github-starred/frp
2
0
Fork 0
mirror of https://github.com/fatedier/frp.git synced 2026-05-15 08:05:49 -06:00
Code Issues 40 Projects Packages Wiki Activity Actions 1

[GH-ISSUE #1669] Traefik + Frp does not seem to work together(ssh_exchange_identification: Connection closed by remote host) #1318

New issue
Closed
opened 2026-05-05 12:50:25 -06:00 by gitea-mirror · 2 comments
gitea-mirror commented 2026-05-05 12:50:25 -06:00
Owner
Copy link

Originally created by @Lilja on GitHub (Feb 20, 2020).
Original GitHub issue: https://github.com/fatedier/frp/issues/1669

I'm using traefik for loadbalancing / not having to worrying about port forwarding. I've defined two traefik entrypoints(port 7303, 7304) that I'm able to communicate with from the client. As traefik will handle redirect, it needs to run in it's own network. Therefore I am not using network_mode: host on the server. All of the devices are currently on LAN. I've edited /etc/hosts to make my dns resolution work(192.168.0.27 domain.net)

pi@organa:~ $ nc -v -z domain.net 7304
Connection to domain.net 7304 port [tcp/*] succeeded!
pi@organa:~ $ nc -v -z domain.net 7303
Connection to domain.net 7303 port [tcp/*] succeeded!

My frps.ini are as follows.

[common]
bind_port = 7000
token = {{ .Envs.FRP_PRIVILEGE_TOKEN }}
log_level = debug

My frpc.ini are as follows.

[common]
server_addr = domain.net
server_port = 7303
token = {{ .Envs.FRP_PRIVILEGE_TOKEN }}
log_level = trace

[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 7304

Logs-server:

2020/02/20 13:24:06 [I] [service.go:152] frps tcp listen on 0.0.0.0:7000
2020/02/20 13:24:06 [I] [root.go:205] start frps success
2020/02/20 13:24:17 [I] [service.go:392] [f8f4fd6c3b7e312b] client login info: ip [192.168.64.4:51410] version [0.31.2] hostname [] os [linux] arch [arm]
2020/02/20 13:24:17 [D] [control.go:217] [f8f4fd6c3b7e312b] new work connection registered
2020/02/20 13:24:17 [I] [tcp.go:63] [f8f4fd6c3b7e312b] [ssh] tcp proxy listen port [7304]
2020/02/20 13:24:17 [I] [control.go:445] [f8f4fd6c3b7e312b] new proxy [ssh] success
2020/02/20 13:24:22 [D] [proxy.go:150] [f8f4fd6c3b7e312b] [ssh] get a user connection [192.168.64.4:51364]
2020/02/20 13:24:22 [D] [control.go:245] [f8f4fd6c3b7e312b] get work connection from pool
2020/02/20 13:24:22 [I] [proxy.go:92] [f8f4fd6c3b7e312b] [ssh] get a new work connection: [192.168.64.4:51410]
2020/02/20 13:24:22 [D] [proxy.go:237] [f8f4fd6c3b7e312b] [ssh] join connections, workConn(l[192.168.64.8:7000] r[192.168.64.4:51410]) userConn(l[192.168.64.8:7304] r[192.168.64.4:51364])
2020/02/20 13:24:22 [D] [control.go:217] [f8f4fd6c3b7e312b] new work connection registered
2020/02/20 13:24:22 [D] [proxy.go:251] [f8f4fd6c3b7e312b] [ssh] join connections closed
2020/02/20 13:24:47 [D] [control.go:457] [f8f4fd6c3b7e312b] receive heartbeat
2020/02/20 13:25:17 [D] [control.go:457] [f8f4fd6c3b7e312b] receive heartbeat
2020/02/20 13:25:47 [D] [control.go:457] [f8f4fd6c3b7e312b] receive heartbeat
2020/02/20 13:26:08 [D] [control.go:332] [f8f4fd6c3b7e312b] control connection closed
2020/02/20 13:26:08 [I] [control.go:305] [f8f4fd6c3b7e312b] control writer is closing
2020/02/20 13:26:08 [I] [proxy.go:76] [f8f4fd6c3b7e312b] [ssh] proxy closing
2020/02/20 13:26:08 [I] [proxy.go:147] [f8f4fd6c3b7e312b] [ssh] listener is closed
2020/02/20 13:26:08 [I] [control.go:383] [f8f4fd6c3b7e312b] client exit success
2020/02/20 13:26:08 [D] [service.go:365] Accept new mux stream error: EOF

