The Dockerfile of create-link uses the alpine:latest image, which will cause openssh-client to not work properly.

[Molay]

Hi~

Today I used "git pull" to synchronize the latest code. After cleaning all docker containers, images and networks, I rebuilt the docker images according to the README and reconnected to the gateway.

As a result, I found that the "make link" command would get stuck on the ssh connection and eventually prompt a timeout error. After investigation, it was found that this may be a problem with openssh-client under the alpine:latest image.

The exact reason is not yet clear. I manually ran the alpine:latest image and executed "apk add" to install openssh-client, and found that the ssh command also failed to work properly.

I replaced the following content in the src/create-link/Dockerfile file

FROM alpine:latest

RUN apk add gettext openssh-client wireguard-tools;

to

FROM ubuntu:latest

RUN apt update && apt install gettext openssh-client wireguard-tools -y

After cleaning and re-build the docker images, you can connect to the gateway normally.

In order to avoid strange problems, it is recommended to change the base image from alpine:latest to ubuntu:latest.

[thebalaa]

hey @Molay thank you for reporting the issue and sharing your workaround! I'll probably switch the base containers of the project to debian:latest

[thebalaa]

Hey @Molay can you try again with latest alpine:latest?

Also, if you could reference an relevant references or issues here in this issue that would be awesome.

[Molay]

Hi @thebalaa

I just tried the alpine:latest image again, and the problem still exists.

sudo docker run --rm -it alpine:latest

/ # apk add openssh-client
/ # ssh -V
OpenSSH_9.6p1, OpenSSL 3.1.4 24 Oct 2023
/ # ssh -v ****@****.com
OpenSSH_9.6p1, OpenSSL 3.1.4 24 Oct 2023
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 22: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: Connecting to ****.com [*.*.*.*] port 22.
debug1: connect to address *.*.*.* port 22: Operation timed out
ssh: connect to host ****.com port 22: Operation timed out

I'm not sure about the specific reason. It may be caused by the alpine:latest image, or it may be a problem with openssh-client. I posted this question on docker-alpine's repository. https://github.com/alpinelinux/docker-alpine/issues/394

[thebalaa]

Could you share the image digest of your alpine:latest container?

[Molay]

Could you share the image digest of your alpine:latest container?

# docker image ls --digests -a
REPOSITORY                           TAG       DIGEST                                                                    IMAGE ID       CREATED        SIZE
alpine                               latest    sha256:c5b1261d6d3e43071626931fc004f70149baeba2c8ec672bd4f27761f8e1ad6b   05455a08881e   3 months ago   7.38MB

What is particularly strange is that the sha256 value of alpine:latest currently on the docker hub page is 6457d53fb065d6f250e1504b9bc42d5b6c65941d57532c072d929dd0628977d0, which does not match the one I just pulled from docker hub.

https://hub.docker.com/layers/library/alpine/latest/images/sha256-6457d53fb065d6f250e1504b9bc42d5b6c65941d57532c072d929dd0628977d0?context=explore

Oh, I forgot to mention, my machine is AMD64 architecture.

# docker version
Client: Docker Engine - Community
 Version:           26.1.2
 API version:       1.45
 Go version:        go1.21.10
 Git commit:        211e74b
 Built:             Wed May  8 14:00:00 2024
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          26.1.2
  API version:      1.45 (minimum version 1.24)
  Go version:       go1.21.10
  Git commit:       ef1912d
  Built:            Wed May  8 14:00:00 2024
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.31
  GitCommit:        e377cd56a71523140ca6ae87e30244719194a521
 runc:
  Version:          1.1.12
  GitCommit:        v1.1.12-0-g51d5e94
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

[Molay]

Hi @thebalaa

Embarrassingly, I tested it on a cloud server and using the same architecture, the same version of the operating system (Ubuntu 22.04.4 LTS (GNU/Linux 5.15.0-107-generic x86_64)), the same version of Docker (26.1.2), the same version of the Docker image and the same steps, ssh in the alpine:latest container works fine.

