Anyone have any experience doing SSH over IngressRouteTCP?
Overall it should be working, but Traefik is doing something weird to the traffic.
$ ssh XX.XX.XX.XX -v
OpenSSH_8.8p1, OpenSSL 1.1.1m 14 Dec 2021
debug1: Reading configuration data /home/kallisti5/.ssh/config
debug1: /home/kallisti5/.ssh/config line 6: Applying options for XX.XX.XX.XX
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to XX.XX.XX.XX [XX.XX.XX.XX] port 22.
debug1: Connection established.
debug1: identity file /home/kallisti5/.ssh/id_ed25519 type 3
debug1: identity file /home/kallisti5/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.8
debug1: Remote protocol version 2.0, remote software version GerritCodeReview_3.3.8 (APACHE-SSHD-2.4.0)
debug1: compat_banner: no match: GerritCodeReview_3.3.8 (APACHE-SSHD-2.4.0)
debug1: Authenticating to XX.XX.XX.XX:22 as 'kallisti5'
debug1: load_hostkeys: fopen /home/kallisti5/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
Bad packet length 1433301877.
ssh_dispatch_run_fatal: Connection to XX.XX.XX.XX port 22: message authentication code incorrect
Here's the IngressRouteTCP:
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
name: git-ingresstcp
spec:
entryPoints:
- gitssh
routes:
- match: "HostSNI(`*`)"
services:
- name: git-ssh
port: git
weight: 10
terminationDelay: 90000
proxyProtocol:
version: 1
I can access the SSH port from the service just fine via kubectl port-forward. I can also access the SSH port just fine from within the Traefik container using the internal IP address Traefik is using for the service per the WebUI.
Traefik has a dedicated entry point for this:
- --entrypoints.gitssh.address=:22