SSH连接到GitLab始终超时,尽管使用备用SSH端口。

huangapple go评论72阅读模式
英文:

SSH connection to GitLab always timeouts despite alternate SSH port

问题

I try to connect to GitLab via SSH, but it always timeouts after I run ssh -T git@gitlab.com.

I followed every step of the GitLab docs, placed my public-key inside my profile and tried different solutions suggested on StackOverflow; like this or that.

My .ssh/config reads as follows:

Host gitlab.com
Hostname altssh.gitlab.com
User git
Port 443
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_ed25519

The output generated is:

$ ssh -Tvvv git@gitlab.com
OpenSSH_8.9p1 Ubuntu-3ubuntu0.1, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /home/lukeflo/.ssh/config
debug1: /home/lukeflo/.ssh/config line 1: Applying options for gitlab.com
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/lukeflo/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/lukeflo/.ssh/known_hosts2'
debug2: resolving "altssh.gitlab.com" port 443
debug3: resolve_host: lookup altssh.gitlab.com:443
debug3: ssh_connect_direct: entering
debug1: Connecting to altssh.gitlab.com [172.65.251.182] port 443.
debug3: set_sock_tos: set socket 3 IP_TOS 0x10
debug1: Connection established.
debug1: identity file /home/lukeflo/.ssh/id_ed25519 type 3
debug1: identity file /home/lukeflo/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1
kex_exchange_identification: read: Connection timed out
banner exchange: Connection to 172.65.251.182 port 443: Connection timed out

There seems to be no error message, instead it reads Connecting to altssh.gitlab.com [172.65.251.182] port 443 and Connection established. But then it timeouts after some minutes of waiting.

I'm using Ubuntu 22.04 LTS via WSL on my Windows 10 work laptop. At home on my private notebook SSH works fine. I thought it could be the firewall of my company, but if I run curl -v telnet://gitlab.com:443 it shows a working connection:

$ curl -v telnet://gitlab.com:443
*   Trying 172.65.251.78:443...
* Connected to gitlab.com (172.65.251.78) port 443 (#0)

Of course, I can access GitLab through HTTPS, but would prefer SSH due to security issues.

I'm happy about any idea how to solve this.

英文:

I try to connect to GitLab via SSH, but it always timeouts after i run ssh -T git@gitlab.com.

I followed every step of the GitLab docs, placed my public-key inside my profile and tried different solutions suggested on StackOverflow; like this or that.

My .ssh/config reads as follows:

Host gitlab.com
Hostname altssh.gitlab.com
User git
Port 443
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_ed25519

The output generated is:

$ ssh -Tvvv git@gitlab.com
OpenSSH_8.9p1 Ubuntu-3ubuntu0.1, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /home/lukeflo/.ssh/config
debug1: /home/lukeflo/.ssh/config line 1: Applying options for gitlab.com
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/lukeflo/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/lukeflo/.ssh/known_hosts2'
debug2: resolving "altssh.gitlab.com" port 443
debug3: resolve_host: lookup altssh.gitlab.com:443
debug3: ssh_connect_direct: entering
debug1: Connecting to altssh.gitlab.com [172.65.251.182] port 443.
debug3: set_sock_tos: set socket 3 IP_TOS 0x10
debug1: Connection established.
debug1: identity file /home/lukeflo/.ssh/id_ed25519 type 3
debug1: identity file /home/lukeflo/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1
kex_exchange_identification: read: Connection timed out
banner exchange: Connection to 172.65.251.182 port 443: Connection timed out

There seems to be no error message, instead it reads Connecting to altssh.gitlab.com [172.65.251.182] port 443 and Connection established. But then it timeouts after some minutes of waiting.

I'm using Ubuntu 22.04 LTS via WSL on my Windows 10 work laptop. At home on my private notebook SSH works fine. I thougth it could be the firewall of my company, but if i run curl -v telnet://gitlab.com:443 it shows a working connection:

$ curl -v telnet://gitlab.com:443
*   Trying 172.65.251.78:443...
* Connected to gitlab.com (172.65.251.78) port 443 (#0)

Of course, i can access GitLab through HTTPS, but would prefer SSH due to security issues.

I'm happy about any idea how to solve this.

答案1

得分: 1

当客户端连接到SSH服务器时,服务器会以纯文本形式向客户端发送一个版本字符串来开始对话。"kex_exchange_identification: read: Connection timed out"这一行意味着您的客户端正在等待接收该版本字符串,但在没有接收到的情况下超时了。

当我连接到altssh时,我会收到版本字符串:

% nc altssh.gitlab.com 443
SSH-2.0-GitLab-SSHD
^C

如果您没有收到版本字符串,一个可能的原因是当您尝试连接时,该服务没有正常工作。另一个可能性是,您的本地网络中有某个设备,比如透明的HTTPS代理,正在干扰您连接到服务的能力。在这种情况下,您应该与本地网络管理员联系,了解如何访问该服务。

英文:

When a client connects to an SSH server, the server starts the conversation by sending a version string to the client in plain text. The "kex_exchange_identification: read: Connection timed out" line means your client was waiting to receive that version string and timed out without receiving it.

When I connect to altssh I get the version string:

% nc altssh.gitlab.com 443
SSH-2.0-GitLab-SSHD
^C

If you're not getting the version string, one possibility is that the service wasn't working correctly when you tried it. Another possibility is that there is some device in your local network, such as a transparent HTTPS proxy, which is interfering with your ability to connect to port 443 on the service. In that case you should check with your local network administrators about how to access the service.

huangapple
  • 本文由 发表于 2023年5月25日 18:21:38
  • 转载请务必保留本文链接:https://go.coder-hub.com/76331237.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定