Gitlab shared runner can't access port 22 on host

I am attempting to set up a basic gitlab pipeline.

I have a gitlab hosted repo, and a digital ocean droplet. I have set up a user on the droplet for the pipeline to use, and have generated an ssh key pair and added these details to gitlab, as a variable, for the private key, and as a deploy key for the public key. I can successfully pull the repo from the home directory of the pipeline user, as the pipeline user, and I can also successfully authenticate as the pipeline user via ssh to the droplet using the pipeline user’s private keys.

However, on attempting to connect to the droplet as part of a gitlab pipeline, I get connection refused. This refused connection isn’t logged in var/log/auth.log on the droplet. I added an nmap stage to the .gitlab-ci.yml file, and, despite the fact port 22 of the droplet is open for my client machine, and 3rd party nmap services, the nmap command on the gitlab container running on the shared runner host reports that port 22 is closed on my droplet, which is incorrect.

Has anyone else seen similar behaviour? Can anyone suggest any steps to debug?

I am able to SSH from jobs running on shared runners just fine. My guess would be some kind of issue in your pipeline configuration, could you share a sanitized version of it? Also a job output would be helpfull.

I’ve tracked down the issue now, and it was with ufw blocking the gitlab shared runner IPs for too many ssh attempts. I’ve turned off the rate limit for now and I can now connect, but I don’t want to leave it that way so I’ll have to keep investigating.