Closed ravicious closed 1 week ago
I don't think this is limited to the cluster argument. We use elevated access requests a lot, and have just upgraded to Teleport 14. I noticed that when I ran tsh login --request-id ....
to log in to a session with elevated rights (which in our case has a much shorter session time than I am granted by default), the returned Valid until
field was incorrect and still showed my longer session time. I initially thought this was a bug in deciding how long my session should be, but a manual run of tsh status
showed the correct time.
It seems that the status output returned by tsh login
is stale if you are already logged in to a session, and then refresh to a new/altered session via some tsh login
command with additional parameters. If I ran tsh logout
first then the output returned by tsh login --request-id ... --proxy ...
showed the correct TTL.
Bug details: