vrr/Pulse
2
0
Fork 0
mirror of https://github.com/rcourtman/Pulse.git synced 2026-04-28 03:20:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fix container SSH detection and improve troubleshooting for issue #617

Browse source 
Related to #617

This fixes a misconfiguration scenario where Docker containers could
attempt direct SSH connections (producing [preauth] log spam) instead
of using the sensor proxy.

Changes:
- Fix container detection to check PULSE_DOCKER=true in addition to
  system.InContainer() heuristics (both temperature.go and config_handlers.go)
- Upgrade temperature collection log from Error to Warn with actionable
  guidance about mounting the proxy socket
- Add Info log when dev mode override is active so operators understand
  the security posture
- Add troubleshooting section to docs for SSH [preauth] logs from containers

The container detection was inconsistent - monitor.go checked both flags
but temperature.go and config_handlers.go only checked InContainer().
Now all locations consistently check PULSE_DOCKER || InContainer().
This commit is contained in:
rcourtman 2025-11-06 09:57:53 +00:00
parent 12dc8693c4
commit dfe960deb4
3 changed files with 38 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

22
docs/TEMPERATURE_MONITORING.md
View file

@ -359,6 +359,28 @@ You should see JSON output with temperature data.
## Troubleshooting
### SSH Connection Attempts from Container ([preauth] Logs)
**Symptom:** Proxmox host logs (`/var/log/auth.log`) show repeated SSH connection attempts from your Pulse container:
```
Connection closed by authenticating user root <container-ip> port <port> [preauth]
```
**This indicates a misconfiguration.** Containerized Pulse should communicate via the sensor proxy, not direct SSH.
**Common causes:**
- Dev mode enabled (`PULSE_DEV_ALLOW_CONTAINER_SSH=true` environment variable)
- Sensor proxy not installed or socket not accessible
- Legacy SSH keys from pre-v4.24.0 installations
**Fix:**
- **Docker:** Follow [Quick Start for Docker Deployments](#quick-start-for-docker-deployments) to install the proxy and add the bind mount
- **LXC:** Run the setup script on your Proxmox host (see [Setup (Automatic)](#setup-automatic))
- **Dev mode:** Remove `PULSE_DEV_ALLOW_CONTAINER_SSH=true` from your environment/docker-compose
- **Verify:** Check Pulse logs for `Temperature proxy detected - using secure host-side bridge`
Once the proxy is properly configured, these log entries will stop immediately. See [Container Security Considerations](#container-security-considerations) for why direct container SSH is blocked.
### No Temperature Data Shown
**Check SSH access**: