You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When UFW is used as firewall timeouts occur ( #106#69#77#29#17 ...) since the firewall's rate limiting kicks in if more than 6 connections within 30 seconds are established:
ufw supports connection rate limiting, which is useful for protecting against brute-force login attacks. When a limit rule is used, ufw will normally allow the connection but will deny connections if an IP address attempts to initiate 6 or more connections within 30 seconds.
Typical usage is: ufw limit ssh/tcp
-- https://manpages.ubuntu.com/manpages/noble/en/man8/ufw.8.html
There are several work-arounds:
downgrading to an older version such as appleboy/scp-action@v0.1.3
inceasing the timeout to 90 seconds or more
disabling the brute-force protection in the firewall via ufw ALLOW ssh/tcp - don't do this.
These workarounds address the timeout symptoms but fail to resolve the underlying issue. The core problem lies in the establishment of a new connection for every request. Instead, the initial SSH connection should be reused.
The text was updated successfully, but these errors were encountered:
I too hit this problem. Unfortunately ufw doesn't let us change the rate at which to limit (it is hardcoded with 6 connections / 30 seconds). As I don't want to disable it, I'll probably look for another action for scp :-/ anyway thank you for your work!:)
When UFW is used as firewall timeouts occur ( #106 #69 #77 #29 #17 ...) since the firewall's rate limiting kicks in if more than 6 connections within 30 seconds are established:
There are several work-arounds:
appleboy/scp-action@v0.1.3
timeout to 90 seconds
or moreufw ALLOW ssh/tcp
- don't do this.These workarounds address the timeout symptoms but fail to resolve the underlying issue. The core problem lies in the establishment of a new connection for every request. Instead, the initial SSH connection should be reused.
The text was updated successfully, but these errors were encountered: