Skip to content

SSH with an existing ingress controller results in message authentication code incorrect

Summary

Trying to SSH to the gitlab server results in an error.

Steps to reproduce

Latest helm chart installation of gitlab using an ingress controller already in the cluster. Everything else appears to be working and I can login to gitlab and start configuring. But trying to ssh results in an error.

Configuration used

nginx-ingress-controller.values.yaml

tcp:
  22: gitlab/gitlab-gitlab-shell:22

Results in the following in the nginx.conf

stream {
	log_format log_stream [$time_local] $protocol $status $bytes_sent $bytes_received $session_time;
	
	access_log /var/log/nginx/access.log log_stream;
	
	error_log  /var/log/nginx/error.log;
	
	# TCP services
	
	upstream tcp-22-gitlab-gitlab-gitlab-shell-22 {
		
		server                  172.26.0.87:2222;
		
		server                  172.26.1.12:2222;
		
	}
	server {
		
		listen                  22;
		
		proxy_timeout           600s;
		proxy_pass              tcp-22-gitlab-gitlab-gitlab-shell-22;
		
	}
	
	# UDP services
	
}

Current behavior

ssh user@ourdomain.com results in

Bad packet length 1349676916.
ssh_dispatch_run_fatal: Connection to 172.26.1.59 port 22: message authentication code incorrect

Expected behavior

Expecting to be able to ssh properly. It's getting to the gitlab-shell pod, but there seems to be a misconfiguration somewhere.

Versions

  • Chart: Latest version
  • Platform:
    • Cloud: EKS
    • Self-hosted: (OpenShift | Minikube | Rancher RKE | ?)
  • Kubernetes: (kubectl version)
    • Client Version: version.Info{Major:"1", Minor:"11", GitVersion:"v1.11.2", GitCommit:"bb9ffb1654d4a729bb4cec18ff088eacc153c239", GitTreeState:"clean", BuildDate:"2018-08-08T16:31:10Z", GoVersion:"go1.10.3", Compiler:"gc", Platform:"darwin/amd64"}
    • Server Version: version.Info{Major:"1", Minor:"10+", GitVersion:"v1.10.3-eks", GitCommit:"58c199a59046dbf0a13a387d3491a39213be53df", GitTreeState:"clean", BuildDate:"2018-09-21T21:00:04Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}
  • Helm: (helm version)
    • Client: &version.Version{SemVer:"v2.9.1", GitCommit:"20adb27c7c5868466912eebdf6664e7390ebe710", GitTreeState:"clean"}
    • Server: &version.Version{SemVer:"v2.9.1", GitCommit:"20adb27c7c5868466912eebdf6664e7390ebe710", GitTreeState:"clean"}

Relevant logs

kubectl logs gitlab-gitlab-shell-6785479488-84rzj -n gitlab

Bad protocol version identification 'PROXY TCP4 192.168.1.216 172.26.1.59 54083 22' from 172.26.0.90 port 34026
Edited by Rick Baker