mZoo
August 16, 2022, 5:47pm
1
Hi. Using a pretty recent Trellis codebase (June 2022 "Add built-in fail2ban filters") on a year old DO droplet, we seem to be hitting this issue with connection refused.
The server says it has
OpenSSH_8.2p1 Ubuntu-4ubuntu0.2, OpenSSL 1.1.1g 21 Apr 2020
Locally ssh -V returns OpenSSH_8.6p1, LibreSSL 3.3.6.
Confirmed the IP is being temporarily banned.
Ansible.cfg looks like this:
[ssh_connection]
ssh_args = -o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s
retries = 1
Tried updating to the latest from codebase
[ssh_connection]
ssh_args = -o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s -o HostKeyAlgorithms=ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa
retries = 1
Still same error. Does it have to do with Ansible version?
(On 2.10.16, but not sure what the server was initially provisioned with.)
Thanks, as always.
How or what did you do to confirm this?
Very unlikely the Ansible version would affect this.
If the IP was banned by fail2ban, there’s a few things you can do:
Manually unban the IP. Here’s a solution that might work
or just wait for the ban to expire
set the whitelist ignore IP manually to contain the IPs you want: trellis/security.yml at 4d1e5f403d73fd095e7967f101dc68eceab1ae98 · roots/trellis · GitHub
mZoo
August 16, 2022, 9:21pm
4
Thanks, Scott.
trellis ssh stagingin a separate terminal, run trellis provision --tags users staging
trellis ssh staging fails connect to host... port 22: Connection refusedon server sudo tail -10 /var/log/fail2ban.log returns my IP address
After a few minutes (untimed) I can connect again
However I still can’t run provisioning command.
Seems my current IP wasn’t whitelisted. Solved, I believe, by manually updating /etc/fail2ban/jail.local:
[DEFAULT]
ignoreip = 127.0.0.0/8 perhaps.old.ip.here ADD.CURRENT.IP.HERE
Then restarting systemctl restart fail2ban.
Had to do that for both staging and production on this site. Not sure why my IP address changed, or if that’s what caused the issue.
2 Likes