SSH Tunnel Fails for New Self-Hosted Postgres Integration
Hi,
As per the subject, new integrations using a SSH tunnel fails for no reason.
Here is my setup.
1. We have a current postgres server that is seemingly working with stitch via an SSH tunnel.
2. Using a different account, targeting the same postgres server in a new integration with the exact same settings fails. So I know that the target postgres server config works but what I don't understand is why stitch fails. The logs aren't sufficient enough to tell me why.
3. The SSH connection drops before the client sends the pubkey for auth
My thoughts are that the SSH client on Stitch's side refuses to use the temp key file in the SSH connection (maybe insufficient permissions"?). Any help would be appreciated!
This is the stitch log:
2026-02-24 00:42:20,853Z main - INFO Running tap-hp-postgres version 1.3.21 and target-stitch-avro version 0.2.2 on architecture linux/arm64
2026-02-24 00:42:21,071Z main - INFO Creating ssh tunnel: ['ssh', '-nNT', '-oStrictHostKeyChecking=no', '-oUserKnownHostsFile=/dev/null', '-oPasswordAuthentication=no', '-oNumberOfPasswordPrompts=0', '-oServerAliveInterval=30', '-oExitOnForwardFailure=yes', '-oConnectTimeout=1', '-oConnectionAttempts=3', '-oPubkeyAcceptedKeyTypes=+ssh-rsa', '-p22', '-i/tmp/tmpuk14ddwm', '-L127.0.0.1:40497:LOCALENDPOINT:5432', 'SSHUSER@REMOTEENDPOINT']
2026-02-24 00:42:21,071Z main - INFO To reproduce: `ssh -nNT -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -oPasswordAuthentication=no -oNumberOfPasswordPrompts=0 -oServerAliveInterval=30 -oExitOnForwardFailure=yes -oConnectTimeout=1 -oConnectionAttempts=3 -oPubkeyAcceptedKeyTypes=+ssh-rsa -p22 -i/tmp/tmpuk14ddwm -L127.0.0.1:40497:localhost:5432 SSHUSER@REMOTEENDPOINT`
2026-02-24 00:42:22,071Z main - WARNING Unable to connect to tunnel: [Errno 111] Connection refused
2026-02-24 00:42:27,072Z main - WARNING Tunnel process died with code 255
2026-02-24 00:42:27,072Z main - CRITICAL Error opening SSH tunnel
2026-02-24 00:42:27,072Z main - INFO Closed tunnel and deleted temporary keyfile
2026-02-24 00:42:27,072Z main - INFO Exit status is: Discovery failed with code 1 and error message: "Error opening SSH tunnel".
And SSH server logs
Mar 09 02:34:28 sshd[#]: Connection from STITCHENDPOINT port 29524 on INTERNALENDPOINT port 22 rdomain ""
Mar 09 02:34:28 sshd[#]: debug1: Local version string SSH-2.0-#
Mar 09 02:34:28 sshd[#]: debug1: Remote protocol version 2.0, remote software version #
Mar 09 02:34:28 sshd[#]: debug1: match: # pat OpenSSH* compat 0x04000000
Mar 09 02:34:28 sshd[#]: debug1: permanently_set_uid: 109/65534 [preauth]
Mar 09 02:34:28 sshd[#]: debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
Mar 09 02:34:28 sshd[#]: debug1: SSH2_MSG_KEXINIT sent [preauth]
Mar 09 02:34:29 sshd[#]: debug1: SSH2_MSG_KEXINIT received [preauth]
Mar 09 02:34:29 sshd[#]: debug1: kex: algorithm: curve25519-sha256 [preauth]
Mar 09 02:34:29 sshd[#]: debug1: kex: host key algorithm: ssh-ed25519 [preauth]
Mar 09 02:34:29 sshd[#]: debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
Mar 09 02:34:29 sshd[#]: debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
Mar 09 02:34:29 sshd[#]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
Mar 09 02:34:29 sshd[#]: debug1: resetting send seqnr 3 [preauth]
Mar 09 02:34:29 sshd[#]: debug1: rekey out after 134217728 blocks [preauth]
Mar 09 02:34:29 sshd[#]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
Mar 09 02:34:29 sshd[#]: debug1: Sending SSH2_MSG_EXT_INFO [preauth]
Mar 09 02:34:29 sshd[#]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
Mar 09 02:34:29 sshd[#]: debug1: resetting read seqnr 3 [preauth]
Mar 09 02:34:29 sshd[#]: debug1: SSH2_MSG_NEWKEYS received [preauth]
Mar 09 02:34:29 sshd[#]: debug1: rekey in after 134217728 blocks [preauth]
Mar 09 02:34:29 sshd[#]: debug1: KEX done [preauth]
Mar 09 02:34:29 sshd[#]: debug1: userauth-request for user SSHUSER service ssh-connection method none [preauth]
Mar 09 02:34:29 sshd[#]: debug1: attempt 0 failures 0 [preauth]
Mar 09 02:34:29 sshd[#]: debug1: PAM: initializing for "SSHUSER"
Mar 09 02:34:29 sshd[#]: debug1: PAM: setting PAM_RHOST to "STITCHENDPOINT"
Mar 09 02:34:29 sshd[#]: debug1: PAM: setting PAM_TTY to "ssh"
Mar 09 02:34:30 sshd[#]: Connection closed by authenticating user SSHUSER STITCHENDPOINT port 29524 [preauth]
Engineering has identified the cause of the error you see when trying to setup SSH. If you write into chat or open a case we can implement the fix to your environment. Or, you can simply wait until the fix is rolled out globally for everyone.
Engineering has identified the cause of the error you see when trying to setup SSH. If you write into chat or open a case we can implement the fix to your environment. Or, you can simply wait until the fix is rolled out globally for everyone.