However, the above operations have always been problematic on my local virtual machines. I also reinstalled a pure virtual machine specifically for this purpose and installed the same architecture version of Ubuntu and etc., but the problem still exists.

Below is the docker version on my virtual machine.

~# docker version
Client: Docker Engine - Community
 Version:           26.1.2
 API version:       1.45
 Go version:        go1.21.10
 Git commit:        211e74b
 Built:             Wed May  8 13:59:59 2024
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          26.1.2
  API version:      1.45 (minimum version 1.24)
  Go version:       go1.21.10
  Git commit:       ef1912d
  Built:            Wed May  8 13:59:59 2024
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.31
  GitCommit:        e377cd56a71523140ca6ae87e30244719194a521
 runc:
  Version:          1.1.12
  GitCommit:        v1.1.12-0-g51d5e94
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

The following is the alpine:latest image test on my virtual machine.

~# sudo docker run --rm -it alpine:latest
Unable to find image 'alpine:latest' locally
latest: Pulling from library/alpine
4abcf2066143: Pull complete 
Digest: sha256:c5b1261d6d3e43071626931fc004f70149baeba2c8ec672bd4f27761f8e1ad6b
Status: Downloaded newer image for alpine:latest
/ # apk add openssh-client
fetch https://dl-cdn.alpinelinux.org/alpine/v3.19/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.19/community/x86_64/APKINDEX.tar.gz
(1/6) Installing openssh-keygen (9.6_p1-r0)
(2/6) Installing ncurses-terminfo-base (6.4_p20231125-r0)
(3/6) Installing libncursesw (6.4_p20231125-r0)
(4/6) Installing libedit (20230828.3.1-r3)
(5/6) Installing openssh-client-common (9.6_p1-r0)
(6/6) Installing openssh-client-default (9.6_p1-r0)
Executing busybox-1.36.1-r15.trigger
OK: 12 MiB in 21 packages
/ # ssh -V
OpenSSH_9.6p1, OpenSSL 3.1.4 24 Oct 2023
/ # ssh -v root@baidu.com -p 443
OpenSSH_9.6p1, OpenSSL 3.1.4 24 Oct 2023
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 22: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: Connecting to baidu.com [110.242.68.66] port 443.
debug1: connect to address 110.242.68.66 port 443: Operation timed out
debug1: Connecting to baidu.com [39.156.66.10] port 443.
^C
/ # exit

