Adding a node to RKE1 cluster fails due to SSH tunneling issues.

Article Number: 000021826

Environment

Rancher version: 2.9.x

Situation

Attempts to add a node to the existing RKE1 cluster are failing due to a restriction on SSH tunneling. Specifically, the AllowTcpForwarding directive is likely disabled on the node, preventing the necessary port forwarding for successful node registration.

Cause

When attempting to add a node to your RKE1 cluster using the rke up command, a failure in establishing the necessary SSH tunnel will prevent the node from being added. This scenario is often indicated by the following error messages in the output:

Error Messages Indicating SSH Tunneling Failure:

time="2025-04-10T11:34:52+05:30" level=warning msg="Failed to set up SSH tunneling for host [10.232.xxx.xxx]: Can't retrieve Docker Info: error during connect: Get \"http://%2Fvar%2Frun%2Fdocker.sock/v1.24/info\": Unable to access the s
Unable to access the service on /var/run/docker.sock. The service might be still starting up. Error: ssh: rejected: connect failed (open failed)"
time="2025-04-10T11:34:52+05:30" level=warning msg="Removing host [10.232.xxx.xxx] from node lists"
time="2025-04-10T11:36:46+05:30" level=fatal msg="cannot proceed with upgrade of controlplane since 1 host(s) cannot be reached prior to upgrade”

Resolution

To permit TCP forwarding and enable the creation of SSH tunnels, it is necessary to modify the SSH daemon configuration file located at /etc/ssh/sshd_config . Within this file, locate the AllowTcpForwarding parameter and set its value to yes.