a/docker/root/etc/s6/gitea/run b/docker/root/etc/s6/gitea/run
deleted file mode 100755
index da5fd6b535ef6..0000000000000
--- a/docker/root/etc/s6/gitea/run
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/bash
-[[ -f ./setup ]] && source ./setup
-
-pushd /app/gitea > /dev/null
-    exec su-exec $USER /app/gitea/gitea web
-popd
diff --git a/docker/root/etc/s6/openssh/finish b/docker/root/etc/s6/openssh/finish
deleted file mode 100755
index 06bd986563d4c..0000000000000
--- a/docker/root/etc/s6/openssh/finish
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/bash
-exit 0
diff --git a/docker/root/etc/s6/openssh/run b/docker/root/etc/s6/openssh/run
deleted file mode 100755
index 63950248250fc..0000000000000
--- a/docker/root/etc/s6/openssh/run
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/bash
-[[ -f ./setup ]] && source ./setup
-
-pushd /root > /dev/null
-    exec su-exec root /usr/sbin/sshd -D -e 2>&1
-popd
diff --git a/docker/root/etc/s6/openssh/setup b/docker/root/etc/s6/openssh/setup
deleted file mode 100755
index f8ef816a9566b..0000000000000
--- a/docker/root/etc/s6/openssh/setup
+++ /dev/null
@@ -1,29 +0,0 @@
-#!/bin/bash
-
-if [ ! -d /data/ssh ]; then
-    mkdir -p /data/ssh
-fi
-
-if [ ! -f /data/ssh/ssh_host_ed25519_key ]; then
-    echo "Generating /data/ssh/ssh_host_ed25519_key..."
-    ssh-keygen -t ed25519 -f /data/ssh/ssh_host_ed25519_key -N "" > /dev/null
-fi
-
-if [ ! -f /data/ssh/ssh_host_rsa_key ]; then
-    echo "Generating /data/ssh/ssh_host_rsa_key..."
-    ssh-keygen -t rsa -b 2048 -f /data/ssh/ssh_host_rsa_key -N "" > /dev/null
-fi
-
-if [ ! -f /data/ssh/ssh_host_dsa_key ]; then
-    echo "Generating /data/ssh/ssh_host_dsa_key..."
-    ssh-keygen -t dsa -f /data/ssh/ssh_host_dsa_key -N "" > /dev/null
-fi
-
-if [ ! -f /data/ssh/ssh_host_ecdsa_key ]; then
-    echo "Generating /data/ssh/ssh_host_ecdsa_key..."
-    ssh-keygen -t ecdsa -b 256 -f /data/ssh/ssh_host_ecdsa_key -N "" > /dev/null
-fi
-
-chown root:root /data/ssh/*
-chmod 0700 /data/ssh
-chmod 0600 /data/ssh/*
diff --git a/docker/root/etc/ssh/sshd_config b/docker/root/etc/ssh/sshd_config
deleted file mode 100644
index 6af082c419e63..0000000000000
--- a/docker/root/etc/ssh/sshd_config
+++ /dev/null
@@ -1,33 +0,0 @@
-Port 22
-Protocol 2
-
-AddressFamily any
-ListenAddress 0.0.0.0
-ListenAddress ::
-
-LogLevel INFO
-
-HostKey /data/ssh/ssh_host_ed25519_key
-HostKey /data/ssh/ssh_host_rsa_key
-HostKey /data/ssh/ssh_host_dsa_key
-HostKey /data/ssh/ssh_host_ecdsa_key
-
-AuthorizedKeysFile .ssh/authorized_keys
-
-UseDNS no
-AllowAgentForwarding no
-AllowTcpForwarding no
-PrintMotd no
-
-PermitUserEnvironment yes
-PermitRootLogin no
-ChallengeResponseAuthentication no
-PasswordAuthentication no
-PermitEmptyPasswords no
-
-AllowUsers git
-
-Banner none
-Subsystem sftp /usr/lib/ssh/sftp-server
-
-AcceptEnv GIT_PROTOCOL
\ No newline at end of file
diff --git a/docker/root/etc/templates/app.ini b/docker/root/etc/templates/app.ini
index 20cbb9053ce47..36649e9c9510a 100644
--- a/docker/root/etc/templates/app.ini
+++ b/docker/root/etc/templates/app.ini
@@ -1,4 +1,5 @@
 APP_NAME = $APP_NAME
+RUN_USER = $RUN_USER
 RUN_MODE = $RUN_MODE
 
 [repository]
@@ -17,7 +18,12 @@ HTTP_PORT        = $HTTP_PORT
 ROOT_URL         = $ROOT_URL
 DISABLE_SSH      = $DISABLE_SSH
 SSH_PORT         = $SSH_PORT
+START_SSH_SERVER = true
+BUILTIN_SSH_SERVER_USER = $RUN_USER
+SSH_LISTEN_PORT = $SSH_LISTEN_PORT
+LFS_START_SERVER = true
 LFS_CONTENT_PATH = /data/git/lfs
+;Config via env variable new config
 
 [database]
 PATH = /data/gitea/gitea.db
diff --git a/docker/root/usr/bin/entrypoint b/docker/root/usr/bin/entrypoint
index d8e68b9404d63..e84c6dcfc202f 100755
--- a/docker/root/usr/bin/entrypoint
+++ b/docker/root/usr/bin/entrypoint
@@ -1,37 +1,9 @@
 #!/bin/sh
 