Here is the debian:latest image test on my virtual machine

~# docker run --rm -it debian:latest
Unable to find image 'debian:latest' locally
latest: Pulling from library/debian
c6cf28de8a06: Pull complete 
Digest: sha256:fac2c0fd33e88dfd3bc88a872cfb78dcb167e74af6162d31724df69e482f886c
Status: Downloaded newer image for debian:latest
root@ed6e656342d4:/# apt update -y
Get:1 http://deb.debian.org/debian bookworm InRelease [151 kB]
Get:2 http://deb.debian.org/debian bookworm-updates InRelease [55.4 kB]
Get:3 http://deb.debian.org/debian-security bookworm-security InRelease [48.0 kB]
Get:4 http://deb.debian.org/debian bookworm/main amd64 Packages [8786 kB]
Get:5 http://deb.debian.org/debian bookworm-updates/main amd64 Packages [13.8 kB]
Get:6 http://deb.debian.org/debian-security bookworm-security/main amd64 Packages [156 kB]
Fetched 947 kB in 3s (372 kB/s)                                     
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
root@ed6e656342d4:/# apt install openssh-client
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  krb5-locales libbsd0 libcbor0.8 libedit2 libfido2-1 libgssapi-krb5-2 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 libssl3 libx11-6 libx11-data libxau6 libxcb1 libxdmcp6 libxext6
  libxmuu1 xauth
Suggested packages:
  krb5-doc krb5-user keychain libpam-ssh monkeysphere ssh-askpass
The following NEW packages will be installed:
  krb5-locales libbsd0 libcbor0.8 libedit2 libfido2-1 libgssapi-krb5-2 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 libssl3 libx11-6 libx11-data libxau6 libxcb1 libxdmcp6 libxext6
  libxmuu1 openssh-client xauth
0 upgraded, 20 newly installed, 0 to remove and 0 not upgraded.
Need to get 5327 kB of archives.
After this operation, 19.0 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://deb.debian.org/debian bookworm/main amd64 krb5-locales all 1.20.1-2+deb12u1 [62.7 kB]
Get:2 http://deb.debian.org/debian bookworm/main amd64 libbsd0 amd64 0.11.7-2 [117 kB]
Get:3 http://deb.debian.org/debian bookworm/main amd64 libedit2 amd64 3.1-20221030-2 [93.0 kB]
Get:4 http://deb.debian.org/debian bookworm/main amd64 libcbor0.8 amd64 0.8.0-2+b1 [27.4 kB]
Get:5 http://deb.debian.org/debian bookworm/main amd64 libssl3 amd64 3.0.11-1~deb12u2 [2019 kB]
Get:6 http://deb.debian.org/debian bookworm/main amd64 libfido2-1 amd64 1.12.0-2+b1 [77.2 kB]
Get:7 http://deb.debian.org/debian bookworm/main amd64 libkrb5support0 amd64 1.20.1-2+deb12u1 [32.4 kB]
Get:8 http://deb.debian.org/debian bookworm/main amd64 libk5crypto3 amd64 1.20.1-2+deb12u1 [78.9 kB]
Get:9 http://deb.debian.org/debian bookworm/main amd64 libkeyutils1 amd64 1.6.3-2 [8808 B]
Get:10 http://deb.debian.org/debian bookworm/main amd64 libkrb5-3 amd64 1.20.1-2+deb12u1 [332 kB]
Get:11 http://deb.debian.org/debian bookworm/main amd64 libgssapi-krb5-2 amd64 1.20.1-2+deb12u1 [134 kB]
Get:12 http://deb.debian.org/debian bookworm/main amd64 openssh-client amd64 1:9.2p1-2+deb12u2 [990 kB]
Get:13 http://deb.debian.org/debian bookworm/main amd64 libxau6 amd64 1:1.0.9-1 [19.7 kB]
Get:14 http://deb.debian.org/debian bookworm/main amd64 libxdmcp6 amd64 1:1.1.2-3 [26.3 kB]
Get:15 http://deb.debian.org/debian bookworm/main amd64 libxcb1 amd64 1.15-1 [144 kB]
Get:16 http://deb.debian.org/debian bookworm/main amd64 libx11-data all 2:1.8.4-2+deb12u2 [292 kB]
Get:17 http://deb.debian.org/debian bookworm/main amd64 libx11-6 amd64 2:1.8.4-2+deb12u2 [760 kB]
Get:18 http://deb.debian.org/debian bookworm/main amd64 libxext6 amd64 2:1.3.4-1+b1 [52.9 kB]                                                                                                
