RobyCollibra
commented
1 month ago +1 !
The way I understand the request it would then function similar to the Banyan app where I could launch banyanproxy.exe -l 8888 myServer.myCompany.com myPort and it would create a tunnel between my machine and the remote server, right? When I then ran ssh myUsername@127.0.0.1:8888 it would give me ssh access to myServer.
Note: Even if you can't pass username to it, it would still be a boon to have; you'd simply have to start a new tunnel per user/hostname listening on a different port.
strideynet
What would you like Teleport to do? There are many tools that use SSH (eg. SSH clients such as MobaXterm or some basic python scripts made by software devs/providers), but either don't support certificates or requires manual certificate import (which is problematic, because Teleport certificates have a very short expiration time).
I would like to suggest adding a ssh proxy command that works just like "tsh proxy db --tunnel". It setups a local SSH server and you can connect to it without certificates.
Preferably (if technically possible in Teleport) it will be awesome if target username and hostname can be provided by the client as SSH username (eg.
root%node1opens the terminal thattsh ssh root@node1would open). I have seen this being an option in many commercial PAM systems, so I hope that it will be possible to implement in Teleport as well.What problem does this solve? Being able to connect SSH Clients that doesn't support SSH Certificates - MobaXTerm, some basic python scripts, etc...
If a workaround exists, please include it. It doesn't exist