search

gravitational / teleconsole

Command line tool to share your UNIX terminal and forward local TCP ports to people you trust.
https://www.teleconsole.com
Apache License 2.0
2.78k stars 154 forks source link

403 Forbidden: Unknown session #43

Open lovese opened 6 years ago

lovese commented 6 years ago

always start with 403 Forbidden: Unknown session

apua commented 6 years ago

I meet the same issue with v0.3.1 , debug log is as below.

There is https_proxy, and curl https://teleconsole.com, curl https://as.teleconsole.com, and so on, are no problem.

Don't know why it said "unknown session". I guess "session" is about SSH, but "403" is HTTP status code.

In addition, it fails to join session, either. 

DEBU[0000] Server: https://as.teleconsole.com:443, Args: []  file=clt/main.go:39 func=clt.(*App).DebugDump
INFO[0000] Getting version from https://as.teleconsole.com:443  file=clt/api_client.go:71 func=clt.(*APIClient).CheckVersion
INFO[0000] Connecting to https://as.teleconsole.com:443  file=clt/api_client.go:105 func=clt.(*APIClient).CheckVersion
Starting local SSH server on localhost...
Requesting a disposable SSH proxy on as.teleconsole.com for ray...
INFO[0001] Requesting a new session for ray forwarding <nil>  file=clt/api_client.go:120 func=clt.(*APIClient).RequestNewSession
403 Forbidden: Unknown session

DEBU[0004]
ERROR REPORT:
Original Error: *clt.HTTPClientError 403 Forbidden: Unknown session

Stack Trace:
        /home/ekontsevoy/go/src/github.com/gravitational/teleconsole/clt/api_client.go:147 github.com/gravitational/teleconsole/clt.(*APIClient).RequestNewSession
        /home/ekontsevoy/go/src/github.com/gravitational/teleconsole/clt/clt.go:97 github.com/gravitational/teleconsole/clt.StartBroadcast
        /home/ekontsevoy/go/src/github.com/gravitational/teleconsole/clt/main.go:182 github.com/gravitational/teleconsole/clt.(*App).Start
        /home/ekontsevoy/go/src/github.com/gravitational/teleconsole/main.go:45 main.main
        /opt/go/src/runtime/proc.go:192 runtime.main
        /opt/go/src/runtime/asm_amd64.s:2087 runtime.goexit
User Message:
  file=teleconsole/main.go:61 func=main.fatalIf
kontsevoy commented 6 years ago

hey guys, I have been trying to reproduce this, to no avail... the proxy is running on Azure and is periodically taken down for maintenance (brief downtime) so if you try to start a session in the middle of a daemon restart, you'll see this.

stge4code commented 6 years ago

Kind of strange bug. The problem with connection disappears when I change my system time to UTC.

ccthiel commented 6 years ago

Getting the same issue:

WARN[0000] syslog not available. reverting to stderr     file=utils/cli.go:45
DEBU[0000] Server: https://teleconsole.com:443, Args: []  file=clt/main.go:39 func=clt.(*App).DebugDump
INFO[0000] Ping http://teleconsole.com/ping              file=geo/geo.go:41 func=geo.FindFastestEndpoint.func1
INFO[0000] Ping http://eu.teleconsole.com/ping           file=geo/geo.go:41 func=geo.FindFastestEndpoint.func1
INFO[0000] Ping http://as.teleconsole.com/ping           file=geo/geo.go:41 func=geo.FindFastestEndpoint.func1
INFO[0000] teleconsole.com responded in 74.1836ms        file=geo/geo.go:60 func=geo.FindFastestEndpoint
INFO[0000] Getting version from https://teleconsole.com:443  file=clt/api_client.go:71 func=clt.(*APIClient).CheckVersion
INFO[0000] Connecting to https://teleconsole.com:443     file=clt/api_client.go:105 func=clt.(*APIClient).CheckVersion
Starting local SSH server on localhost...
Requesting a disposable SSH proxy on teleconsole.com for cthiel...
INFO[0001] Requesting a new session for cthiel forwarding <nil>  file=clt/api_client.go:120 func=clt.(*APIClient).RequestNewSession
403 Forbidden: Unknown session

DEBU[0004]
ERROR REPORT:
Original Error: *clt.HTTPClientError 403 Forbidden: Unknown session

Stack Trace:
        /home/ekontsevoy/go/src/github.com/gravitational/teleconsole/clt/api_client.go:147 github.com/gravitational/teleconsole/clt.(*APIClient).RequestNewSession
        /home/ekontsevoy/go/src/github.com/gravitational/teleconsole/clt/clt.go:97 github.com/gravitational/teleconsole/clt.StartBroadcast
        /home/ekontsevoy/go/src/github.com/gravitational/teleconsole/clt/main.go:182 github.com/gravitational/teleconsole/clt.(*App).Start
        /home/ekontsevoy/go/src/github.com/gravitational/teleconsole/main.go:45 main.main
        /opt/go/src/runtime/proc.go:192 runtime.main
        /opt/go/src/runtime/asm_amd64.s:2087 runtime.goexit
User Message:
  file=teleconsole/main.go:61 func=main.fatalIf
kontsevoy commented 6 years ago

I think I figured this out. Teleconsole uses Teleport SSH certificates under the hood and if the client/server time do not agree you may get an expired certificate. We're releasing Teleport 3.0 soon and I will be updating Teleconsole on it which should make a lot of things smoother. Going to keep this open for now.

Kampii commented 5 years ago

@kontsevoy I am experiencing a problem when teleconsole disconnects the user after a few minutes. Is it somehow related to this? What is the solution?

kontsevoy commented 5 years ago

@Kampii teleconsole is a free service and lately there's been a big growth in usage. Short answer: your nearest POP (there are 3) gets overloaded eventually. We'll see if we can allocate more resources to it soon.