coolify icon indicating copy to clipboard operation
coolify copied to clipboard
verified publisher icon coollabsio

[Bug]: ssh: connect to host host.docker.internal port 22

Open daraeowl opened this issue 1 year ago • 18 comments

Description

Hello, I'm trying to solve this error on the Servers part of the web/ui image

I keep getting this error image

my ufw status shows port 22/tcp enabled with all of the requiered ports for coolify

Minimal Reproduction (if possible, example repository)

curl -fsSL https://cdn.coollabs.io/coolify/install.sh | sudo bash

Exception or Error

Server is not reachable.

Please validate your configuration and connection.

Check this documentation for further help.

Error: ssh: connect to host host.docker.internal port 22: Connection refused

Version

v4.0.0-beta.323

Cloud?

  • [ ] Yes
  • [X] No

daraeowl avatar Aug 30 '24 20:08 daraeowl

I had the same problem. Used UFW to allow SSH over my VPN IP. I fix it like this:

  • Added a second rule to allow the server IP to port 22
  • Restart the coolify docker image

After that, I was able to connect to the GUI and it connected to Localhost.

fanpero87 avatar Sep 03 '24 19:09 fanpero87

Since we have made a lot of changes to SSH and the validation process, I will close this issue. If this issue comes up again, feel free to reopen or create a new issue.

peaklabs-dev avatar Nov 20 '24 22:11 peaklabs-dev

I am trying this out and just stumbled upon the same problem. Changing the rules with UFW worked.

I'm using version beta.379

rulrok avatar Dec 19 '24 22:12 rulrok

I also have this issue

stag-enterprises avatar Jan 13 '25 02:01 stag-enterprises

Same issue. i enable ufw. and used ufw-docker install. Now my public address ip is protected (i can only connect with tailscale) but I have this error when trying to validate my server : Error: ssh: connect to host host.docker.internal port 22: Operation timed out

GautierT avatar Jan 30 '25 14:01 GautierT

I'm having the same issue:

Please validate your configuration and connection.

Check this documentation for further help.

Error: ssh: connect to host host.docker.internal port 22: Connection refused

Version v4.0.0-beta.390

anbarasanv avatar Feb 09 '25 06:02 anbarasanv

I am facing the same issue

Yossri21 avatar Feb 23 '25 01:02 Yossri21

I am getting this error on a fresh coolify install when I am setting the Domain. I think it might be because I didn't install it as root

AliKarpuzoglu avatar Feb 25 '25 15:02 AliKarpuzoglu

@rulrok Could you share how you fixed the issue with UFW? Thanks!

stag-enterprises avatar Feb 28 '25 14:02 stag-enterprises

Also, check your sshd settings, if you have hardened your server, that might be interfering. For example I had these rules:

root@coolify-server:/data/coolify/source# cat /etc/ssh/sshd_config.d/custom.conf
Port 22
PermitRootLogin no
PasswordAuthentication no
X11Forwarding no
MaxAuthTries 3
AllowUsers johndoe

and both PermitRootLogin no and AllowUsers johndoe were interfering. It worked after changing to:

root@coolify-server:/data/coolify/source# cat /etc/ssh/sshd_config.d/custom.conf
Port 22
PermitRootLogin yes
PasswordAuthentication no
X11Forwarding no
MaxAuthTries 3
AllowUsers johndoe root

yacc avatar Mar 25 '25 19:03 yacc

I've checked my sshd settings, and I don't believe I have anything that would cause issues. This is mine for reference

Include /etc/ssh/sshd_config.d/*.conf
Port 22
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
KexAlgorithms [email protected],ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
Ciphers [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
MACs [email protected],[email protected],hmac-sha2-512,hmac-sha2-256,[email protected]
LogLevel VERBOSE
Subsystem sftp  internal-sftp -f AUTHPRIV -l INFO
Protocol 2
X11Forwarding no
PermitEmptyPasswords no
IgnoreRhosts yes
HostbasedAuthentication no
UseDNS yes
ClientAliveCountMax 20
ClientAliveInterval 2000
LoginGraceTime 5
MaxAuthTries 2
MaxSessions 20
MaxStartups 10:30:50
PermitRootLogin yes
MaxAuthTries 4
PubkeyAuthentication yes
PasswordAuthentication no
KbdInteractiveAuthentication no
UsePAM yes
PrintMotd no
ClientAliveInterval 30
ClientAliveCountMax 50
AcceptEnv LANG LC_*

stag-enterprises avatar Mar 25 '25 19:03 stag-enterprises

anyone could fix that please ?

drjimmy1990 avatar May 25 '25 03:05 drjimmy1990

I have fixed it this way:

  1. Found the Coolify container IP:
docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' coolify
  1. Allowed SSH from that IP in UFW:
sudo ufw allow from <container_ip> to any port 22 proto tcp

  1. Verified UFW status.

  2. Confirmed Coolify’s SSH public key was in the host user’s authorized_keys.

  3. Configured Coolify to use the correct SSH user and private key.

Now Coolify connects properly to the host via SSH inside Docker.

ouariachi avatar Jun 13 '25 08:06 ouariachi

I have fixed it this way:

  1. Found the Coolify container IP:

docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' coolify 2. Allowed SSH from that IP in UFW:

sudo ufw allow from <container_ip> to any port 22 proto tcp 3. Verified UFW status. 4. Confirmed Coolify’s SSH public key was in the host user’s authorized_keys. 5. Configured Coolify to use the correct SSH user and private key.

Now Coolify connects properly to the host via SSH inside Docker.

Thanks a lot bro, this works

nivla360 avatar Jul 10 '25 11:07 nivla360

I'm having this issue on a fresh ubuntu 22.04 install.

My port is slightly different, 3777, just to prevent random bots (it's not actually that btw).

However, I've updated ufw to account for this, and try changing the port in the onboarding to account for this as well.

ssh: connect to host host.docker.internal port 3777: Connection refused

(Same for 22, for what it's worth)

My sshd config:


Include /etc/ssh/sshd_config.d/*.conf

Port 3777
PermitRootLogin prohibit-password
PubkeyAuthentication yes

PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem sftp  /usr/lib/openssh/sftp-server
PasswordAuthentication no

I have the pubkey in /root/.ssh/authorized_keys

I have reset sshd after applying changes.

I have run sudo ufw allow from {docker ip} to any port 3777 proto tcp (and 22 fwiw)

Not sure what to try next. I can ssh in as root, as well as 2 other users I tested creating, from a terminal.

komali2 avatar Jul 23 '25 08:07 komali2

thanks all for feedback here - had the same issue, but it was intermittent - sometimes it was able to access the server via ssh and deploy things but then other times not. After switching from the default port (22) to another - the problem has gone (internet background noise interfering? im not sure)

plowsof avatar Nov 17 '25 15:11 plowsof

I had a similar issue but I was deploying private repository with github app on a docker-compose.yml.

I'm using one server to deploy multiple applications.

I had to grant my internal docker container IP access to the port 22.

These are the commands I ran:

  1. ufw status - This allowed me to verify that port 22 wasn't open to the whole world. My status for port 22 was LIMIT
  2. Then I ran ufw status verbose - I was able to verify that I had logging on.
  3. Then I ran tail -f /var/log/ufw.log and was able to find the internal IP that was attempting to access port 22 but was being blocked. Example: (10.0.0.4)
  4. Lastly, I ran sudo ufw allow proto tcp from 10.0.0.4 to any port 22

oestrada1001 avatar Nov 23 '25 08:11 oestrada1001