Hi team,
I am trying to setup an SSH tunnel back into our infrastructure from CircleCI. I am using a third-party orb to achieve this. (lansweeper/ssh@0.0.3) More details here: CircleCI Developer Hub - lansweeper/ssh.
I have enabled the CircleCi IpRanges feature in my job and whitelisted the Ip’s from our bastion host. I have been facing issues starting the ssh tunnel. I get the following errors
bind [::1]:6573: Cannot assign requested address
CircleCI received exit code 0
Even though port 6573 is a non-standard port. I have been using non-privileged/non-standard ports (>= 1024) in my config but same issue persists.
I have been facing these issues for quite a time now and need your help.
1 Like
I was able to make it work by pointing to IPV4 Address. It was by default trying to BIND on IPV6 Address. You can enable IPV4 with 2 ways on ssh tunnel command.
First way
ssh -N -f -4 -L LOCAL_PORT:TARGET_HOST:TARGET_PORT SSH_USER@SSH_HOST -p SSH_PORT -i SSH_KEY_FILE
Second way
Use SSH option, AddressFamily=inet
Sample Job configuration
sshTunnel:
# circleci_ip_ranges feature is available for users on Performance/Scale plans only
circleci_ip_ranges: true
docker:
- image: 'cimg/base:2022.03'
steps:
- checkout
- ssh/tunnel:
local_port: $LOCAL_PORT
target_host: $TARGET_HOST
target_port: $TARGET_PORT
bastion_user: $BASTION_SSH_USER
bastion_host: $BASTION_SSH_HOST
options: 'ConnectTimeout=10,Port=9922,StrictHostKeyChecking=no,AddressFamily=inet'
- run: 'curl localhost:6573'
1 Like