How can I use tsh to logon to the nodes?
I always get acces denied to user when connecting although the user is connected to the cluster with tsh login and the user is an valid user on the node.
I am probably doing something wrong but I can’t seem to figure out what?
For info … i can logon just fine with the web app…
root@stone:/etc# tsh login --proxy=192.168.1.3 --user=user --insecure -d
INFO [CLIENT] no host login given. defaulting to root client/api.go:784
ERRO [CLIENT] [KEY AGENT] Unable to connect to SSH agent on socket: “”. client/api.go:2105
DEBU [CLIENT] not using loopback pool for remote proxy addr: 192.168.1.3:3080 client/api.go:2070
DEBU [CLIENT] HTTPS client init(proxyAddr=192.168.1.3:3080, insecure=true) client/weblogin.go:252
WARNING: You are using insecure connection to SSH proxy https://192.168.1.3:3080
Enter password for Teleport user user:
Enter your OTP token:
xxxxx
DEBU [CLIENT] not using loopback pool for remote proxy addr: 192.168.1.3:3080 client/api.go:2070
DEBU [CLIENT] HTTPS client init(proxyAddr=192.168.1.3:3080, insecure=true) client/weblogin.go:252
WARNING: You are using insecure connection to SSH proxy https://192.168.1.3:3080
DEBU [KEYAGENT] Adding CA key for cluster01 client/keyagent.go:238
DEBU [KEYSTORE] Adding known host cluster01 with key: SHA256:LPd96/2hJ72Dzm+e8pKdtk+28ebUnzKirCOWaZtXyd8 client/keystore.go:355
INFO [CLIENT] Connecting proxy=192.168.1.3:3023 login=‘user’ method=0 client/api.go:1603
DEBU [KEYAGENT] Validated host 192.168.1.3:3023. client/keyagent.go:280
INFO [CLIENT] Successful auth with proxy 192.168.1.3:3023 client/api.go:1594
DEBU [KEYSTORE] Adding trusted cluster certificate authority “SERIALNUMBER=42343966368602010319466438670856638535,CN=cluster01,O=cluster01” to trusted pool. client/keystore.go:328
DEBU [KEYSTORE] Returning SSH certificate “/root/.tsh/keys/192.168.1.3/user-cert.pub” valid until “2020-05-30 00:49:18 +0200 CEST”, TLS certificate “/root/.tsh/keys/192.168.1.3/user-x509.pem” valid until “2020-05-29 22:49:18 +0000 UTC”. client/keystore.go:262
DEBU [CLIENT] Client is connecting to auth server on cluster “cluster01”. client/client.go:469
DEBU [KEYAGENT] Adding CA key for cluster01 client/keyagent.go:238
DEBU [KEYSTORE] Adding known host cluster01 with key: SHA256:LPd96/2hJ72Dzm+e8pKdtk+28ebUnzKirCOWaZtXyd8 client/keystore.go:355
WARN [CLIENT] Failed to remove symlink: remove /root/.tsh/profile: no such file or directory client/profile.go:155
DEBU [KEYSTORE] Returning SSH certificate “/root/.tsh/keys/192.168.1.3/user-cert.pub” valid until “2020-05-30 00:49:18 +0200 CEST”, TLS certificate “/root/.tsh/keys/192.168.1.3/user-x509.pem” valid until “2020-05-29 22:49:18 +0000 UTC”. client/keystore.go:262
Profile URL: https://192.168.1.3:3080
Logged in as: user
Cluster: cluster01
Roles: admin*
Traits: kubernetes_groups: []
logins: [user]
Logins: user
Valid until: 2020-05-30 00:49:18 +0200 CEST [valid for 12h0m0s]
Extensions: permit-agent-forwarding, permit-port-forwarding, permit-pty
- RBAC is only available in Teleport Enterprise
https://gravitational.com/teleport/docs/enterprise
root@stone:/etc# tsh status
Profile URL: https://192.168.1.3:3080
Logged in as: user
Cluster: cluster01
Roles: admin*
Logins: user
Valid until: 2020-05-30 00:49:18 +0200 CEST [valid for 12h0m0s]
Extensions: permit-agent-forwarding, permit-port-forwarding, permit-pty
- RBAC is only available in Teleport Enterprise
https://gravitational.com/teleport/docs/enterprise
root@stone:/etc# tsh ls
Node Name Address Labels
centap 192.168.1.35:3022 arch=x86_64, db_role=master
db_type=postgres, hostname=centap
centprx 192.168.1.3:3022 arch=x86_64, environment=test
hostname=centprx, role=proxy
type=vm
root@stone:/etc# tsh ssh user@192.168.1.3
error: access denied to user connecting to 192.168.1.3 on cluster cluster01
root@stone:/etc# tsh ssh user@192.168.1.3 --user=user
error: access denied to user connecting to 192.168.1.3 on cluster cluster01
root@stone:/etc# tsh ssh --proxy=192.168.1.3 --user=user user@192.168.1.3
error: access denied to user connecting to 192.168.1.3 on cluster cluster01
root@stone:/etc# tsh ssh user@192.168.1.3 --user=user