[GH-ISSUE #2470] Can check ssh connection failed in frps log? #1960

New issue

Closed

opened 2026-05-05 13:15:44 -06:00 by gitea-mirror · 11 comments

gitea-mirror commented 2026-05-05 13:15:44 -06:00

Owner

Copy link

Originally created by @MikoyChinese on GitHub (Jul 7, 2021).
Original GitHub issue: https://github.com/fatedier/frp/issues/2470

Hi,

These days I found a lot of ssh connection in my frp client, but I just obtain 127.0.0.1 connection log in my ssh log file, and I check my frp server which only can show the real ip connect but no checking it failed or not.

Here is frp server log:

[ssh] get a user connection [138.197.161.253:33026]

Can I check if this ip try to brute-force attack my client, and use the fail2ban tool to forbiden it? If you can add the failed message in the frps log file, or show the real ip in the client log file, I think it will work well.

Thanks.

Originally created by @MikoyChinese on GitHub (Jul 7, 2021). Original GitHub issue: https://github.com/fatedier/frp/issues/2470 Hi, These days I found a lot of ssh connection in my frp client, but I just obtain 127.0.0.1 connection log in my ssh log file, and I check my frp server which only can show the real ip connect but no checking it failed or not. Here is frp server log: ```bash [ssh] get a user connection [138.197.161.253:33026] ``` Can I check if this ip try to brute-force attack my client, and use the fail2ban tool to forbiden it? If you can add the failed message in the frps log file, or show the real ip in the client log file, I think it will work well. Thanks.

gitea-mirror 2026-05-05 13:15:44 -06:00

• closed this issue
• added the
  lifecycle/stale
  label

gitea-mirror commented 2026-05-05 13:15:47 -06:00

Author

Owner

Copy link

@fatedier commented on GitHub (Jul 8, 2021):

frp do not parse traffic content between your ssh server and client. So it can't judge if the connection is failed or normal closed.

<!-- gh-comment-id:876091309 --> @fatedier commented on GitHub (Jul 8, 2021): frp do not parse traffic content between your ssh server and client. So it can't judge if the connection is failed or normal closed.

gitea-mirror commented 2026-05-05 13:15:48 -06:00

Author

Owner

Copy link

@MikoyChinese commented on GitHub (Jul 8, 2021):

Or can add a flag to tell server or client, if use this module it will send the real ip for proxy, and it will show in the ssh client log, not show from 127.0.0.1, port xxx.

<!-- gh-comment-id:876095165 --> @MikoyChinese commented on GitHub (Jul 8, 2021): Or can add a flag to tell server or client, if use this module it will send the real ip for proxy, and it will show in the ssh client log, not show from 127.0.0.1, port xxx.

gitea-mirror commented 2026-05-05 13:15:48 -06:00

Author

Owner

Copy link

@fatedier commented on GitHub (Jul 8, 2021):

https://github.com/fatedier/frp#proxy-protocol

<!-- gh-comment-id:876097503 --> @fatedier commented on GitHub (Jul 8, 2021): https://github.com/fatedier/frp#proxy-protocol

gitea-mirror commented 2026-05-05 13:15:49 -06:00

Author

Owner

Copy link

@MikoyChinese commented on GitHub (Jul 8, 2021):

For ssh, Does that mean I should add proxy_protocol_version = v2 for obtaining the real ip from frp service?

[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 10001
# This is for real ip?
proxy_protocol_version = v2

<!-- gh-comment-id:876102244 --> @MikoyChinese commented on GitHub (Jul 8, 2021): For ssh, Does that mean I should add `proxy_protocol_version = v2` for obtaining the real ip from frp service? ``` [ssh] type = tcp local_ip = 127.0.0.1 local_port = 22 remote_port = 10001 # This is for real ip? proxy_protocol_version = v2 ```

gitea-mirror commented 2026-05-05 13:15:50 -06:00

Author

Owner

Copy link

@fatedier commented on GitHub (Jul 8, 2021):

Yes, you should write your own service before ssh server to parse Proxy Protocol to get real ip.

<!-- gh-comment-id:876108850 --> @fatedier commented on GitHub (Jul 8, 2021): Yes, you should write your own service before ssh server to parse Proxy Protocol to get real ip.

gitea-mirror commented 2026-05-05 13:15:51 -06:00

Author

Owner

Copy link

@MikoyChinese commented on GitHub (Jul 8, 2021):

Ok, I will try nginx or python to analyzethe Proxy Protocol.

<!-- gh-comment-id:876125819 --> @MikoyChinese commented on GitHub (Jul 8, 2021): Ok, I will try nginx or python to analyzethe Proxy Protocol.

gitea-mirror commented 2026-05-05 13:15:51 -06:00

Author

Owner

Copy link

@MikoyChinese commented on GitHub (Jul 8, 2021):

Hi, bro

I found the Proxy Protocol in sshd log file such like 1xx.6.xx.xx 10.0.12.11 40398 32255, what is the meaning?
And I found nginx document have some variables $proxy_protocol_addr, $proxy_protocol_port, $remote_addr, $remote_port.

So,
1xx.6.xx.xx ==> remote_addr
40398 ==> remote_port
32255 ==> proxy_protocol_port
10.0.12.11 ==> proxy_protocol_addr
, am I right?

<!-- gh-comment-id:876136128 --> @MikoyChinese commented on GitHub (Jul 8, 2021): Hi, bro I found the Proxy Protocol in sshd log file such like `1xx.6.xx.xx 10.0.12.11 40398 32255`, what is the meaning? And I found nginx document have some variables `$proxy_protocol_addr`, `$proxy_protocol_port`, `$remote_addr`, `$remote_port`. So, 1xx.6.xx.xx ==> remote_addr 40398 ==> remote_port 32255 ==> proxy_protocol_port 10.0.12.11 ==> proxy_protocol_addr , am I right?

gitea-mirror commented 2026-05-05 13:15:52 -06:00

Author

Owner

Copy link

@MikoyChinese commented on GitHub (Jul 8, 2021):

I try to use nginx or other python proxy-protocol to handle the tcp connect from server to ssh client. But I only can send data to ssh port which will occur the error msg: client sent invalid protocol identifier. For nginx it will show client sent invalid protocol identifier "PROXY TCP4 127.0.0.1 127.0.0.1 59632 10001, for proxy-protocol, it will show client sent invalid protocol identifier "".

So how can I send tcp data to sshd? Can you show me some tips, I am going crazy.

<!-- gh-comment-id:876285438 --> @MikoyChinese commented on GitHub (Jul 8, 2021): I try to use nginx or other python proxy-protocol to handle the tcp connect from server to ssh client. But I only can send data to ssh port which will occur the error msg: `client sent invalid protocol identifier`. For nginx it will show `client sent invalid protocol identifier "PROXY TCP4 127.0.0.1 127.0.0.1 59632 10001`, for proxy-protocol, it will show `client sent invalid protocol identifier ""`. So how can I send tcp data to sshd? Can you show me some tips, I am going crazy.

gitea-mirror commented 2026-05-05 13:15:52 -06:00

Author

Owner

Copy link

@MikoyChinese commented on GitHub (Jul 12, 2021):

Hi, @fatedier

I have found the solution to obtain the real ip from frp by using Proxy Protocol and go-mmproxy. It's now working for linux and I have no other OS system to try.

Here are steps:

1. Frpc with proxy protocol:

In this step, you can add proxy_protocol_version to turn on Proxy Protocol, and prepare a local port which using in go-mmproxy, not your real forward port.
For example, I want to proxy my ssh 22 port with frp with proxy protocol, you need a other port such as 54000, so:

FRPC config:

[common]
server_addr = x.x.x.x
server_port = 12345
authentication_method = token
token = xxxxxx

[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 54000
remote_port = 30000
proxy_protocol_version = v2

2. Set up for go-mmproxy:

You can build it from go-mmproxy github main page or download the x86_64 binary which I build on my Ubuntu 20.04 with go version go1.16.5 linux/amd64 from the following url: go-mmproxy.zip, and move it to somepath where you want. For me, I move it to /usr/local/bin.

