Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSH jump host fails for leaf cluster in separate port mode #42210

Open
atburke opened this issue May 31, 2024 · 0 comments
Open

SSH jump host fails for leaf cluster in separate port mode #42210

atburke opened this issue May 31, 2024 · 0 comments
Labels
bug test-plan-problem Issues which have been surfaced by running the manual release test plan

Comments

@atburke
Copy link
Contributor

atburke commented May 31, 2024

Expected behavior:
ssh -J <leaf-proxy-addr> <leaf-node> successfully connects to the leaf node.

Current behavior:
ssh -J <leaf-proxy-addr> <leaf-node> fails with error channel 0: bad ext data. Leaf node reports that it cannot get the remote site for the root cluster.

tsh ssh -J <leaf-proxy-addr> <leaf-node> in separate port mode and tsh proxy ssh -J <leaf-proxy-addr> <leaf-node> in multiplex mode both work correctly.

Bug details:

  • Teleport version
  • Recreation steps
    • Create a root and leaf cluster, both with auth_service.proxy_listener_mode: separate
    • Log in to the leaf cluster via the root cluster in tsh
    • Attempt to ssh into a leaf node using the leaf proxy as a jump host
  • Debug logs
2024-05-30T16:21:04-07:00 DEBU [PROXY]     Successfully authenticated fingerprint:ssh-rsa-cert-v01@openssh.com SHA256:D+kXyt99DFGCI66SR6vdPITUAWr5CbrUca1LephbMDs local:127.0.0.1:4023 remote:127.0.0.1:42268 user:andrew srv/authhandlers.go:433
2024-05-30T16:21:04-07:00 DEBU [SSH:PROXY] Incoming connection 127.0.0.1:42268 -> 127.0.0.1:4023 version: SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.7, certtype: "user" sshutils/server.go:548
2024-05-30T16:21:04-07:00 DEBU             Mapped remote roles [editor access] to local roles [editor access] and traits map[aws_role_arns:[] azure_identities:[] db_names:[] db_roles:[] db_users:[] gcp_service_accounts:[] host_user_gid:[] host_user_uid:[] kubernetes_groups:[] kubernetes_users:[] logins:[andrew root -teleport-internal-join] windows_logins:[]]. services/access_checker.go:1175
2024-05-30T16:21:04-07:00 DEBU             Mapped remote roles [editor access] to local roles [editor access] and traits map[aws_role_arns:[] azure_identities:[] db_names:[] db_roles:[] db_users:[] gcp_service_accounts:[] host_user_gid:[] host_user_uid:[] kubernetes_groups:[] kubernetes_users:[] logins:[andrew root -teleport-internal-join] windows_logins:[]]. services/access_checker.go:1175
2024-05-30T16:21:04-07:00 DEBU [NODE]      Proxy subsystem: routing user "andrew" to cluster "main" based on the route to cluster extension. regular/proxy.go:169
2024-05-30T16:21:04-07:00 ERRO             Unable instantiate proxy subsystem: invalid format for proxyrequest: unknown cluster "main". regular/sshserver.go:2222

full debug logs from leaf auth/proxy/node
@atburke atburke added bug test-plan-problem Issues which have been surfaced by running the manual release test plan labels May 31, 2024
@atburke atburke mentioned this issue May 31, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug test-plan-problem Issues which have been surfaced by running the manual release test plan
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@atburke