Cannot SSH into GitLab with VPN

I can’t establish a connection between my machine with a VPN and a private GitLab instance. I’ve setup the SSH key with:

ssh-keygen -t ed25519 -C "some comment"

And then copied the public key into a new SSH key in my GitLab settings.

When I try to establish a connection I see the below logs:

$ ssh -Tvvv git@<my_private_gitlab_host>
OpenSSH_9.6p1 Ubuntu-3ubuntu13.5, OpenSSL 3.0.13 30 Jan 2024
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/me/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/me/.ssh/known_hosts2'
debug2: resolving "<my_private_gitlab_host>" port 22
debug3: resolve_host: lookup <my_private_gitlab_host>:22
debug3: channel_clear_timeouts: clearing
debug3: ssh_connect_direct: entering
debug1: Connecting to <my_private_gitlab_host> [<ip address>] port 22.
debug3: set_sock_tos: set socket 3 IP_TOS 0x10

I’ve also tried to just telnet, results:

$ telnet <my_private_gitlab_host> 22
Trying <ip address>...
Connection failed: Connection timed out

I’m on Windows 11, WSL2 Ubuntu (though it also doesn’t work when trying to connect from outside the WSL VM)

Any ideas are welcome

It seems like you’re facing connectivity issues while trying to establish an SSH connection to your private GitLab instance, even though you’ve set up your SSH keys properly. Let’s go through a few potential issues and troubleshooting steps to identify the root cause.

1. VPN Configuration Issues:

Since you’re connecting via a VPN, ensure that:

  • The VPN is properly connected and routes traffic correctly to your private GitLab instance.
  • Ensure that the VPN is not blocking SSH (port 22). Some VPN configurations restrict certain types of traffic, including SSH, for security reasons. Check your VPN settings to ensure that it allows SSH traffic.

Action:

  • Test the VPN by pinging other internal resources to ensure the network route is correctly set up.
  • If possible, try connecting from another machine or network without the VPN to confirm if the issue is related to the VPN.

2. Firewall or Network Restrictions:

  • The connection might be blocked by a firewall or the GitLab server could be blocking connections on port 22.
  • If you can telnet to the GitLab server’s IP on port 22 but still get a timeout, it suggests that there may be network-level restrictions in place, possibly at the server side (firewall blocking incoming SSH traffic).

Action:

  • Check if the GitLab server firewall allows inbound connections on port 22.
  • Ensure that there are no network ACLs or firewall rules that could be blocking SSH connections.
  • You might want to try accessing other services (like HTTP/HTTPS) on the GitLab server to confirm general connectivity.

3. Test SSH Locally (on WSL):

Try the following on your WSL2 Ubuntu machine:

  • Ensure SSH is correctly configured:
ssh -vT git@<my_private_gitlab_host>
  • Double-check the SSH key that’s being used. Sometimes, SSH might be using a different key than the one you expect. Use -i to specify the SSH key explicitly:
ssh -vT -i ~/.ssh/id_ed25519 git@<my_private_gitlab_host>

4. Check GitLab SSH Configuration:

Ensure that the GitLab server has the correct SSH settings and the server is configured to accept SSH connections on port 22. You can try testing the SSH connection to GitLab’s server with GitLab’s public SSH server (e.g., git@gitlab.com) to check if your SSH setup works in general:

ssh -T git@gitlab.com

If this works, it would indicate that the problem is isolated to your private GitLab server.

5. Check for Any SSH Key Issues:

  • Confirm that your SSH key is added to your GitLab account (under SSH Keys in GitLab settings).
  • Ensure that the key you generated on your local machine matches the one you’ve uploaded to GitLab. You can check the contents of your public key (~/.ssh/id_ed25519.pub) and compare it to the key in your GitLab account.

6. Check SSH Agent:

Ensure that your SSH agent is correctly running and that your SSH key is added to the agent. On WSL, you can check if the key is loaded by running:

ssh-add -l

If no key is listed, add your key using:

ssh-add ~/.ssh/id_ed25519

7. Network Diagnostic with Telnet or Curl:

If SSH itself is failing, try using curl or telnet to check if you can reach the GitLab server on port 22:

curl -v telnet://<my_private_gitlab_host>:22

If this connection also fails, then it’s likely a network-related issue rather than a GitLab SSH setup issue.

8. WSL Network Configuration:

WSL2 operates in a virtualized environment with its own networking setup, and sometimes there are conflicts or misconfigurations. Ensure that:

  • Your WSL2 instance is properly bridged to your network and not being blocked by Windows firewall.
  • Try restarting the WSL2 instance or resetting network settings in WSL2 if you’re not able to connect from there.

9. SSH Configuration in GitLab:

Ensure that GitLab is set to accept connections via the SSH protocol:

  • GitLab server must have the SSH service running.
  • The server’s /etc/ssh/sshd_config file should have PermitRootLogin yes or a similar setting for SSH logins.

10. GitLab SSH Port:

Some GitLab instances may be configured to use a different SSH port instead of the default port 22. Verify this setting with the GitLab administrator.

If it’s using a non-default port, you can specify it in the SSH command:

ssh -T -p <port_number> git@<my_private_gitlab_host>

11. Test from a Different Machine:

If you have access to another machine (e.g., not on VPN or outside the WSL2 environment), try connecting to GitLab from there. This will help determine if the issue is with your local setup or the GitLab instance.


Summary of Key Actions:

  1. Verify your VPN and firewall settings.
  2. Confirm SSH connection works from other machines or outside VPN.
  3. Test SSH configuration by specifying the key explicitly with -i.
  4. Test the connection to GitLab’s public server (git@gitlab.com) for comparison.
  5. Double-check your SSH key configuration on GitLab.

By following these steps, you should be able to pinpoint where the issue lies. Let me know if you need more specific help on any of these steps!