3. Start frp and mmproxy from systemd service:

You need to create two service file to start frp and go-mmproxy from systemd control service.

go-mmproxy.service: note: /usr/local/bin/go-mmproxy is the path of go-mmproxy, you can change it to yours, -4 127.0.0.1:22 is the ipv4 address and port you want to real forward, now it's ssh common port. -l 0.0.0.0:54000 is the frpc port.

[Unit]
Description=go-mmproxy
After=network.target

[Service]
Type=simple
LimitNOFILE=65535
ExecStartPost=/sbin/ip rule add from 127.0.0.1/8 iif lo table 123
ExecStartPost=/sbin/ip route add local 0.0.0.0/0 dev lo table 123
ExecStart=/usr/local/bin/go-mmproxy -4 127.0.0.1:22 -l 0.0.0.0:54000
ExecStopPost=/sbin/ip rule del from 127.0.0.1/8 iif lo table 123
ExecStopPost=/sbin/ip route del local 0.0.0.0/0 dev lo table 123
Restart=on-failure
RestartSec=10s

[Install]
WantedBy=multi-user.target

frpc.service

[Unit]
Description=Frp Server Daemon with go-mmproxy
Requires=go-mmproxy.service
After=syslog.target network.target go-mmproxy.service
Wants=network.target

[Service]
type=simple
ExecStart=/usr/local/bin/frp/frpc -c /usr/local/bin/frp/frpc.ini
ExecStop=/bin/kill $MAINPID
RestartSec=1min
KillMode=control-group
Restart=always

[Install]
WantedBy=multi-user.target

4. Start service:

# First enable start service when boot:
sudo systemctl enable frpc.service

# Now start frpc service
sudo service frpc start

Now try you own real ip frp proxy!

ssh -p 30000 xxx@x.x.x.x

# See the log:
cat /var/log/auth.log

<!-- gh-comment-id:878131408 --> @MikoyChinese commented on GitHub (Jul 12, 2021): Hi, @fatedier I have found the solution to obtain the real ip from frp by using Proxy Protocol and [go-mmproxy](https://github.com/path-network/go-mmproxy). It's now working for linux and I have no other OS system to try. Here are steps: #### 1. Frpc with proxy protocol: In this step, you can add `proxy_protocol_version` to turn on [Proxy Protocol](https://www.haproxy.com/blog/haproxy/proxy-protocol/), and prepare a local port which using in **go-mmproxy**, not your real forward port. For example, I want to proxy my ssh 22 port with frp with proxy protocol, you need a other port such as 54000, so: **FRPC config:** ``` [common] server_addr = x.x.x.x server_port = 12345 authentication_method = token token = xxxxxx [ssh] type = tcp local_ip = 127.0.0.1 local_port = 54000 remote_port = 30000 proxy_protocol_version = v2 ``` #### 2. Set up for go-mmproxy: You can build it from go-mmproxy github main page or download the x86_64 binary which I build on my Ubuntu 20.04 with go version go1.16.5 linux/amd64 from the following url: [go-mmproxy.zip](https://github.com/fatedier/frp/files/6799973/go-mmproxy.zip), and move it to somepath where you want. For me, I move it to _/usr/local/bin_. #### 3. Start frp and mmproxy from systemd service: You need to create two service file to start frp and go-mmproxy from systemd control service. **go-mmproxy.service:** note: `/usr/local/bin/go-mmproxy` is the path of go-mmproxy, you can change it to yours, `-4 127.0.0.1:22` is the ipv4 address and port you want to real forward, now it's ssh common port. `-l 0.0.0.0:54000` is the frpc port. ``` [Unit] Description=go-mmproxy After=network.target [Service] Type=simple LimitNOFILE=65535 ExecStartPost=/sbin/ip rule add from 127.0.0.1/8 iif lo table 123 ExecStartPost=/sbin/ip route add local 0.0.0.0/0 dev lo table 123 ExecStart=/usr/local/bin/go-mmproxy -4 127.0.0.1:22 -l 0.0.0.0:54000 ExecStopPost=/sbin/ip rule del from 127.0.0.1/8 iif lo table 123 ExecStopPost=/sbin/ip route del local 0.0.0.0/0 dev lo table 123 Restart=on-failure RestartSec=10s [Install] WantedBy=multi-user.target ``` **frpc.service** ``` [Unit] Description=Frp Server Daemon with go-mmproxy Requires=go-mmproxy.service After=syslog.target network.target go-mmproxy.service Wants=network.target [Service] type=simple ExecStart=/usr/local/bin/frp/frpc -c /usr/local/bin/frp/frpc.ini ExecStop=/bin/kill $MAINPID RestartSec=1min KillMode=control-group Restart=always [Install] WantedBy=multi-user.target ``` #### 4. Start service: ``` # First enable start service when boot: sudo systemctl enable frpc.service # Now start frpc service sudo service frpc start ``` #### Now try you own real ip frp proxy! ``` ssh -p 30000 xxx@x.x.x.x # See the log: cat /var/log/auth.log ```

