Ported from github issue https://github.com/gravitational/teleport/issues/2596
Hello,
What happened:
Login using tsh login --proxy=xxx --format=openssh
What you expected to happen:
As explain on the admin documentation / user documentation i was expecting to see more keys on my ssh-agent using ssh-add -l.
Then using the configuration show on the user documentation in order to use teleport with a good OpenSSH configuration to reach my nodes using classic openssh client.
I can guess than somehow my keys are not added to my ssh-agent even if it’s still running from my OS since i boot.
Host *.bastion.example.be
HostName %h
Port 3022
ProxyCommand ssh -p 3023 %r@bastion.example.be -s proxy:%h:%p
ssh node.bastion.example.be
Permission denied (publickey).
ssh_exchange_identification: Connection closed by remote host
How to reproduce it (as minimally and precisely as possible):
Setup latest Teleport with one more node then setup your openssh client to use it throught Teleport Proxy.
Environment:
- Teleport version (use
teleport version):Teleport v3.1.7 git:v3.1.7-0-g44074d74 go1.11.5 - Tsh version (use
tsh version): Teleport v3.1.7 git:v3.1.7-0-g44074d74 go1.11.5 - OS (e.g. from /etc/os-release): Debian GNU/Linux 9 (stretch)
Relevant Debug Logs If Applicable
- tsh --debug
- teleport --debug
- ssh node.bastion.example.com -v
debug1: Executing proxy command: exec ssh -p 3023 xx@bastion.example.com -s proxy:node.bastion.example.com:3022
debug1: permanently_drop_suid: 1000
debug1: identity file /home/xx/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/xx/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/xx/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/xx/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/xx/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/xx/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/xx/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/xx/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u6
ssh: connect to host bastion.example.com port 3023: Connection refused
ssh_exchange_identification: Connection closed by remote host
I can see traffic come on port 3023 but nothing in my log yet on the Teleport side even with the ERROR flag for the logs.
I can add manually my keys from teleport using:
ssh-add .tsh/keys/bastion.example.com/xx
I got :
Identity added: .tsh/keys/bastion.example.com/xx (.tsh/keys/bastion.example.com/xx)
Certificate .tsh/keys/bastion.example.com/xx-cert.pub (xx) add failed: communication with agent failed
I looked a bit on search engines (quick) without finding something useful.
Please let me know if i can provide more details.
Have a good week-end.