-if [ "${USER}" != "git" ]; then
-    # rename user
-    sed -i -e "s/^git\:/${USER}\:/g" /etc/passwd
-    # switch sshd config to different user
-    sed -i -e "s/AllowUsers git$/AllowUsers ${USER}/g" /etc/ssh/sshd_config
-fi
-
-if [ -z "${USER_GID}" ]; then
-  USER_GID="`id -g ${USER}`"
-fi
-
-if [ -z "${USER_UID}" ]; then
-  USER_UID="`id -u ${USER}`"
-fi
-
-## Change GID for USER?
-if [ -n "${USER_GID}" ] && [ "${USER_GID}" != "`id -g ${USER}`" ]; then
-    sed -i -e "s/^${USER}:\([^:]*\):[0-9]*/${USER}:\1:${USER_GID}/" /etc/group
-    sed -i -e "s/^${USER}:\([^:]*\):\([0-9]*\):[0-9]*/${USER}:\1:\2:${USER_GID}/" /etc/passwd
-fi
-
-## Change UID for USER?
-if [ -n "${USER_UID}" ] && [ "${USER_UID}" != "`id -u ${USER}`" ]; then
-    sed -i -e "s/^${USER}:\([^:]*\):[0-9]*:\([0-9]*\)/${USER}:\1:${USER_UID}:\2/" /etc/passwd
-fi
-
-for FOLDER in /data/gitea/conf /data/gitea/log /data/git /data/ssh; do
-    mkdir -p ${FOLDER}
-done
+[[ -f /usr/bin/setup ]] && source /usr/bin/setup
 
 if [ $# -gt 0 ]; then
     exec "$@"
 else
-    exec /bin/s6-svscan /etc/s6
+    exec /app/gitea/gitea web
 fi
diff --git a/docker/root/etc/s6/gitea/setup b/docker/root/usr/bin/setup
similarity index 73%
rename from docker/root/etc/s6/gitea/setup
rename to docker/root/usr/bin/setup
index dec0ee2b55a23..d0644534fb412 100755
--- a/docker/root/etc/s6/gitea/setup
+++ b/docker/root/usr/bin/setup
@@ -1,5 +1,6 @@
 #!/bin/bash
 
+#TODO maybe /data/git/.ssh not needed anymore
 if [ ! -d /data/git/.ssh ]; then
     mkdir -p /data/git/.ssh
     chmod 700 /data/git/.ssh
@@ -26,11 +27,13 @@ if [ ! -f ${GITEA_CUSTOM}/conf/app.ini ]; then
     # Substitude the environment variables in the template
     APP_NAME=${APP_NAME:-"Gitea: Git with a cup of tea"} \
     RUN_MODE=${RUN_MODE:-"dev"} \
+    RUN_USER=${USER:-"git"} \
     SSH_DOMAIN=${SSH_DOMAIN:-"localhost"} \
     HTTP_PORT=${HTTP_PORT:-"3000"} \
     ROOT_URL=${ROOT_URL:-""} \
     DISABLE_SSH=${DISABLE_SSH:-"false"} \
-    SSH_PORT=${SSH_PORT:-"22"} \
+    SSH_PORT=${SSH_PORT:-"2222"} \
+    SSH_LISTEN_PORT=${SSH_LISTEN_PORT:-$SSH_PORT} \
     DB_TYPE=${DB_TYPE:-"sqlite3"} \
     DB_HOST=${DB_HOST:-"localhost:3306"} \
     DB_NAME=${DB_NAME:-"gitea"} \
@@ -41,12 +44,7 @@ if [ ! -f ${GITEA_CUSTOM}/conf/app.ini ]; then
     REQUIRE_SIGNIN_VIEW=${REQUIRE_SIGNIN_VIEW:-"false"} \
     SECRET_KEY=${SECRET_KEY:-""} \
     envsubst < /etc/templates/app.ini > ${GITEA_CUSTOM}/conf/app.ini
-
-    chown ${USER}:git ${GITEA_CUSTOM}/conf/app.ini
 fi
 
-# only chown if current owner is not already the gitea ${USER}. No recursive check to save time
-if ! [[ $(ls -ld /data/gitea | awk '{print $3}') = ${USER} ]]; then chown -R ${USER}:git /data/gitea; fi
-if ! [[ $(ls -ld /app/gitea  | awk '{print $3}') = ${USER} ]]; then chown -R ${USER}:git /app/gitea;  fi
-if ! [[ $(ls -ld /data/git   | awk '{print $3}') = ${USER} ]]; then chown -R ${USER}:git /data/git;   fi
-chmod 0755 /data/gitea /app/gitea /data/git
+chmod 0755 /data/gitea /data/git
+#chmod 0755 /app/gitea
diff --git a/models/ssh_key.go b/models/ssh_key.go
index 15a10826d8ea1..bb37855bb3483 100644
--- a/models/ssh_key.go
+++ b/models/ssh_key.go
@@ -362,18 +362,11 @@ func checkKeyFingerprint(e Engine, fingerprint string) error {
 
 func calcFingerprintSSHKeygen(publicKeyContent string) (string, error) {
 	// Calculate fingerprint.
-	tmpPath, err := writeTmpKeyFile(publicKeyContent)
+	pk, _, _, _, err := ssh.ParseAuthorizedKey([]byte(publicKeyContent))
 	if err != nil {
 		return "", err
 	}
-	defer os.Remove(tmpPath)
-	stdout, stderr, err := process.GetManager().Exec("AddPublicKey", "ssh-keygen", "-lf", tmpPath)
-	if err != nil {
-		return "", fmt.Errorf("'ssh-keygen -lf %s' failed with error '%s': %s", tmpPath, err, stderr)
-	} else if len(stdout) < 2 {
-		return "", errors.New("not enough output for calculating fingerprint: " + stdout)
-	}
-	return strings.Split(stdout, " ")[1], nil
+	return ssh.FingerprintSHA256(pk), nil
 }
 
 func calcFingerprintNative(publicKeyContent string) (string, error) {