Access + Argo Tunnel for ssh

Hi there,

We’ve set up a git server behind CF Access and Argo tunnel. Everything sort of works pretty well, but every once in while we see this error:

$ git push
kex_exchange_identification: banner line contains invalid characters
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

If I wait a second and try again, it works:

$ git push
Enumerating objects: 17, done.
Counting objects: 100% (17/17), done.
Delta compression using up to 12 threads
Compressing objects: 100% (6/6), done.
Writing objects: 100% (9/9), 615 bytes | 615.00 KiB/s, done.
Total 9 (delta 4), reused 0 (delta 0)
To ssh://git-ssh....
54c4e9e..7516b7e master -> master

There’s not much visibility on where in the chain the ssh handshake fails.

Just wondering if anyone else has seen this and if there’s a fix?


I believe it happens a lot (if it’s exactly the same thing that happens to me when logging in normally with SSH), it’s a known bug and last time I spoke to @SamRhea about it He said it may be some race conditions on some keys.

I have a ticket about it on hold, opened a few months back… they mentioned it was being addressed in Q1/Q2, but with COVID-19 and things it may have been pushed…

Thanks for the tag. We’re still trying to find the right solution to prevent that race; hopefully will have an answer soon.


@SamRhea, I don’t suppose you guys have made progress on this?

1 Like

Hey @Omar - could you give it a try now? We’ve added a handful of improvements in the latest cloudflared that should help reduce this case.

Hey @SamRhea, I’m not sure if this issue is on the cloudflared client or cloudflared server side, but upgrading both to cloudflared version 2020.8.2 (built 2020-08-20-1657 UTC) results in no change to how often we see this.