Closed russjones closed 1 year ago
Could be related to https://github.com/gravitational/teleport/issues/3734
This was solved by the ALPN SNI Proxy that is indeed used in a ProxyCommand.
% tsh login --ttl 1 && sleep 62
Enter password for Teleport user jeff:
% tsh ssh mynode.teleport.example.com
Enter password for Teleport user jeff:
jeff@mynode ~ %
Problem
When using an OpenSSH client with Teleport, if your certificate has expired you get a message like the following when attempting to login to a server:
This message does not explain why permissions was denied, nor does suggest a way to resolve the problem. The way to solve the problem is to run
tsh login
again and get new certificates.Proposed Solution
The simple solution is to improve the error message (if possible) to tell the user what happened.
A better user experience would be to prompt the user for their Teleport credentials and allow them to re-authenticate. We can potentially accomplish this by using tsh to form the outer SSH tunnel when using
ProxyCommand
.