gitea-mirror commented 2026-05-05 13:15:53 -06:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Aug 12, 2021):

Issues go stale after 30d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.

<!-- gh-comment-id:897256522 --> @github-actions[bot] commented on GitHub (Aug 12, 2021): Issues go stale after 30d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.

gitea-mirror commented 2026-05-05 13:15:53 -06:00

Author

Owner

Copy link

@whosphp commented on GitHub (Oct 15, 2021):

@MikoyChinese Thank you, it work for me.

<!-- gh-comment-id:943918583 --> @whosphp commented on GitHub (Oct 15, 2021): @MikoyChinese Thank you, it work for me.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

dev

new

master

copilot/review-pull-request-5198

v0.68.1

v0.68.0

v0.67.0

v0.66.0

v0.65.0

v0.64.0

v0.63.0

v0.62.1

v0.62.0

v0.61.2

v0.61.1

v0.61.0

v0.60.0

v0.59.0

v0.58.1

v0.58.0

v0.57.0

v0.56.0

v0.55.1

v0.55.0

v0.54.0

v0.53.2

v0.53.1

v0.53.0

v0.52.3

v0.52.2

v0.52.1

v0.52.0

v0.51.3

v0.51.2

v0.51.1

v0.51.0

v0.50.0

v0.49.0

v0.48.0

v0.47.0

v0.46.1

v0.46.0

v0.45.0

v0.44.0

v0.43.0

v0.42.0

v0.41.0

v0.40.0

v0.39.1

v0.39.0

v0.38.0

v0.37.1

v0.37.0

v0.36.2

v0.36.1

v0.36.0

v0.35.1

v0.35.0

v0.34.3

v0.34.2

v0.34.1

v0.34.0

v0.33.0

v0.32.1

v0.32.0

v0.31.2

v0.31.1

v0.31.0

v0.30.0

v0.29.1

v0.29.0

v0.28.2

v0.28.1

v0.28.0

v0.27.1

v0.27.0

v0.26.0

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.1

v0.24.0

v0.23.3

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.0

v0.19.1

v0.19.0

v0.18.0

v0.17.0

v0.16.1

v0.16.0

v0.15.1

v0.15.0

v0.14.1

v0.14.0

v0.13.0

v0.12.0

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.1

v0.8.0

v0.7.0

v0.6.0

v0.5.0

v0.3.0

v0.2.0

v0.1.0

Labels

Clear labels   

In Progress

  

WIP

  

WaitingForInfo

  

bug

  

doc

  

duplicate

  

easy

  

enhancement

  

future

  

help wanted

  

invalid

  

lifecycle/stale

  

need-issue-template

  

need-usage-help

  

no plan

  

proposal

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

todo

No labels

In Progress

WIP

WaitingForInfo

bug

doc

duplicate

easy

enhancement

future

help wanted

invalid

lifecycle/stale

need-issue-template

need-usage-help

no plan

proposal

pull-request

question

todo

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/frp#1960

No description provided.