Project

General

Profile

Actions
Copy link

Task #16212

closed
FD IA

SSH-Zugang zum Hephaestus Staging-Server nicht möglich

Task #16212: SSH-Zugang zum Hephaestus Staging-Server nicht möglich

Added by Felix Dietrich about 2 months ago. Updated about 2 months ago.

Status:
Closed
Priority:
Major
Assignee:
Ignacio Alejandro
Start date:
06.03.2026
Due date:
% Done:

0%

Estimated time:
SecReporter:
Originally created on:
02.12.2025
Originally updated on:
20.01.2026
Original due date:

Description

Hallo,

ich kann mich nicht per SSH im VPN mit dem Hephaestus Staging-Server verbinden:

ssh

Die Verbindung zum Production-Server funktioniert problemlos:
ssh

Diagnose:

  • Production-Server (131.159.89.7): Port 22 erreichbar ✓
  • Staging-Server (131.159.89.80): Port 22 nicht erreichbar ✗
  • Ping zum Staging-Server: 100% Paketverlust

Mögliche Ursachen:

  1. Firewall-Regeln blockieren SSH (Port 22) zum Staging-Server
  2. Die VM ist nicht erreichbar/gestartet
  3. Unterschiedliche Netzwerksegmente mit verschiedenen Zugriffsrechten

Könntest du bitte prüfen, ob:

  • Ob die Staging-VM läuft
  • SSH (Port 22) in der Firewall für VPN-Zugriff freigegeben ist

Danke und Grüße!

IA Updated by Ignacio Alejandro about 2 months ago Actions
Copy link
 #2

Hi Felix,
thanks for reaching out, I've had a look at the problem. It is indeed a network configuration issue. There seems to be a broken docker network that matches our VPN subnetwork and thus routes the traffic back.

Before changing anything, do you know what is currently running there?
To fix the routing, I would need to remove the unused/obsolete Docker networks. This would be a destructive action if any active setup depends on them, so I want to confirm with you first

Cheers
Nacho

FD Updated by Felix Dietrich about 2 months ago Actions
Copy link
 #3

Yes that's fine. I can restore the network. Currently Hephaestus Staging is running from /opt/hephaestus.

Thanks for helping with a fix so quickly!

IA Updated by Ignacio Alejandro about 2 months ago Actions
Copy link
 #4

Ok ich habe ein
docker network prune

ausgeführt, was die alte Netzwerke gelöscht hat. Es scheint aber ein Programm zu geben, das automatisch Netzwerke einstellt für docker. Oder eventuell werden containers von compose manuell gelöscht? Man soll sich das in der Docker-App anschauen, hier eine Referenz der erstellten Netzwerken:

root@hephaestus-staging /h/ge95rof# ip -c r
default via 131.159.89.126 dev ens18 proto dhcp src 131.159.89.80 metric 100
131.159.89.0/25 dev ens18 proto kernel scope link src 131.159.89.80 metric 100
131.159.89.126 dev ens18 proto dhcp scope link src 131.159.89.80 metric 100
131.159.254.1 via 131.159.89.126 dev ens18 proto dhcp src 131.159.89.80 metric 100
131.159.254.2 via 131.159.89.126 dev ens18 proto dhcp src 131.159.89.80 metric 100
131.159.254.77 via 131.159.89.126 dev ens18 proto dhcp src 131.159.89.80 metric 100
131.159.254.94 via 131.159.89.126 dev ens18 proto dhcp src 131.159.89.80 metric 100
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
172.18.0.0/16 dev br-9c16771e7382 proto kernel scope link src 172.18.0.1
172.19.0.0/16 dev br-3488e1a763a5 proto kernel scope link src 172.19.0.1 linkdown
172.20.0.0/16 dev br-135dc8331299 proto kernel scope link src 172.20.0.1
172.21.0.0/16 dev br-a1c7bc0b33fe proto kernel scope link src 172.21.0.1 linkdown
172.22.0.0/16 dev br-d7f6de64fbc2 proto kernel scope link src 172.22.0.1 linkdown
172.23.0.0/16 dev br-63464467ce24 proto kernel scope link src 172.23.0.1 linkdown
172.25.0.0/16 dev br-e9efa192e117 proto kernel scope link src 172.25.0.1 linkdown
172.26.0.0/16 dev br-10733d4c16b8 proto kernel scope link src 172.26.0.1 linkdown
172.27.0.0/16 dev br-3d73a1bb8026 proto kernel scope link src 172.27.0.1 linkdown
172.28.0.0/16 dev br-3610875c7d18 proto kernel scope link src 172.28.0.1 linkdown

root@hephaestus-staging /h/ge95rof [1]# docker network inspect 3d73a1bb8026
[
    {
        "Name": "uw848soog8scwkoc8gskws48",
        "Id": "3d73a1bb80262f783a8e38ff3bdf967b5f8a1897622fab65d6368645c1469324",
        "Created": "2025-01-28T09:49:58.324926981Z",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "172.27.0.0/16",
                    "Gateway": "172.27.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": true,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {},
        "Options": {},
        "Labels": {}
    }
]

root@hephaestus-staging /h/ge95rof# docker network ls
NETWORK ID     NAME                       DRIVER    SCOPE
35d8b313ee04   bridge                     bridge    local
3610875c7d18   ccgskk8                    bridge    local
63464467ce24   f4cwcwc                    bridge    local
e8efc92a2075   f4cwcwc_common-network     bridge    local
d47f6ecfd96c   host                       host      local
135dc8331299   jwc00og                    bridge    local
97c9397c1a8e   none                       null      local
d7f6de64fbc2   rckok4g-16                 bridge    local
3488e1a763a5   s0w44co                    bridge    local
9c16771e7382   shared-network             bridge    local
3d73a1bb8026   uw848soog8scwkoc8gskws48   bridge    local
a1c7bc0b33fe   zksoc0g                    bridge    local
10733d4c16b8   zksoc0g-75                 bridge    local
e9efa192e117   zksoc0g_app-network        bridge    local
Actions
Copy link

Also available in: PDF Atom