Difficulty with OpenSSH client to node behind Trusted Cluster

Can someone please advise what I did wrong?

Created a ssh config following the user guide documentation, https://gravitational.com/teleport/docs/user-manual/#ssh-proxy-configuration, to connect to nodes behind trusted cluster, e.g.,

# When connecting to a node behind a trusted cluster named "remote-cluster",
# the name of the trusted cluster must be appended to the proxy subsystem
# after '@':
Host remote-host
   Port 3022
   ProxyJump proxy.example.com:3023@remote-cluster

However, when using ssh to connect to remote-host, I got the following error,

$ ssh remote-host
ssh: Could not resolve hostname remote-cluster: Temporary failure in name resolution

Whereas tsh works fine without issue.
tsh --insecure ssh --cluster remote-cluster remote-host

This is running on Teleport v4.2.1 git:v4.2.1-0-gb16ee7d7 go1.13.2
OpenSSH Version: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017

I haven’t had good luck with using ProxyJump along with remote cluster names in SSH config files. Given that what ProxyJump does is essentially write the ProxyCommand for you (look at the output of ssh -vv to show what it’s actually doing), I would try something like this instead:

Host remote-host
    Port 3022
    ProxyCommand ssh 3023 proxy.example.com -s proxy:%h:%p@remote-cluster

Noted. Thanks for that.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.