Duplicati in docker, having problems to have SFTP connection through ssh opened Remote port forwarding

matsala · March 26, 2024, 11:05pm

Hi,

I have a server “S” with duplicati with a reachable SSH connection, with data I want to save to an other machine “M” that has no possible direct connection to.

I initiate a first ssh connection from “M” to “S” with Remote port forwarding
On machine “M” : ssh -R 2222:127.0.0.1:22 “user”@“server”

Through this connection I want to start a duplicati backup.
This backup using SSH/SFTP connection to “M”

But I do not manage to …
No connection when I use the “connection test” on 192.168.0.202 port 2222

“S” local ip “192.168.0.202”
“S” docker ip “172.19.0.2/16”

What I tried :

on “S”, I manage to : ssh -p 2222 user@127.0.0.1 but not 192.168.0.202 ?
on “S”, in duplicati connection OK on 192.168.0.202 port 22
on “S”, in duplicati connection NotOK on 192.168.0.202 port 2222
disabling all iptables with “iptables -F” => no change

Would you have an idea to make it work ?
Other information :

I use compose file :

---
services:
  duplicati:
    image: lscr.io/linuxserver/duplicati:latest
    container_name: duplicati
    user: root
    environment:
      - PUID=0
      - PGID=0
      - TZ=Etc/UTC
#      - CLI_ARGS= #optional
    volumes:
      - XXXXX/config:/config
    ports:
      - 8200:8200
    restart: unless-stopped

The network used with the container is “compose_yml_default”
docker network inspect compose_yml_default

[
    {
        "Name": "compose_yml_default",
        "Id": "b8948c6b7c8e1a664a4ef01d252be0af13bff2f9b26adb729d9ebf009a43075d",
        "Created": "2024-03-26T15:22:30.584406947+01:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.19.0.0/16",
                    "Gateway": "172.19.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "e1b774e5fb8fea8fb64bff6a09118c4dd7de9ab576b20e2a0d6690a6a6f590fc": {
                "Name": "duplicati",
                "EndpointID": "20117f4c654ab3e709b4e6311fdd30b7746b63a3f11975e93259ba4ed60ac0a9",
                "MacAddress": "02:42:ac:13:00:02",
                "IPv4Address": "172.19.0.2/16",
                "IPv6Address": ""
            }
        },
        "Options": {},
        "Labels": {
            "com.docker.compose.network": "default",
            "com.docker.compose.project": "compose_yml",
            "com.docker.compose.version": "2.25.0"
        }
    }
]

matsala · March 27, 2024, 12:36am

I have find the reason …

It was listening with the bind address 127.0.0.1 compared to normal ssh * :
sudo lsof -nP | grep LISTEN | grep :22 | grep IPv4

sshd       97097                              root    3u     IPv4             396067       0t0        TCP *:22 (LISTEN)
sshd      100754                            salmat    7u     IPv4             412917       0t0        TCP 127.0.0.1:2222 (LISTEN)

It is set in the ssh remote port forwarding :
ssh -R *:2222:127.0.0.1:22 “user”@“server”

sudo lsof -nP | grep LISTEN | grep :22 | grep IPv4

sshd       97097                              root    3u     IPv4             396067       0t0        TCP *:22 (LISTEN)
sshd      100754                            salmat    7u     IPv4             412917       0t0        TCP *:2222 (LISTEN)

So it is not ignored I also had to add “GatewayPorts clientspecified” to sshd_config