Logs - client:

frpc    | 2020/02/20 13:24:17 [I] [service.go:250] [f8f4fd6c3b7e312b] login to server success, get run id [f8f4fd6c3b7e312b], server udp port [0]
frpc    | 2020/02/20 13:24:17 [I] [proxy_manager.go:144] [f8f4fd6c3b7e312b] proxy added: [ssh]
frpc    | 2020/02/20 13:24:17 [T] [proxy_wrapper.go:171] [f8f4fd6c3b7e312b] [ssh] change status from [new] to [wait start]
frpc    | 2020/02/20 13:24:17 [I] [control.go:164] [f8f4fd6c3b7e312b] [ssh] start proxy success
frpc    | 2020/02/20 13:24:22 [D] [proxy_wrapper.go:231] [f8f4fd6c3b7e312b] [ssh] start a new work connection, localAddr: 172.18.0.2:53454 remoteAddr: 192.168.0.27:7303
frpc    | 2020/02/20 13:24:22 [T] [proxy.go:524] [f8f4fd6c3b7e312b] [ssh] handle tcp work connection, use_encryption: false, use_compression: false
frpc    | 2020/02/20 13:24:22 [E] [proxy.go:581] [f8f4fd6c3b7e312b] [ssh] connect to local service [127.0.0.1:22] error: dial tcp 127.0.0.1:22: connect: connection refused

Logs - ssh window:

lovelog@skywalker:~$ ssh -v -p 7304 pi@domain.net
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n  7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to frps.dersand.net [192.168.0.27] port 7304.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/x/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/x/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/x/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/x/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/x/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/x/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/x/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/x/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
ssh_exchange_identification: Connection closed by remote host

What version of frp are you using (./frpc -v or ./frps -v)?
Frps: 0.31.2(docker container)
Frpc: 0.31.1(docker container)

What operating system and processor architecture are you using (go env)?
docker, on amd64 and arm32v7(raspberry pi client)

Configures you used:
The server - with traefik is configured with this docker-compose.

  proxy-server:
    image: "snowdreamtech/frps"
    container_name: "proxy-server"
    restart: always
    volumes:
      - "./secrets/frps.ini:/etc/frp/frps.ini:ro"
    env_file:
      - ./secrets/frps.env
    labels:
      - "traefik.enable=true"
      # Client connect -> Server
      - "traefik.tcp.routers.frps-server.rule=HostSNI(`*`)"
      - "traefik.tcp.services.frps-server.loadbalancer.server.port=7000"
      - "traefik.tcp.routers.frps-server.service=frps-server"
      - "traefik.tcp.routers.frps-server.entrypoints=frps-entrypoint"
      # SSH Clients -> Server -> client
      - "traefik.tcp.routers.organa-relay-server.rule=HostSNI(`*`)"
      - "traefik.tcp.services.organa-relay-server.loadbalancer.server.port=7304"
      - "traefik.tcp.routers.organa-relay-server.service=organa-relay-server"
      - "traefik.tcp.routers.organa-relay-server.entrypoints=organa-relay"

Describe the results you received:
error: ssh_exchange_identification: Connection closed by remote host

Describe the results you expected:
I should be prompted with a password to connect to the server

