Is it possible to deploy a ssh server and log in with the container

Hello :slight_smile:
Is it possible to deploy a ssh server and ssh into it? I deploy the server but cant ssh into it,I can check the port is tcp/ssh by using nc,but when i ssh it failed on key exchange

kex_exchange_identification: Connection closed by remote host
Connection closed by port 22

then i tried to flyctl ssh console and run a ssh reverse tunnel to my server,but still i can’t log into the app from my server using reverse tunnel,it’s said the same error :frowning:
Just curious about the situation,did fly proxy filter ssh flux for some secure issue,thanks for your time~
Best regard


Port 22 is used by the SSH daemon (the one used when you fly ssh console for example). If you want to install sshd proper, you need to configure it to use a different port. If you intend this to be accessible from the outside, you also need a [service] section mapping the port you use to an external port, using raw tcp (no http/tls handlers). There’s more info on service configuration here: Fly Launch configuration (fly.toml) · Fly Docs


1 Like

Two answers: you don’t have to, and you can if you want to (just not on port 22).

Fly already has an ssh server that you can use to ssh into your machine: fly ssh console.

If you want to deploy ssh for yourself, just make sure that it isn’t on port 22, and that you don’t have a shared ipv4 address.

Here’s how I have configured ssh in my app:

1 Like

Hey guys,thanks for your help,it helped a lot,but can’t get it working,now i configure the sshd properly run,i run sshd use customed configfile,as you can see below

Connecting to fdaa:3:xxx.. complete
9080x8:/# ps -exxf| grep ssh
  305 root      0:00 sshd: /usr/sbin/sshd -D -f /etc/ssh/sshd_config.alpine [listener] 0 of 10-100 startups
  313 root      0:00 grep ssh
9080x8:/# netstat -nlp | grep ssh
tcp        0      0 *               LISTEN      305/sshd_config.alp
tcp        0      0 :::10022                :::*                    LISTEN      305/sshd_config.alp

ssh is running on 10022 which is configured in sshd_config.alpine,that is what i expected,and i also config the port in fly.toml like this

  protocol = "tcp"
  internal_port = 10022

    port = 10022

after all this done,I still got the same error

######################i got this $IPv4 in$app dashboard,a shared ipv4
[root@cn2-64 ~]# ssh root@$IPv4-p 10022
kex_exchange_identification: Connection closed by remote host
Connection closed by port 10022

then i managed to ssh into the vm use flyctl,i tried to ssh root@ -p 10022,and it is ok,so i think the sshd is configured ok

908x6xxxx58:/# ssh root@ -p 10022
The authenticity of host '[]:10022 ([]:10022)' can't be established.
ED25519 key fingerprint is SHA256:CJ1xWThvyC4AnCa6jxe32S5PPhfhCnMDux4qVbRjcaU.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[]:10022' (ED25519) to the list of known hosts.
root@'s password:
Welcome to Alpine!

The Alpine Wiki contains a large amount of how-to guides and general
information about administrating Alpine systems.
See <>.

You can setup the system with the command: setup-alpine

You may change this message by editing /etc/motd.


Hi,guys i finally figured it out, free plan can’t serve the tcp service,use fly ips allocate-v4 to create a individual ipv4 address will work,this will cost 2$/mo
thanks for your guys @rubys @roadmr
some refference:
TCP and UDP service ports don't work
Running Apps On UDP and TCP · Fly Docs

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.