GitLab Shell logs filled with"Did not receive identification string from" messages

Summary

On a freshly deployed instance, GitLab Shell logs are filled with logs like the following

kubectl logs -f -l app=gitlab-shell
==> /var/log/gitlab-shell/gitlab-shell.log <==

==> /var/log/gitlab-shell/ssh.log <==
/etc/ssh/sshd_config line 91: Deprecated option UsePrivilegeSeparation
Server listening on 0.0.0.0 port 2222.
Server listening on :: port 2222.
rexec line 91: Deprecated option UsePrivilegeSeparation
Did not receive identification string from 10.100.2.1 port 46146
rexec line 91: Deprecated option UsePrivilegeSeparation
Did not receive identification string from 10.100.2.1 port 46286
rexec line 91: Deprecated option UsePrivilegeSeparation
Did not receive identification string from 10.100.2.1 port 46356
rexec line 91: Deprecated option UsePrivilegeSeparation
Did not receive identification string from 10.100.2.1 port 46388
rexec line 91: Deprecated option UsePrivilegeSeparation
Invalid user ywdd from 10.100.2.45 port 35142
Received disconnect from 10.100.2.45 port 35142:11: Bye Bye [preauth]
Disconnected from invalid user ywdd 10.100.2.45 port 35142 [preauth]
rexec line 91: Deprecated option UsePrivilegeSeparation
Did not receive identification string from 10.100.2.1 port 46430
rexec line 91: Deprecated option UsePrivilegeSeparation
Did not receive identification string from 10.100.2.1 port 46464
rexec line 91: Deprecated option UsePrivilegeSeparation
Did not receive identification string from 10.100.2.1 port 46502

I've opened !1682 (merged) to handle the deprecation warning. But, two other things remain

  1. "Did not receive identification string from 10.100.2.1 port xxxx" - who is triggering these login attempts
  2. Who is invalid user ywdd who is logging in from a local IP? 🤔

Steps to reproduce

Deploy latest master

Configuration used

(Please provide a sanitized version of the configuration used wrapped in a code block (```yaml))

global:
  hosts:
    domain: <domain>
    externalIP: <ip>
  ingress:
    configureCertmanager: false
    tls:
      secretName: <tls secret>
  imagePullPolicy: Always
gitlab-runner:
  runners:
    privileged: true
nginx-ingress:
  controller:
    replicaCount: 1
    minAvailable: 0
  defaultBackend:
    replicaCount: 1
    minAvailable: 0
registry:
  hpa:
    minReplicas: 1
    maxReplicas: 1
gitlab:
  gitlab-shell:
    minReplicas: 1
    maxReplicas: 1
  webservice:
    minReplicas: 1
    maxReplicas: 2
  sidekiq:
    minReplicas: 1
    maxReplicas: 1

Current behavior

(What you're experiencing happening)

Expected behavior

(What you're expecting to happen)

Versions

  • Chart: (tagged version | branch | hash git rev-parse HEAD)
  • Platform:
    • Cloud: (GKE | AKS | EKS | ?)
    • Self-hosted: (OpenShift | Minikube | Rancher RKE | ?)
  • Kubernetes: (kubectl version)
    • Client:
    • Server:
  • Helm: (helm version)
    • Client:
    • Server:

Relevant logs

(Please provide any relevant log snippets you have collected, using code blocks (```) to format)