Codeberg/Community
62
385
Fork
You've already forked Community
12

SSH to Codeberg gives "connection closed by remote host" immediately #2672

Closed
opened 2026年05月22日 14:36:05 +02:00 by teeay · 9 comments

Comment

Hello,

The CodeBerg SSH server appears to block right away. Debug shows it disconnects immediately, suggesting IP based blocking.

I am behind CGNAT, so little control over my IP address.

Very new on CodeBerg, never had issues on GitHub with SSH, any pointers would be much appreciated.

Thanks,
teeay

debug1: kex_exchange_identification: banner line 0: Not allowed at this time
kex_exchange_identification: Connection closed by remote host
Connection closed by 217.197.84.140 port 22

### Comment Hello, The CodeBerg SSH server appears to block right away. Debug shows it disconnects immediately, suggesting IP based blocking. I am behind CGNAT, so little control over my IP address. Very new on CodeBerg, never had issues on GitHub with SSH, any pointers would be much appreciated. Thanks, teeay debug1: kex_exchange_identification: banner line 0: Not allowed at this time kex_exchange_identification: Connection closed by remote host Connection closed by 217.197.84.140 port 22

I'm having the same problem.

I'm having the same problem.

I saw this in the morning, thought it was my VPN, disconnected, verified my ssh key

I can confirm ssh git@codeberg.org worked even with VPN but pushing to repo was failing for me

Edit: I tried again with and without and now its just failing

I saw this in the morning, thought it was my VPN, disconnected, verified my ssh key I can confirm ssh git@codeberg.org worked even with VPN but pushing to repo was failing for me Edit: I tried again with and without and now its just failing

I get intermittent disconnections via SSH, but after a few retries it always succeeds. Seems to coincide with #2596 rather than any IP blocking

I get intermittent disconnections via SSH, but after a few retries it always succeeds. Seems to coincide with https://codeberg.org/Codeberg/Community/issues/2596 rather than any IP blocking

Hi, we've seen a larger number of SSH attempts, at a certain threshold sshd decide to start dropping them to prevent a DoS - unfortunately that protection itself a is DoS vector as you've noticed. We already limit the amount of concurrent SSH connections and we've now upped this threshold to simply let sshd deal with these new number of unauthenticated SSH before dropping new connections as that does more harm than waiting on a SSH connection that will never authenticate.

Hi, we've seen a larger number of SSH attempts, at a certain threshold sshd decide to start dropping them to prevent a DoS - unfortunately that protection itself a is DoS vector as you've noticed. We already limit the amount of concurrent SSH connections and we've now upped this threshold to simply let sshd deal with these new number of unauthenticated SSH before dropping new connections as that does more harm than waiting on a SSH connection that will never authenticate.
Gusted changed title from (削除) SSH Blocked (削除ここまで) to SSH to Codeberg gives "connection closed by remote host" immediately 2026年05月25日 13:33:26 +02:00
Author
Copy link

Thanks @Gusted

SSH is just my preference for convenience, but understand it's a lot heavier than the connectionless HTTP path.

Would HTTP be preferable for the CodeBerg infrastructure?

Thanks @Gusted SSH is just my preference for convenience, but understand it's a lot heavier than the connectionless HTTP path. Would HTTP be preferable for the CodeBerg infrastructure?

There's no preference from Codeberg's side. SSH isn't that heavy compared with what TLS 1.3 does. It's possible we disable this openssh feature and limit connections via HAProxy.

There's no preference from Codeberg's side. SSH isn't that heavy compared with what TLS 1.3 does. It's possible we disable this openssh feature and limit connections via HAProxy.

It seems connections are being dropped again, the feature from sshd is now disabled that does this. Rate limiting is now done differently with a queue.

It seems connections are being dropped again, the feature from sshd is now disabled that does this. Rate limiting is now done differently with a queue.
Author
Copy link

Thank you, @Gusted , this is now working on my end.
Appreciate your help in this.

Thank you, @Gusted , this is now working on my end. Appreciate your help in this.

Getting a similar result (closed connection), even after validating my key. Works without vpn, but not with.

Getting a similar result (closed connection), even after validating my key. Works without vpn, but not with.
Sign in to join this conversation.
No Branch/Tag specified
main
No results found.
Labels
Clear labels
accessibility
Reduces accessibility and is thus a "bug" for certain user groups on Codeberg.
bug
Something is not working the way it should. Does not concern outages.
bug
infrastructure
Errors evidently caused by infrastructure malfunctions or outages
Codeberg
This issue involves Codeberg's downstream modifications and settings and/or Codeberg's structures.
contributions welcome
Please join the discussion and consider contributing a PR!
docs
No bug, but an improvement to the docs or UI description will help
duplicate
This issue or pull request already exists
enhancement
New feature
infrastructure
Involves changes to the server setups, use `bug/infrastructure` for infrastructure-related user errors.
legal
An issue directly involving legal compliance
licence / ToS
involving questions about the ToS, especially licencing compliance
please chill
we are volunteers
Please consider editing your posts and remember that there is a human on the other side. We get that you are frustrated, but it's harder for us to help you this way.
public relations
Things related to Codeberg's external communication
question
More information is needed
question
user support
This issue contains a clearly stated problem. However, it is not clear whether we have to fix anything on Codeberg's end, but we're helping them fix it and/or find the cause.
s/Forgejo
Related to Forgejo. Please also check Forgejo's issue tracker.
s/Forgejo/migration
Migration related issues in Forgejo
s/Pages
Issues related to the Codeberg Pages feature
s/Weblate
Issue is related to the Weblate instance at https://translate.codeberg.org
s/Woodpecker
Woodpecker CI related issue
security
involves improvements to the sites security
service
Add a new service to the Codeberg ecosystem (instead of implementing into Forgejo)
upstream
An open issue or pull request to an upstream repository to fix this issue (partially or completely) exists (i.e. Forgejo, Weblate, etc.)
wontfix
Codeberg's current set of contributors are not planning to spend time on delegating this issue.
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
6 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
Codeberg/Community#2672
Reference in a new issue
Codeberg/Community
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?