In my test setup, I don’t have a TLS certificate. The regular way of using tsh login --proxy=proxy-server --insecure --user=user
and then tsh ssh user@target
works just fine.
However, after a tsh logout
when I export the identity file with tsh login --proxy=proxy-server --insecure --user=user --out=user
and the try to use tsh ssh -i user --proxy=proxy-server user@target
Teleport throws an error: Get https://proxy-server:3080/v1/webapi/ping: x509: certificate signed by unknown authority
Also tsh -i user status --proxy=proxy-server
has no output.
Is it necessary to have a TLS certificate specified for using an identity file?
My goal is to have a jump host on which users can use the Teleport services (tsh login, tsh ssh…). But the Teleport credentials should be stored on the user’s machine, not on the jump host. Authentication of the jump host will be done with my own certificate management.