Get:19 http://deb.debian.org/debian bookworm/main amd64 libxmuu1 amd64 2:1.1.3-3 [23.9 kB]                                                                                                   
Get:20 http://deb.debian.org/debian bookworm/main amd64 xauth amd64 1:1.1.2-1 [36.0 kB]                                                                                                      
Fetched 5327 kB in 7s (731 kB/s)                                                                                                                                                             
debconf: delaying package configuration, since apt-utils is not installed
Selecting previously unselected package krb5-locales.
(Reading database ... 6090 files and directories currently installed.)
Preparing to unpack .../00-krb5-locales_1.20.1-2+deb12u1_all.deb ...
Unpacking krb5-locales (1.20.1-2+deb12u1) ...
Selecting previously unselected package libbsd0:amd64.
Preparing to unpack .../01-libbsd0_0.11.7-2_amd64.deb ...
Unpacking libbsd0:amd64 (0.11.7-2) ...
Selecting previously unselected package libedit2:amd64.
Preparing to unpack .../02-libedit2_3.1-20221030-2_amd64.deb ...
Unpacking libedit2:amd64 (3.1-20221030-2) ...
Selecting previously unselected package libcbor0.8:amd64.
Preparing to unpack .../03-libcbor0.8_0.8.0-2+b1_amd64.deb ...
Unpacking libcbor0.8:amd64 (0.8.0-2+b1) ...
Selecting previously unselected package libssl3:amd64.
Preparing to unpack .../04-libssl3_3.0.11-1~deb12u2_amd64.deb ...
Unpacking libssl3:amd64 (3.0.11-1~deb12u2) ...
Selecting previously unselected package libfido2-1:amd64.
Preparing to unpack .../05-libfido2-1_1.12.0-2+b1_amd64.deb ...
Unpacking libfido2-1:amd64 (1.12.0-2+b1) ...
Selecting previously unselected package libkrb5support0:amd64.
Preparing to unpack .../06-libkrb5support0_1.20.1-2+deb12u1_amd64.deb ...
Unpacking libkrb5support0:amd64 (1.20.1-2+deb12u1) ...
Selecting previously unselected package libk5crypto3:amd64.
Preparing to unpack .../07-libk5crypto3_1.20.1-2+deb12u1_amd64.deb ...
Unpacking libk5crypto3:amd64 (1.20.1-2+deb12u1) ...
Selecting previously unselected package libkeyutils1:amd64.
Preparing to unpack .../08-libkeyutils1_1.6.3-2_amd64.deb ...
Unpacking libkeyutils1:amd64 (1.6.3-2) ...
Selecting previously unselected package libkrb5-3:amd64.
Preparing to unpack .../09-libkrb5-3_1.20.1-2+deb12u1_amd64.deb ...
Unpacking libkrb5-3:amd64 (1.20.1-2+deb12u1) ...
Selecting previously unselected package libgssapi-krb5-2:amd64.
Preparing to unpack .../10-libgssapi-krb5-2_1.20.1-2+deb12u1_amd64.deb ...
Unpacking libgssapi-krb5-2:amd64 (1.20.1-2+deb12u1) ...
Selecting previously unselected package openssh-client.
Preparing to unpack .../11-openssh-client_1%3a9.2p1-2+deb12u2_amd64.deb ...
Unpacking openssh-client (1:9.2p1-2+deb12u2) ...
Selecting previously unselected package libxau6:amd64.
Preparing to unpack .../12-libxau6_1%3a1.0.9-1_amd64.deb ...
Unpacking libxau6:amd64 (1:1.0.9-1) ...
Selecting previously unselected package libxdmcp6:amd64.
Preparing to unpack .../13-libxdmcp6_1%3a1.1.2-3_amd64.deb ...
Unpacking libxdmcp6:amd64 (1:1.1.2-3) ...
Selecting previously unselected package libxcb1:amd64.
Preparing to unpack .../14-libxcb1_1.15-1_amd64.deb ...
Unpacking libxcb1:amd64 (1.15-1) ...
Selecting previously unselected package libx11-data.
Preparing to unpack .../15-libx11-data_2%3a1.8.4-2+deb12u2_all.deb ...
Unpacking libx11-data (2:1.8.4-2+deb12u2) ...
Selecting previously unselected package libx11-6:amd64.
