search

NixOS / infra

NixOS configurations for nixos.org and its servers
MIT License
208 stars 91 forks source link

SSH: Connection reset by peer #352

Closed mweinelt closed 4 months ago

mweinelt commented 4 months ago

This seems to happen alot, seen on our arm64 hetzner builder. Build step fail, because connection attempts over SSH get reset.

debug1: kex_exchange_identification: banner line 0: Exceeded MaxStartups
kex_exchange_identification: read: Connection reset by peer
Connection reset by 135.181.230.86 port 22

This is due to many new connections per time, and we should probably look into optimizing that, so hydra can always connect.

mweinelt commented 4 months ago

The likely reason this happens on the arm64 builder at hetzner is because it allows kbd-interactive logins. At least that is the only obvious difference I could see at a glance.

https://github.com/NixOS/equinix-metal-builders/blob/eeef4038f23b9902856a0ee8dbc964713823e50e/modules/user.nix#L19-L24

vcunat commented 4 months ago

Applied now. Checked that it resolves the issues by manual ssh attempts. They did often fail in the past several days and I couldn't make them fail now.

Honestly I still don't fully understand why PasswordAuthentication = false; doesn't suffice.