How to use tsh on Windows 7?

Hi guys,
i have download and put it on c:\Windows ,run tsh login --proxy=xxx in cmd, login in browser window successful.
tsh ls works fine but when i try to login to node tsh ssh --proxy=xxx root@$hostname , it shows “sessions not supported on windows”
i have follow to set something , but nothing work
am i miss something?

You will need to run an SSH agent on your WIndows machine, then use tsh login to log into a Teleport cluster. This will generate a certificate which will be loaded into the SSH agent - you can validate that this has happened by running ssh-add -l.

Once you have the certificate in your SSH agent you can then use an SSH client as normal.

Hi gus:
thanks for your reply, but its still not working :confused:
Q1: i got another pc running in windows 10 with openssh-client(beta)
still,tsh login work fine,but when i run ssh-add -l cmd output The agent has no identities,
Q2: if i want use xshell to login node,how to config that? more detail plz

  1. One other thing you may need is to make sure that the SSH_AUTH_SOCK environment variable for the ssh-agent is set correctly - try running echo %SSH_AUTH_SOCK% before you tsh login to make sure it isn’t blank.

  2. I’m afraid I’m not familiar with xshell. If you have a Windows 10 machine then I’d consider using WSL/Windows Subsystem for Linux ( as then you could run the Linux version of tsh natively which would make things much easier.

emmm ,does it mean %SSH_AUTH_SOCK% was blank?
WSL was a good idea ,but its hard to persuade dev switch OS to win10 :no_mouth:
so i have to find some way make tsh workfine :joy:

If you’re using Powershell then I think you need to use echo $Env:SSH_AUTH_SOCK but if not then yes, that means the value was blank.

How are you launching ssh-agent?

i have try , $Env:SSH_AUTH_SOCK run in powershell and %SSH_AUTH_SOCK% run in cmd, have got same result: blank ,nothing output . in fact ,i don’t know how to launch ssh-agent in windows , eval ssh-agent doesn’t work in windows
i think problem is how to configure openssh login with teleport cerificate
i have follow and make a test in MacOS ,when i run ssh root@key it’s show
ssh_exchange_identification: Connection closed by remote host
here is my ~/.ssh/config

Here is my ~/.ssh/config for a similar setup:

Host gustest-main-auth-0
    Port 3022
    ProxyCommand ssh -p 3023 -s proxy:%h:%p

When I provide a key from a similar path to log in using ssh it works fine:

$ ssh -i ~/.tsh/keys/ root@gustest-main-auth-0

Can you try explicitly providing the correct key to the ssh command on the command line? If it still doesn’t work, can you run the same command with ssh -v and post the logs here?

hi gus,here is my ssh log

Infinite:~ mike$ ssh -i ~/.tsh/keys/ scops@key
subsystem request failed on channel 0
ssh_exchange_identification: Connection closed by remote host
Infinite:~ mike$ ssh -vvv -i ~/.tsh/keys/ scops@key
OpenSSH_7.6p1, LibreSSL 2.6.2
debug1: Reading configuration data /Users/mike/.ssh/config
debug1: /Users/mike/.ssh/config line 38: Applying options for key
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug1: Executing proxy command: exec ssh -p 3023 -s proxy:key:3022
debug1: identity file /Users/mike/.tsh/keys/ type 0
debug1: identity file /Users/mike/.tsh/keys/ type 4
debug1: Local version string SSH-2.0-OpenSSH_7.6
debug1: permanently_drop_suid: 501
subsystem request failed on channel 0
ssh_exchange_identification: Connection closed by remote host

  1. That SSH log you posted looks to be from a Mac, not a Windows machine - how are you connecting?

  2. What appears in the Teleport logs on when you’re trying to connect? You may need to change the Teleport server to running with the --debug flag to get sufficient information.

1:yep ,that log from Mac, because i want try use SSH client login node with teleport cerificate
2:--debug flag in auth or proxy ? we deploy auth and proxy in different host

@dadayoo As per this issue ( you could try using -A as a parameter to ssh to make sure that the agent is forwarded.

We would need logs from both the auth and proxy servers showing an unsuccessful connection to help further.

There is a guide on how to use tsh and ssh on Windows here: How to connect to Teleport hosts using Windows