Originally created by @Lilja on GitHub (Feb 20, 2020). Original GitHub issue: https://github.com/fatedier/frp/issues/1669 I'm using [traefik](https://github.com/containous/traefik) for loadbalancing / not having to worrying about port forwarding. I've defined two traefik entrypoints(port 7303, 7304) that I'm able to communicate with from the client. As traefik will handle redirect, it needs to run in it's own network. Therefore I am **not** using `network_mode: host` on the server. All of the devices are currently on LAN. I've edited `/etc/hosts` to make my dns resolution work(`192.168.0.27 domain.net`) ```bash pi@organa:~ $ nc -v -z domain.net 7304 Connection to domain.net 7304 port [tcp/*] succeeded! pi@organa:~ $ nc -v -z domain.net 7303 Connection to domain.net 7303 port [tcp/*] succeeded! ``` My `frps.ini` are as follows. ```ini [common] bind_port = 7000 token = {{ .Envs.FRP_PRIVILEGE_TOKEN }} log_level = debug ``` My `frpc.ini` are as follows. ```ini [common] server_addr = domain.net server_port = 7303 token = {{ .Envs.FRP_PRIVILEGE_TOKEN }} log_level = trace [ssh] type = tcp local_ip = 127.0.0.1 local_port = 22 remote_port = 7304 ``` Logs-server: ``` 2020/02/20 13:24:06 [I] [service.go:152] frps tcp listen on 0.0.0.0:7000 2020/02/20 13:24:06 [I] [root.go:205] start frps success 2020/02/20 13:24:17 [I] [service.go:392] [f8f4fd6c3b7e312b] client login info: ip [192.168.64.4:51410] version [0.31.2] hostname [] os [linux] arch [arm] 2020/02/20 13:24:17 [D] [control.go:217] [f8f4fd6c3b7e312b] new work connection registered 2020/02/20 13:24:17 [I] [tcp.go:63] [f8f4fd6c3b7e312b] [ssh] tcp proxy listen port [7304] 2020/02/20 13:24:17 [I] [control.go:445] [f8f4fd6c3b7e312b] new proxy [ssh] success 2020/02/20 13:24:22 [D] [proxy.go:150] [f8f4fd6c3b7e312b] [ssh] get a user connection [192.168.64.4:51364] 2020/02/20 13:24:22 [D] [control.go:245] [f8f4fd6c3b7e312b] get work connection from pool 2020/02/20 13:24:22 [I] [proxy.go:92] [f8f4fd6c3b7e312b] [ssh] get a new work connection: [192.168.64.4:51410] 2020/02/20 13:24:22 [D] [proxy.go:237] [f8f4fd6c3b7e312b] [ssh] join connections, workConn(l[192.168.64.8:7000] r[192.168.64.4:51410]) userConn(l[192.168.64.8:7304] r[192.168.64.4:51364]) 2020/02/20 13:24:22 [D] [control.go:217] [f8f4fd6c3b7e312b] new work connection registered 2020/02/20 13:24:22 [D] [proxy.go:251] [f8f4fd6c3b7e312b] [ssh] join connections closed 2020/02/20 13:24:47 [D] [control.go:457] [f8f4fd6c3b7e312b] receive heartbeat 2020/02/20 13:25:17 [D] [control.go:457] [f8f4fd6c3b7e312b] receive heartbeat 2020/02/20 13:25:47 [D] [control.go:457] [f8f4fd6c3b7e312b] receive heartbeat 2020/02/20 13:26:08 [D] [control.go:332] [f8f4fd6c3b7e312b] control connection closed 2020/02/20 13:26:08 [I] [control.go:305] [f8f4fd6c3b7e312b] control writer is closing 2020/02/20 13:26:08 [I] [proxy.go:76] [f8f4fd6c3b7e312b] [ssh] proxy closing 2020/02/20 13:26:08 [I] [proxy.go:147] [f8f4fd6c3b7e312b] [ssh] listener is closed 2020/02/20 13:26:08 [I] [control.go:383] [f8f4fd6c3b7e312b] client exit success 2020/02/20 13:26:08 [D] [service.go:365] Accept new mux stream error: EOF ``` Logs - client: ``` frpc | 2020/02/20 13:24:17 [I] [service.go:250] [f8f4fd6c3b7e312b] login to server success, get run id [f8f4fd6c3b7e312b], server udp port [0] frpc | 2020/02/20 13:24:17 [I] [proxy_manager.go:144] [f8f4fd6c3b7e312b] proxy added: [ssh] frpc | 2020/02/20 13:24:17 [T] [proxy_wrapper.go:171] [f8f4fd6c3b7e312b] [ssh] change status from [new] to [wait start] frpc | 2020/02/20 13:24:17 [I] [control.go:164] [f8f4fd6c3b7e312b] [ssh] start proxy success frpc | 2020/02/20 13:24:22 [D] [proxy_wrapper.go:231] [f8f4fd6c3b7e312b] [ssh] start a new work connection, localAddr: 172.18.0.2:53454 remoteAddr: 192.168.0.27:7303 frpc | 2020/02/20 13:24:22 [T] [proxy.go:524] [f8f4fd6c3b7e312b] [ssh] handle tcp work connection, use_encryption: false, use_compression: false frpc | 2020/02/20 13:24:22 [E] [proxy.go:581] [f8f4fd6c3b7e312b] [ssh] connect to local service [127.0.0.1:22] error: dial tcp 127.0.0.1:22: connect: connection refused ``` Logs - ssh window: ``` lovelog@skywalker:~$ ssh -v -p 7304 pi@domain.net OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to frps.dersand.net [192.168.0.27] port 7304. debug1: Connection established. debug1: key_load_public: No such file or directory debug1: identity file /home/x/.ssh/id_rsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/x/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/x/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/x/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/x/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/x/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/x/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/x/.ssh/id_ed25519-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 ssh_exchange_identification: Connection closed by remote host ``` **What version of frp are you using (./frpc -v or ./frps -v)?** Frps: `0.31.2`([docker container](https://github.com/snowdreamtech/frp/blob/master/frps/amd64/Dockerfile)) Frpc: `0.31.1`([docker container](https://github.com/vgist/dockerfiles/blob/84cfeb3cf1924e0525609172aa88c6bb9c96507f/frp/frpc/Dockerfile)) **What operating system and processor architecture are you using (`go env`)?** `docker, on amd64 and arm32v7(raspberry pi client)` **Configures you used:** The server - with traefik is configured with this docker-compose. ``` yaml proxy-server: image: "snowdreamtech/frps" container_name: "proxy-server" restart: always volumes: - "./secrets/frps.ini:/etc/frp/frps.ini:ro" env_file: - ./secrets/frps.env labels: - "traefik.enable=true" # Client connect -> Server - "traefik.tcp.routers.frps-server.rule=HostSNI(`*`)" - "traefik.tcp.services.frps-server.loadbalancer.server.port=7000" - "traefik.tcp.routers.frps-server.service=frps-server" - "traefik.tcp.routers.frps-server.entrypoints=frps-entrypoint" # SSH Clients -> Server -> client - "traefik.tcp.routers.organa-relay-server.rule=HostSNI(`*`)" - "traefik.tcp.services.organa-relay-server.loadbalancer.server.port=7304" - "traefik.tcp.routers.organa-relay-server.service=organa-relay-server" - "traefik.tcp.routers.organa-relay-server.entrypoints=organa-relay" ``` **Describe the results you received:** error: ssh_exchange_identification: Connection closed by remote host **Describe the results you expected:** I should be prompted with a password to connect to the server
gitea-mirror commented 2026-05-05 12:50:29 -06:00
Author
Owner
Copy link

