Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

[BUG] recent versions establish too many connections and cause timeouts (when UFW is used) #172

Open
tobiasschuerg opened this issue Apr 3, 2024 · 3 comments

Comments

@tobiasschuerg
Copy link

tobiasschuerg commented Apr 3, 2024

When UFW is used as firewall timeouts occur ( #106 #69 #77 #29 #17 ...) since the firewall's rate limiting kicks in if more than 6 connections within 30 seconds are established:

ufw supports connection rate limiting, which is useful for protecting against brute-force login attacks. When a limit rule is used, ufw will normally allow the connection but will deny connections if an IP address attempts to initiate 6 or more connections within 30 seconds.
Typical usage is: ufw limit ssh/tcp
-- https://manpages.ubuntu.com/manpages/noble/en/man8/ufw.8.html

There are several work-arounds:

  • downgrading to an older version such as appleboy/scp-action@v0.1.3
  • inceasing the timeout to 90 seconds or more
  • disabling the brute-force protection in the firewall via ufw ALLOW ssh/tcp - don't do this.

These workarounds address the timeout symptoms but fail to resolve the underlying issue. The core problem lies in the establishment of a new connection for every request. Instead, the initial SSH connection should be reused.

@jawwadturabi
Copy link

Got same issue!

@itserror404
Copy link

same issues but that didnt help :( any other fixes pls?

@hydrandt
Copy link

hydrandt commented Oct 2, 2024

I too hit this problem. Unfortunately ufw doesn't let us change the rate at which to limit (it is hardcoded with 6 connections / 30 seconds). As I don't want to disable it, I'll probably look for another action for scp :-/ anyway thank you for your work!:)

# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants