sftp icon indicating copy to clipboard operation
sftp copied to clipboard

Published 20 hours ago verified publisher icon atmoz

kex_exchange_identification: Connection closed by remote host

Open jbtx opened this issue 10 months ago • 3 comments

We have deployed atmoz/sftp:latest in an public facing Azure Container App environment and observe this error message continuously in the console logs:

kex_exchange_identification: Connection closed by remote host Connection closed by 127.0.0.1 port XXXXX

Port numbers range from approx. 30000 - 55000. Monitoring network traffic shows no corresponding rate of connection attempts. Blocking all traffic in the Ingress does not eliminate the message. We do not observe these messages when running the container on a local docker environment.

Is this a known issue? Is there a configuration change we can make to fix the issue?

jbtx avatar Jan 28 '25 17:01 jbtx

It appears this is caused by container health probes, the default is to TCP probe the configured port on the server (22 in this case). We configured custom container health probes to another open port and the noted log messages are gone.

https://learn.microsoft.com/en-us/azure/container-apps/health-probes?tabs=arm-template

jbtx avatar Jan 28 '25 20:01 jbtx

I have the same issue with latest alpine docker image, run on local machine.

I downgraded to alpine:3.7 tag, as this is just for development, and it works.

Logs diff alpine -> alpine:3.7:

[entrypoint] Executing sshd
+Server listening on 0.0.0.0 port 22.
+Server listening on :: port 22.

Running top also indicates no sshd running on alpine

michalb-goflink avatar Jan 29 '25 15:01 michalb-goflink

I have the same issue. Seems like an new OpenSSH version broke something with the key exchange.

LDprg avatar Feb 18 '25 19:02 LDprg