kex_exchange_identification: Connection closed by remote host

[jbtx]

We have deployed atmoz/sftp:latest in an public facing Azure Container App environment and observe this error message continuously in the console logs:

kex_exchange_identification: Connection closed by remote host
Connection closed by 127.0.0.1 port XXXXX

Port numbers range from approx. 30000 - 55000. Monitoring network traffic shows no corresponding rate of connection attempts. Blocking all traffic in the Ingress does not eliminate the message. We do not observe these messages when running the container on a local docker environment.

Is this a known issue? Is there a configuration change we can make to fix the issue?

[jbtx]

It appears this is caused by container health probes, the default is to TCP probe the configured port on the server (22 in this case). We configured custom container health probes to another open port and the noted log messages are gone.

https://learn.microsoft.com/en-us/azure/container-apps/health-probes?tabs=arm-template

[michalb-goflink]

I have the same issue with latest alpine docker image, run on local machine.

I downgraded to alpine:3.7 tag, as this is just for development, and it works.

Logs diff alpine -> alpine:3.7:

[entrypoint] Executing sshd
+Server listening on 0.0.0.0 port 22.
+Server listening on :: port 22.

Running top also indicates no sshd running on alpine

[LDprg]

I have the same issue. Seems like an new OpenSSH version broke something with the key exchange.