Preparing to unpack .../16-libx11-6_2%3a1.8.4-2+deb12u2_amd64.deb ...
Unpacking libx11-6:amd64 (2:1.8.4-2+deb12u2) ...
Selecting previously unselected package libxext6:amd64.
Preparing to unpack .../17-libxext6_2%3a1.3.4-1+b1_amd64.deb ...
Unpacking libxext6:amd64 (2:1.3.4-1+b1) ...
Selecting previously unselected package libxmuu1:amd64.
Preparing to unpack .../18-libxmuu1_2%3a1.1.3-3_amd64.deb ...
Unpacking libxmuu1:amd64 (2:1.1.3-3) ...
Selecting previously unselected package xauth.
Preparing to unpack .../19-xauth_1%3a1.1.2-1_amd64.deb ...
Unpacking xauth (1:1.1.2-1) ...
Setting up libxau6:amd64 (1:1.0.9-1) ...
Setting up libkeyutils1:amd64 (1.6.3-2) ...
Setting up libcbor0.8:amd64 (0.8.0-2+b1) ...
Setting up libssl3:amd64 (3.0.11-1~deb12u2) ...
Setting up krb5-locales (1.20.1-2+deb12u1) ...
Setting up libkrb5support0:amd64 (1.20.1-2+deb12u1) ...
Setting up libx11-data (2:1.8.4-2+deb12u2) ...
Setting up libk5crypto3:amd64 (1.20.1-2+deb12u1) ...
Setting up libkrb5-3:amd64 (1.20.1-2+deb12u1) ...
Setting up libfido2-1:amd64 (1.12.0-2+b1) ...
Setting up libbsd0:amd64 (0.11.7-2) ...
Setting up libxdmcp6:amd64 (1:1.1.2-3) ...
Setting up libxcb1:amd64 (1.15-1) ...
Setting up libedit2:amd64 (3.1-20221030-2) ...
Setting up libgssapi-krb5-2:amd64 (1.20.1-2+deb12u1) ...
Setting up libx11-6:amd64 (2:1.8.4-2+deb12u2) ...
Setting up libxmuu1:amd64 (2:1.1.3-3) ...
Setting up openssh-client (1:9.2p1-2+deb12u2) ...
Setting up libxext6:amd64 (2:1.3.4-1+b1) ...
Setting up xauth (1:1.1.2-1) ...
Processing triggers for libc-bin (2.36-9+deb12u7) ...
root@ed6e656342d4:/# ssh -V
OpenSSH_9.2p1 Debian-2+deb12u2, OpenSSL 3.0.11 19 Sep 2023
root@ed6e656342d4:/# ssh -v root@baidu.com -p 443
OpenSSH_9.2p1 Debian-2+deb12u2, OpenSSL 3.0.11 19 Sep 2023
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to baidu.com [110.242.68.66] port 443.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa_sk type -1
debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_ed25519_sk type -1
debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2
debug1: kex_exchange_identification: banner line 0: HTTP/1.1 302 Moved Temporarily
debug1: kex_exchange_identification: banner line 1: Server: bfe/1.0.8.18
debug1: kex_exchange_identification: banner line 2: Date: Thu, 16 May 2024 12:36:11 GMT
debug1: kex_exchange_identification: banner line 3: Content-Type: text/html
debug1: kex_exchange_identification: banner line 4: Content-Length: 161
debug1: kex_exchange_identification: banner line 5: Connection: close
debug1: kex_exchange_identification: banner line 6: Location: http://www.baidu.com/error.html
debug1: kex_exchange_identification: banner line 7: 
debug1: kex_exchange_identification: banner line 8: <html>
debug1: kex_exchange_identification: banner line 9: <head><title>302 Found</title></head>
debug1: kex_exchange_identification: banner line 10: <body bgcolor="white">
debug1: kex_exchange_identification: banner line 11: <center><h1>302 Found</h1></center>
debug1: kex_exchange_identification: banner line 12: <hr><center>bfe/1.0.8.18</center>
debug1: kex_exchange_identification: banner line 13: </body>
debug1: kex_exchange_identification: banner line 14: </html>
kex_exchange_identification: Connection closed by remote host
Connection closed by 110.242.68.66 port 443

It seems to be a problem with openssh-client and the environment. It is not appropriate to discuss it here. I will synchronize it with everyone after I find out the specific reasons.

[thebalaa]

I suspect a routing or firewall issue.