@Lilja commented on GitHub (Feb 20, 2020):

Hmm. As per https://github.com/fatedier/frp/issues/907, i added network_mode: host on the raspberry pi(client). And it works! Seems to be unrelated to traefik.

Why is network mode needed on the client?

<!-- gh-comment-id:589225333 --> @Lilja commented on GitHub (Feb 20, 2020): Hmm. As per https://github.com/fatedier/frp/issues/907, i added `network_mode: host` on the raspberry pi(client). And it works! Seems to be unrelated to traefik. Why is network mode needed on the client?
gitea-mirror commented 2026-05-05 12:50:30 -06:00
Author
Owner
Copy link

@fatedier commented on GitHub (Feb 21, 2020):

@Lilja The container with Host network is in the same net namespace with your host machine, so it can connect to service on your host machine such as sshd.
Otherwise, it has it's own net namespace which has no sshd process listen on 22 port.

<!-- gh-comment-id:589564210 --> @fatedier commented on GitHub (Feb 21, 2020): @Lilja The container with `Host` network is in the same net namespace with your host machine, so it can connect to service on your host machine such as sshd. Otherwise, it has it's own net namespace which has no sshd process listen on 22 port.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
dev
new
master
copilot/review-pull-request-5198
v0.68.1
v0.68.0
v0.67.0
v0.66.0
v0.65.0
v0.64.0
v0.63.0
v0.62.1
v0.62.0
v0.61.2
v0.61.1
v0.61.0
v0.60.0
v0.59.0
v0.58.1
v0.58.0
v0.57.0
v0.56.0
v0.55.1
v0.55.0
v0.54.0
v0.53.2
v0.53.1
v0.53.0
v0.52.3
v0.52.2
v0.52.1
v0.52.0
v0.51.3
v0.51.2
v0.51.1
v0.51.0
v0.50.0
v0.49.0
v0.48.0
v0.47.0
v0.46.1
v0.46.0
v0.45.0
v0.44.0
v0.43.0
v0.42.0
v0.41.0
v0.40.0
v0.39.1
v0.39.0
v0.38.0
v0.37.1
v0.37.0
v0.36.2
v0.36.1
v0.36.0
v0.35.1
v0.35.0
v0.34.3
v0.34.2
v0.34.1
v0.34.0
v0.33.0
v0.32.1
v0.32.0
v0.31.2
v0.31.1
v0.31.0
v0.30.0
v0.29.1
v0.29.0
v0.28.2
v0.28.1
v0.28.0
v0.27.1
v0.27.0
v0.26.0
v0.25.3
v0.25.2
v0.25.1
v0.25.0
v0.24.1
v0.24.0
v0.23.3
v0.23.2
v0.23.1
v0.23.0
v0.22.0
v0.21.0
v0.20.0
v0.19.1
v0.19.0
v0.18.0
v0.17.0
v0.16.1
v0.16.0
v0.15.1
v0.15.0
v0.14.1
v0.14.0
v0.13.0
v0.12.0
v0.11.0
v0.10.0
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.1
v0.8.0
v0.7.0
v0.6.0
v0.5.0
v0.3.0
v0.2.0
v0.1.0
Labels
Clear labels   
In Progress

   
WIP

   
WaitingForInfo

   
bug

   
doc

   
duplicate

   
easy

   
enhancement

   
future

   
help wanted

   
invalid

   
lifecycle/stale

   
need-issue-template

   
need-usage-help

   
no plan

   
proposal

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
todo
No labels
In Progress
WIP
WaitingForInfo
bug
doc
duplicate
easy
enhancement
future
help wanted
invalid
lifecycle/stale
need-issue-template
need-usage-help
no plan
proposal
pull-request
question
todo
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/frp#1318
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?