Codeberg/Community
54
325
Fork
You've already forked Community
12

Cannot perform SSH based git operations on private repositories #2056

Closed
opened 2025年07月27日 19:08:23 +02:00 by Juhe · 6 comments

Comment

Hi,

First of all, I have been loving Codeberg for a few years now! ❤️ But unfortunately now I have to create this issue :(

While pushing few commits to my gitops repo, I noticed that I started just getting an error:

Connection closed by 217.197.84.140 port 22
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.

While troubleshooting this issue as it did not go away itself after few minutes I made the following observations:

  • My workstation is not the issue, my ArgoCD instance is not able to sync the repo either
  • This is not my home network issue, my ArgoCD instance has completely different public IP than my workstation
  • I can also run nc -vzw2 codeberg.org 22 succesfully, so there probably is no IP ban?
  • I can clone my own public repositories with git clone ssh://git@codeberg.org/<user>/<repository>.git so it seems like SSH works fine for those
  • When running ssh git@codeberg.org -v 5 I see that the connection is made but KEX fails, see below for detailed error
debug1: Connecting to codeberg.org [217.197.84.140] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type 0
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/user/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/user/.ssh/id_ed25519 type -1
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: identity file /home/user/.ssh/id_ed25519_sk type 12
debug1: identity file /home/user/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/user/.ssh/id_xmss type -1
debug1: identity file /home/user/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.9
kex_exchange_identification: Connection closed by remote host
Connection closed by 217.197.84.140 port 22

I am running out of ideas here. Could it be that I am rate limited? I believe the ArgoCD syncs the data from this private repo every 5 mins and has probably 20 subcalls for every "application". And as I am still developing I can imagine I am producing multiple hunders of git SSH operations every hour, both from my ArgoCD instance and also from my workstation.

