From 261c5d2be81f1d0ed275dab126e421f7ef66b0a7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20B=C3=B6hme?= Date: Mon, 1 Sep 2025 12:43:40 +0200 Subject: [PATCH] fix: network checking triggering fail2ban --- pkgs/clan-cli/clan_lib/network/check.py | 37 ++++++++----------------- 1 file changed, 12 insertions(+), 25 deletions(-) diff --git a/pkgs/clan-cli/clan_lib/network/check.py b/pkgs/clan-cli/clan_lib/network/check.py index a2d4d7089..7cb632148 100644 --- a/pkgs/clan-cli/clan_lib/network/check.py +++ b/pkgs/clan-cli/clan_lib/network/check.py @@ -87,49 +87,36 @@ def check_machine_ssh_reachable( f"Checking SSH reachability for {remote.target} on port {remote.port or 22}", ) - # Use ssh with ProxyCommand to check through SOCKS5 cmd = [ - "ssh", + "nc", ] - # If using SOCKS5 proxy, add ProxyCommand + # If using SOCKS5 proxy, add -x if remote.socks_port: cmd.extend( [ - "-o", - f"ProxyCommand=nc -X 5 -x localhost:{remote.socks_port} %h %p", + "-X", + "5", + "-x", + f"localhost:{remote.socks_port}", ], ) cmd.extend( [ - "-o", - "BatchMode=yes", - "-o", - "StrictHostKeyChecking=no", - "-o", - "UserKnownHostsFile=/dev/null", - "-o", - f"ConnectTimeout={opts.timeout}", - "-o", - "PreferredAuthentications=none", - "-p", + "-z", + "-w", + str(opts.timeout), + str(remote.address.strip()), str(remote.port or 22), - f"dummy@{remote.address.strip()}", - "true", ], ) try: res = run(cmd, options=RunOpts(timeout=opts.timeout, check=False)) - # SSH will fail with authentication error if server is reachable - # Check for SSH-related errors in stderr - if ( - "Permission denied" in res.stderr - or "No supported authentication" in res.stderr - ): - return # Server is reachable, auth failed as expected + if "succeeded" in res.stderr: + return msg = "Connection failed: SSH server not reachable" raise ClanError(msg)