No connections accepted when config is present

Question

No connections accepted when config is present

efstajas opened this issue 6 months ago · 5 comments

Thanks for this great project — seeing all these strange commands people try to enter is amazing.

I installed via Docker, and am now trying to remove the default header identifying the honeypot and make some further config tweaks now. However, as soon as I mount seemingly any yaml into the docker container to /config.yaml, strangely after starting the image, no connections are accepted on port 2022. The logs look totally fine, and the last entry is always "listening on ... :2022". When I remove the config.yaml mount and restart the container, it immediately starts working. Same log output, but connections accepted. I've triple checked that I'm not accidentally changing anything about the container network. Same thing happens whether I mount either of the two example configs from the readme.

Probably just messed something up, but not really sure what's going on.

Answer 1 · 2024-06-15T12:51:40.000Z

My guess is you either aren't setting the server.listen_address config option (the default is 127.0.0.1:2022), or you are setting it to a local address. For Docker port forwarding to work, the app needs to listen on 0.0.0.0 (well, technically it needs to listen on the network interface docker provides, 0.0.0.0 is just a simple way to achieve this).

Can you try with the following config file?

server:
  listen_address: 0.0.0.0:2022

Answer 2 · 2024-06-16T01:27:09.000Z

My guess is you either aren't setting the server.listen_address config option (the default is 127.0.0.1:2022), or you are setting it to a local address. For Docker port forwarding to work, the app needs to listen on 0.0.0.0 (well, technically it needs to listen on the network interface docker provides, 0.0.0.0 is just a simple way to achieve this).

Can you try with the following config file?
server:
  listen_address: 0.0.0.0:2022

instead of doing that, you can add a network_mode: host and removing the 127.0.0.1 on the docker compose file, so it can be exposed on the host's network.

Answer 3 · 2024-06-16T01:32:39.000Z

Same thing on the CLI too :

Answer 4 · 2024-06-16T09:32:38.000Z

you either aren't setting the server.listen_address config option (the default is 127.0.0.1:2022), or you are setting it to a local address

Thank you! This was indeed the problem.

Just a suggestion; might be a good idea to add a comment about this in the default configurations linked from the README, given (I assume) Docker is a popular installation method, and it seemingly defaults to 0.0.0.0 if no config file is present, but 127.0.0.1 if it is... (?). At least that's the only way I can explain that it worked without a config file at all, but didn't when I used the minimal example, which doesn't include listen_address.

Cheers ✌️

Answer 5 · 2024-06-16T23:16:28.000Z

Just a suggestion; might be a good idea to add a comment about this in the default configurations linked from the README, given (I assume) Docker is a popular installation method, and it seemingly defaults to 0.0.0.0 if no config file is present, but 127.0.0.1 if it is... (?). At least that's the only way I can explain that it worked without a config file at all, but didn't when I used the minimal example, which doesn't include listen_address.

Added a note in the README. BTW, the reason it works without a custom config is that the default listen_address is replaced when building the container: https://github.com/jaksi/sshesame/blob/master/Dockerfile#L5