search

gravitational / teleport

The easiest, and most secure way to access and protect all of your infrastructure.
https://goteleport.com
GNU Affero General Public License v3.0
17k stars 1.71k forks source link

Prompt for Teleport credentials when using an OpenSSH client #1183

Closed russjones closed 1 year ago

russjones commented 6 years ago

Problem

When using an OpenSSH client with Teleport, if your certificate has expired you get a message like the following when attempting to login to a server:

$ ssh node
Permission denied (publickey).
ssh_exchange_identification: Connection closed by remote host

This message does not explain why permissions was denied, nor does suggest a way to resolve the problem. The way to solve the problem is to run tsh login again and get new certificates.

Proposed Solution

The simple solution is to improve the error message (if possible) to tell the user what happened.

A better user experience would be to prompt the user for their Teleport credentials and allow them to re-authenticate. We can potentially accomplish this by using tsh to form the outer SSH tunnel when using ProxyCommand.

webvictim commented 3 years ago

Could be related to https://github.com/gravitational/teleport/issues/3734

programmerq commented 1 year ago

This was solved by the ALPN SNI Proxy that is indeed used in a ProxyCommand.

% tsh login --ttl 1 && sleep 62
Enter password for Teleport user jeff:

% tsh ssh mynode.teleport.example.com
Enter password for Teleport user jeff:
jeff@mynode ~ %