Ansible over teleport not working

[BeoKool]

I am trying to use Ansible with Teleport and encountering the current error when running the Ansible command, facing this issue fatal: [aht-hrm-02.AHT-VIETTEL]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: \u001b[31mERROR: \u001b[0mfailed connecting to host aht-hrm-02.aht-viettel:22: failed to receive cluster details response\n\tfailed to dial target host\n\tDirect dialing to nodes not found in the inventory is not supported.\nIf you want to connect to a node without installing Teleport on it, consider registering it with\nyour cluster with 'teleport join openssh'.\n\nSee https://goteleport.com/docs/ver/14.x/server-access/guides/openssh/ for more details.\n\nkex_exchange_identification: Connection closed by remote host\r\nConnection closed by UNKNOWN port 65535", "unreachable": true} and I try this command to debug ssh -vvv -F ./ssh.cfg aht-admin@aht-hrm-02.AHT-VIETTEL And I encounter the following error:

ERROR: failed connecting to host aht-hrm-02.aht-viettel:22: failed to receive cluster details response
        failed to dial target host
        Direct dialing to nodes not found in the inventory is not supported.
If you want to connect to a node without installing Teleport on it, consider registering it with
your cluster with 'teleport join openssh'.

See https://goteleport.com/docs/ver/14.x/server-access/guides/openssh/ for more details.

kex_exchange_identification: Connection closed by remote host

[stevenGravy]

So this means it's attempting node names that aren't registered. Are you using OpenSSH servers? Please see https://goteleport.com/docs/server-access/guides/openssh/openssh/ for registering the nodename and confirm with tctl nodes ls what. your nodename is.

[BeoKool]

This is the result when I run the command tctl nodes ls --insecure.

[stevenGravy]

Is that node name there?

[BeoKool]

yep, is my node name

[webvictim]

The issue here is that node names and routing in Teleport are case-sensitive by default.

Your cluster name is AHT-VIETTEL, but SSH (and thus Ansible) normalises every hostname to lowercase when trying to connect to it. As such, SSH is actually trying to connect to aht-hrm-02.aht-viettel, but the hostname Teleport sees connected is aht-hrm-02.AHT-VIETTEL and it treats these as two completely different hostnames.

Try setting this in your /etc/teleport.yaml config file on the server which runs your Teleport auth service, then restarting Teleport, and running ssh -vvv -F ./ssh.cfg aht-admin@aht-hrm-02.AHT-VIETTEL again:

auth_service:
  enabled: true
  case_insensitive_routing: true