kex_exchange_identification while connecting to local gitlab instance

Question

I've set up a local instance of gitlab with the following configuration:

version: "3"
services:
  gitlab:
    image: gitlab/gitlab-ce:latest
    container_name: gitlab
    hostname: 'gitlab.local.com'
    restart: always
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'http://gitlab.local.com:4005'
        gitlab_rails['gitlab_shell_ssh_port'] = 3005
    ports:
      - '4005:4005'
      - '3005:3005'
    volumes:
      - '/srv/gitlab/config:/etc/gitlab'
      - '/srv/gitlab/logs:/var/log/gitlab'
      - '/srv/gitlab/data:/var/opt/gitlab'

Then I've added SSH keys according to the gitlab documentation.

Finally when connecting to the instance via SSH or cloning a repo I get the following error:

ssh -Tvv git@gitlab.local.com -p 3005
OpenSSH_8.2p1 Ubuntu-4ubuntu0.2, OpenSSL 1.1.1f  31 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolving "gitlab.local.com" port 3005
debug2: ssh_connect_direct
debug1: Connecting to gitlab.local.com [0.0.0.0] port 3005.
debug1: Connection established.
debug1: identity file /home/rafael/.ssh/id_rsa type 0
debug1: identity file /home/rafael/.ssh/id_rsa-cert type -1
debug1: identity file /home/rafael/.ssh/id_dsa type -1
debug1: identity file /home/rafael/.ssh/id_dsa-cert type -1
debug1: identity file /home/rafael/.ssh/id_ecdsa type -1
debug1: identity file /home/rafael/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/rafael/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/rafael/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/rafael/.ssh/id_ed25519 type 3
debug1: identity file /home/rafael/.ssh/id_ed25519-cert type -1
debug1: identity file /home/rafael/.ssh/id_ed25519_sk type -1
debug1: identity file /home/rafael/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/rafael/.ssh/id_xmss type -1
debug1: identity file /home/rafael/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.2
kex_exchange_identification: Connection closed by remote host

I've disable ufw, I've reset the known_hosts, I've tried everything I can think of and found nothing on the internet that helped me.

Why is this error appearing? It's the only "server" I have problems acessing via ssh...

Answer 1

Check first the ssh daemon, in your GitLab Docker container, does listen to port 3005 (a custom port).

See for instance gitlab-org/omnibus-gitlab issue 1767:

I had to say that this issue gave me very hard time trying to figure things out.
It is really counter-intuitive that gitlab_rails['gitlab_shell_ssh_port'] = 30022 only works to change the URI displayed in the web page instead of also changing the port sshd serves in guest machine.
Besides subjective feelings above, there are also two facts in the way it currently works:

• There is no way to change the ssh port gitlab shell uses on the docker container.
• When using the docker's ip address to access the gitlab server, port would always have to be 22 instead of what is used in the URI.

I would argue that the way original document described is a better way how things should work around the issue.
gitlab_rails['gitlab_shell_ssh_port'] should also change the port gitlab-shell is served on guest side.

And:

You have to customize the port inside the file /assets/sshd_config by your Dockerfile.

That was mentioned here.

Since I see "Connection established.", it is possible, since those bug reports, that sshd_config is now correctly modified (automatically)

If that is the case, double-check what public key you have registered to your GitLab profile: it should be /home/rafael/.ssh/id_rsa.pub.