Crazy number of Connection closed by logs #258
Labels
No Label
has
backport
in progress
invalid
kind
breaking
kind
bug
kind
build
kind
dependency
kind
deployment
kind
docs
kind
enhancement
kind
feature
kind
lint
kind
proposal
kind
question
kind
refactor
kind
security
kind
testing
kind
translation
kind
ui
need
backport
priority
critical
priority
low
priority
maybe
priority
medium
reviewed
duplicate
reviewed
invalid
reviewed
wontfix
skip-changelog
status
blocked
status
needs-feedback
status
needs-reviews
status
wip
upstream
gitea
upstream
other
No Milestone
No Assignees
5 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: gitea/helm-chart#258
Loading…
Reference in New Issue
Block a user
No description provided.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Our log server record huge number of "Connection closed by 10.X.Y.Z port ABC" events. They are almost 3 events per second.
My first thought was bruteforce attempt but it is all from a local IP and happening every day all the time.
Is there a way to disable it? or figure out what is making these connections?
Relevant part of values.yaml
We had a dedicated loadbalancer on port 22 and map to ClusterIP of gitea-ssh service. We also use Cloudflare Spectrum service to tunnel SSH connections. Cloudflare does not show there are any connection to this service from public. So I am guessing these are internal connection or false logs?
I also have the same issue using the 1.15.8 release. It doesn't cause any issue that I can see nor connection, so I'm not sure where the logs are coming from.
Any luck on this? Same issue with 1.16.1
I've disabled connection from public. Still getting the logs. It seems to be an inner cluster connection/prob against SSH service.
Looks similar as #224
These logs are related to openssh loglevel (not gitea). See a workaround at #224 (comment)
Connection attempts are from multiple nodes:
cilium
,csi
orkube-proxy
that are not SSH compatible.@pat-s Isn't this already resolved due to the configurable SSH log level or do I miss something obvious about this issue? #358
@justusbunsi I can confirm by setting SSH log level (https://gitea.com/pi3ch/helm-chart/src/branch/main/values.yaml#L352) to FATAL the logs are not shown but I don't think this has addressed the underlying problem.
The problem only start to appear when there is LoadBalancer exposing SSH to public.
@justusbunsi I wonder if should change the default to
ssh.logLevel: FATAL
? Otherwise these messages only swamp the logs and might cause more concern than anything else.Sounds good.EDIT: I was too lax with my response. It would reduce the logged events but the underlying issue would still be there. And you don't see warnings anymore. Default log levels shouldn't mute warnings. IMO.