### Comment Hi, First of all, I have been loving Codeberg for a few years now! ❤️ But unfortunately now I have to create this issue :( While pushing few commits to my gitops repo, I noticed that I started just getting an error: ``` Connection closed by 217.197.84.140 port 22 fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists. ``` While troubleshooting this issue as it did not go away itself after few minutes I made the following observations: - My workstation is not the issue, my ArgoCD instance is not able to sync the repo either - This is not my home network issue, my ArgoCD instance has completely different public IP than my workstation - I can also run `nc -vzw2 codeberg.org 22` succesfully, so there probably is no IP ban? - I can clone my own public repositories with `git clone ssh://git@codeberg.org/<user>/<repository>.git` so it seems like SSH works fine for those - When running `ssh git@codeberg.org -v 5` I see that the connection is made but KEX fails, see below for detailed error ``` debug1: Connecting to codeberg.org [217.197.84.140] port 22. debug1: Connection established. debug1: identity file /home/user/.ssh/id_rsa type 0 debug1: identity file /home/user/.ssh/id_rsa-cert type -1 debug1: identity file /home/user/.ssh/id_ecdsa type -1 debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/user/.ssh/id_ecdsa_sk type -1 debug1: identity file /home/user/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /home/user/.ssh/id_ed25519 type -1 debug1: identity file /home/user/.ssh/id_ed25519-cert type -1 debug1: identity file /home/user/.ssh/id_ed25519_sk type 12 debug1: identity file /home/user/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /home/user/.ssh/id_xmss type -1 debug1: identity file /home/user/.ssh/id_xmss-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_9.9 kex_exchange_identification: Connection closed by remote host Connection closed by 217.197.84.140 port 22 ``` I am running out of ideas here. Could it be that I am rate limited? I believe the ArgoCD syncs the data from this private repo every 5 mins and has probably 20 subcalls for every "application". And as I am still developing I can imagine I am producing multiple hunders of git SSH operations every hour, both from my ArgoCD instance and also from my workstation. 
$ ssh -Tvvv git@codeberg.org
debug1: OpenSSH_10.0p2, OpenSSL 3.5.1 1 Jul 2025
debug3: Running on Linux 6.12.39_1 #1 SMP PREEMPT_DYNAMIC Thu Jul 24 09:58:03 UTC 2025 x86_64
debug3: Started with: ssh -Tvvv git@codeberg.org
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/allainp/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/allainp/.ssh/known_hosts2'
debug2: resolving "codeberg.org" port 22
debug3: resolve_host: lookup codeberg.org:22
debug3: channel_clear_timeouts: clearing
debug3: ssh_connect_direct: entering
debug1: Connecting to codeberg.org [217.197.84.140] port 22.
debug3: set_sock_tos: set socket 3 IP_TOS 0x48
debug1: Connection established.
debug1: identity file /home/allainp/.ssh/id_rsa type -1
debug1: identity file /home/allainp/.ssh/id_rsa-cert type -1
debug1: identity file /home/allainp/.ssh/id_ecdsa type -1
debug1: identity file /home/allainp/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/allainp/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/allainp/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/allainp/.ssh/id_ed25519 type 3
debug1: identity file /home/allainp/.ssh/id_ed25519-cert type -1
debug1: identity file /home/allainp/.ssh/id_ed25519_sk type -1
debug1: identity file /home/allainp/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/allainp/.ssh/id_xmss type -1
debug1: identity file /home/allainp/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_10.0
kex_exchange_identification: Connection closed by remote host
Connection closed by 217.197.84.140 port 22
```bash $ ssh -Tvvv git@codeberg.org debug1: OpenSSH_10.0p2, OpenSSL 3.5.1 1 Jul 2025 debug3: Running on Linux 6.12.39_1 #1 SMP PREEMPT_DYNAMIC Thu Jul 24 09:58:03 UTC 2025 x86_64 debug3: Started with: ssh -Tvvv git@codeberg.org debug1: Reading configuration data /etc/ssh/ssh_config debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/allainp/.ssh/known_hosts' debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/allainp/.ssh/known_hosts2' debug2: resolving "codeberg.org" port 22 debug3: resolve_host: lookup codeberg.org:22 debug3: channel_clear_timeouts: clearing debug3: ssh_connect_direct: entering debug1: Connecting to codeberg.org [217.197.84.140] port 22. debug3: set_sock_tos: set socket 3 IP_TOS 0x48 debug1: Connection established. debug1: identity file /home/allainp/.ssh/id_rsa type -1 debug1: identity file /home/allainp/.ssh/id_rsa-cert type -1 debug1: identity file /home/allainp/.ssh/id_ecdsa type -1 debug1: identity file /home/allainp/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/allainp/.ssh/id_ecdsa_sk type -1 debug1: identity file /home/allainp/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /home/allainp/.ssh/id_ed25519 type 3 debug1: identity file /home/allainp/.ssh/id_ed25519-cert type -1 debug1: identity file /home/allainp/.ssh/id_ed25519_sk type -1 debug1: identity file /home/allainp/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /home/allainp/.ssh/id_xmss type -1 debug1: identity file /home/allainp/.ssh/id_xmss-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_10.0 kex_exchange_identification: Connection closed by remote host Connection closed by 217.197.84.140 port 22 ```

Same issue here, and it's not just private repos. I'm dead in the water.

I referenced the issue here, but same error.

forgejo/forgejo#8634 (comment)

Same issue here, and it's not just private repos. I'm dead in the water. I referenced the issue here, but same error. https://codeberg.org/forgejo/forgejo/issues/8634#issuecomment-6012814
Author
Copy link

@oliphant I do not think this is related to the issues that came with the forgejo release. I started experiencing this issue around 1 hour ago. That would be ~19:30 EEST.

@oliphant I do not think this is related to the issues that came with the forgejo release. I started experiencing this issue around 1 hour ago. That would be ~19:30 EEST.

@Juhe wrote in #2056 (comment):

@oliphant I do not think this is related to the issues that came with the forgejo release. I started experiencing this issue around 1 hour ago. That would be ~19:30 EEST.

Was just able to push an update to a repo. Give it another shot, I'd say, they might be fixing it.

@Juhe wrote in https://codeberg.org/Codeberg/Community/issues/2056#issuecomment-6013072: > @oliphant I do not think this is related to the issues that came with the forgejo release. I started experiencing this issue around 1 hour ago. That would be ~19:30 EEST. Was just able to push an update to a repo. Give it another shot, I'd say, they might be fixing it.
Author
Copy link

Yup, I got a successful push and also my ArgoCD was able to pull! Lets see if it stays this way.

I also checked status.codeberg.or and the SSH service shows 100% uptime. Looks like it might not be using proper metrics for the status monitoring.

Yup, I got a successful push and also my ArgoCD was able to pull! Lets see if it stays this way. I also checked [status.codeberg.or](https://status.codeberg.org/status/codeberg) and the SSH service shows 100% uptime. Looks like it might not be using proper metrics for the status monitoring.
Author
Copy link

Closing as the issue seems to be mostly mitigated and caused by malicious actors.

Closing as the issue seems to be mostly mitigated and caused by malicious actors.
Sign in to join this conversation.
No Branch/Tag specified
main
No results found.
Labels
Clear labels
accessibility

Reduces accessibility and is thus a "bug" for certain user groups on Codeberg.
bug

Something is not working the way it should. Does not concern outages.
bug
infrastructure
Errors evidently caused by infrastructure malfunctions or outages
Codeberg

This issue involves Codeberg's downstream modifications and settings and/or Codeberg's structures.
contributions welcome

Please join the discussion and consider contributing a PR!
docs

No bug, but an improvement to the docs or UI description will help
duplicate

This issue or pull request already exists
enhancement

New feature
infrastructure

Involves changes to the server setups, use `bug/infrastructure` for infrastructure-related user errors.
legal

An issue directly involving legal compliance
licence / ToS

involving questions about the ToS, especially licencing compliance
please chill
we are volunteers
Please consider editing your posts and remember that there is a human on the other side. We get that you are frustrated, but it's harder for us to help you this way.
public relations

Things related to Codeberg's external communication
question

More information is needed
question
user support
This issue contains a clearly stated problem. However, it is not clear whether we have to fix anything on Codeberg's end, but we're helping them fix it and/or find the cause.
s/Forgejo

Related to Forgejo. Please also check Forgejo's issue tracker.
s/Forgejo/migration

Migration related issues in Forgejo
s/Pages

Issues related to the Codeberg Pages feature
s/Weblate

Issue is related to the Weblate instance at https://translate.codeberg.org
s/Woodpecker

Woodpecker CI related issue
security

involves improvements to the sites security
service

Add a new service to the Codeberg ecosystem (instead of implementing into Gitea)
upstream

An open issue or pull request to an upstream repository to fix this issue (partially or completely) exists (i.e. Gitea, Forgejo, etc.)
wontfix

Codeberg's current set of contributors are not planning to spend time on delegating this issue.
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
3 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
Codeberg/Community#2056
Reference in a new issue
Codeberg/Community
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?