v13 Agentless/OpenSSH guide doesn't work

[nklaassen]

Expected behavior:

Following the agentless/OpenSSH guide (https://goteleport.com/docs/ver/13.x/server-access/guides/openssh/) I should be able to connect to OpenSSH nodes via Teleport.

Current behavior:

The first problem is that ADDR first gets set to a list of values ADDR=1.2.3.4,openssh-node,a100fdd0-52db-4eca-a7ab-c3afa7a1564a, and then later is used in the ssh command which doesn’t accept a list ssh -p ${PORT?} -F ssh_config_teleport "${USER?}@${ADDR?}.${CLUSTER?}"

The second problem I hit after setting the addr in the ssh command to just the IP, hostname, or UUID, is this generic error:

$ ssh -p ${PORT?} -F ssh_config_teleport "${USER?}@nic-test.${CLUSTER?}"
ERROR: ssh: subsystem request failed

kex_exchange_identification: Connection closed by remote host
Connection closed by UNKNOWN port 65535

I get this log on the proxy:

2023-04-18T16:14:31-07:00             ERRO failure handling SSH "subsystem" request error:[
ERROR REPORT:
Original Error: *trace.BadParameterError cluster is empty
Stack Trace:
        github.com/gravitational/teleport/api@v0.0.0/client/client.go:865 github.com/gravitational/teleport/api/client.(*Client).GenerateOpenSSHCert
        github.com/gravitational/teleport/lib/agentless/agentless.go:79 github.com/gravitational/teleport/lib/agentless.createAuthSigner
        github.com/gravitational/teleport/lib/agentless/agentless.go:51 github.com/gravitational/teleport/lib/agentless.SignerFromSSHCertificate.func1
        github.com/gravitational/teleport/lib/proxy/router.go:280 github.com/gravitational/teleport/lib/proxy.(*Router).DialHost
        github.com/gravitational/teleport/lib/srv/regular/proxy.go:270 github.com/gravitational/teleport/lib/srv/regular.(*proxySubsys).proxyToHost
        github.com/gravitational/teleport/lib/srv/regular/proxy.go:237 github.com/gravitational/teleport/lib/srv/regular.(*proxySubsys).Start
        github.com/gravitational/teleport/lib/srv/regular/sshserver.go:1807 github.com/gravitational/teleport/lib/srv/regular.(*Server).handleSubsystem
        github.com/gravitational/teleport/lib/srv/regular/sshserver.go:1558 github.com/gravitational/teleport/lib/srv/regular.(*Server).dispatch
        github.com/gravitational/teleport/lib/srv/regular/sshserver.go:1517 github.com/gravitational/teleport/lib/srv/regular.(*Server).handleSessionRequests
        runtime/asm_amd64.s:1598 runtime.goexit
User Message: cluster is empty] regular/sshserver.go:2018

Bug details:

• Teleport version: v13.0.0-alpha.1
• Recreation steps:
  • follow the OpenSSH guide. I'm using an Amazon Linux instance for the node and running the Teleport cluster locally on my MacBook.
• Debug logs: above

[capnspacehook]

Opened a PR for a fix for that behavior, the docs probably need correcting so a different environmental variables are used instead of just ADDR. Using a different env var on my branch works for me.

[stevenGravy]

I'd say most people would not use a IP address too. We now have teleport join openssh so would expect we'd include that.

[r0mant]

@capnspacehook Can you please verify this is fixed now and close the ticket if so?