SSH connection failed

[oleg-maleg]

I'm installed Netmaker with this configuration wget -qO - https://raw.githubusercontent.com/gravitl/netmaker/master/scripts/nm-quick.sh | sudo bash -s -- -v true -c 10 after installation, almost all functions work, except for the ability to connect to servers via the ssh protocol VM is on GCP All firewall rules are added When VPN is on all features are working fine, but when I'm trying to connect to the server by this command gcloud compute ssh --zone "my-zone-1a" "my-server" --project "my-project" - its stuck without a VPN connection, it works. ready to provide more information if needed

[ok-john]

Could you try to ssh into the host without using the gcloud compute ssh command and see if it still doesn't work? You can also add any logs from the file at /var/log/netclient.log.

I was thinking gcloud might use a different port for ssh and since we setup routing for port 22 that could be the issue, but looks like they're also using port 22.

Then I noticed this bit here, which could be the issue:

gcloud compute ssh is a thin wrapper around the ssh(1) command that takes care of authentication and the translation of the instance name into an IP address.

Perhaps gcloud is translating the instance name to a different IP than you're expecting, trying to ssh directly without using gcloud compute ssh should be a decent indicator if this assumption is correct.

[oleg-maleg]

Hey I tried to connect without the google cloud command and still the connection via the ssh protocol does not work. I am trying to connect to a server in AWS and the connection is not established connection stops at step debug1: Connecting to 18.130.. [18.130..] port 22. and after some time I receive ssh: connect to host 18.130.. port 22: Connection timed out but without VPN it works fine

maybe it's that I missed some firewall settings in GCP?

[oleg-maleg]

Hey to everyone! I found the solution how to fix the ssh issue, but I'm not sure if this is a good way. Need to remove ssh from line PORT_FORWARD_SERVICES: "mq,dns,ssh" in docker-compose.yml and it will work I don't quite understand the consequences of this removal. if someone can explain the consequences it would be great

[afeiszli]

the "ssh" stanza has been removed by default as of 0.12.1. An explanation for those who read this issue:

When "ssh" is enabled under port forwarding, the server will forward all requests to port 22 to the host. Why? This allows clients to SSH to the server (netmaker) over its WireGuard address, which was a requested feature.

However, this also means that any requests to 22 will go to the host. Since an ingress gateway on the server will route ssh requests through the server first, it hits this iptables rule, which conflicts, and routes the traffic to the host, rather than to the intended machine.