Adding a node to RKE1 cluster fails due to SSH tunneling issues.

This document (000021826) is provided subject to the disclaimer at the end of this document.

Environment

Rancher version: 2.9.x

Situation

Attempts to add a node to the existing RKE1 cluster are failing due to a restriction on SSH tunneling. Specifically, the AllowTcpForwarding directive is likely disabled on the node, preventing the necessary port forwarding for successful node registration.

Resolution

To permit TCP forwarding and enable the creation of SSH tunnels, it is necessary to modify the SSH daemon configuration file located at /etc/ssh/sshd_config. Within this file, locate the AllowTcpForwarding parameter and set its value to yes.

Cause

When attempting to add a node to your RKE1 cluster using the rke up command, a failure in establishing the necessary SSH tunnel will prevent the node from being added. This scenario is often indicated by the following error messages in the output:

Error Messages Indicating SSH Tunneling Failure:

time="2025-04-10T11:34:52+05:30" level=warning msg="Failed to set up SSH tunneling for host [10.232.xxx.xxx]: Can't retrieve Docker Info: error during connect: Get \"http://%2Fvar%2Frun%2Fdocker.sock/v1.24/info\": Unable to access the s
Unable to access the service on /var/run/docker.sock. The service might be still starting up. Error: ssh: rejected: connect failed (open failed)"
time="2025-04-10T11:34:52+05:30" level=warning msg="Removing host [10.232.xxx.xxx] from node lists"
time="2025-04-10T11:36:46+05:30" level=fatal msg="cannot proceed with upgrade of controlplane since 1 host(s) cannot be reached prior to upgrade”

Status

Top Issue

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.