You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When local auth is disabled, tsh --headless does not work. It errors out saying ERROR: local auth disabled
When local auth is enabled, it is possible to use tsh --headless with an SSO user. They just need to add an MFA device.
Expected behavior:
% tsh --headless --proxy teleport.example.com --user myssouser@example.com ssh me@mynode hostname
Complete headless authentication in your local web browser:
https://teleport.example.com:443/web/headless/9863bd17-13e2-073a-f13c-6874cc0696af
or execute this command in your local terminal:
tsh headless approve --user=myssouser@example.com --proxy=teleport.example.com:443 9863bd17-13e2-073a-f13c-6874cc0696af
mynode.localdomain
Current behavior:
% tsh --headless --proxy teleport.example.com --user myssouser@example.com ssh me@mynode hostname
Complete headless authentication in your local web browser:
https://teleport.example.com:443/web/headless/9863bd17-13e2-073a-f13c-6874cc0696af
or execute this command in your local terminal:
tsh headless approve --user=myssouser@example.com --proxy=teleport.example.com:443 9863bd17-13e2-073a-f13c-6874cc0696af
ERROR: local auth disabled
Bug details:
Teleport version - v14.3.x
Recreation steps - disable local auth, add mfa device to SSO user, attempt to use tsh --headless
Debug logs
The text was updated successfully, but these errors were encountered:
When local auth is disabled,
tsh --headless
does not work. It errors out sayingERROR: local auth disabled
When local auth is enabled, it is possible to use
tsh --headless
with an SSO user. They just need to add an MFA device.Expected behavior:
Current behavior:
Bug details:
tsh --headless
The text was updated successfully, but these errors were encountered: