Permission denied unknown method GetUser adding new raspberry pi4 node

Hi,
Adding a raspbian buster (pi4) as an ssh node, had to compile from source, seems to run okay but then when trying to login from the proxy page it says “access denied to [user] connecting to pi4”

Then on the pi (ssh node) logs I’m getting permission denied

jon@troon-pi4:~$ sudo su

 systemctl status teleport
● teleport.service - Teleport SSH Service
  
   Active: active (running) since Wed 2019-09-11 22:01:42 BST; 14min ago
 Main PID: 18898 (teleport)
    Tasks: 14 (limit: 4915)
   Memory: 8.1M


Sep 11 22:01:42 troon-pi4 systemd[1]: Started Teleport SSH Service.
Sep 11 22:01:43 troon-pi4 teleport[18898]: [NODE]    Service is starting on 0.0.0.0:3022.
Sep 11 22:01:59 troon-pi4 teleport[18898]: ERRO [NODE]      Permission denied: unknown method GetUser fingerprint:ssh-rsa-cert-v01@openssh.com SHA256:TcJLkWJ1UK81PrQplAQkek loc
Sep 11 22:14:54 troon-pi4 teleport[18898]: ERRO [NODE]      Permission denied: unknown method GetUser h-rsa-cert-v01openssh.com SHA256:9Xc5jkHYzG....................c
Sep 11 22:15:00 troon-pi4 teleport[18898]: ERRO [NODE]      Permission denied: unknown method GetUser fingerprint:ssh-rsa-cert-v01openssh.com SHA256:9Xc5jkHCw7xq2nMXBTxQ loc

/etc/teleport.yaml

teleport:
  auth_servers: ["auth1"]
  auth_token: f012e..................abe41d7c3


  data_dir: /var/lib/teleport
  storage:
  path: /var/lib/teleport/backend
  type: dir

auth_service:
  enabled: no

ssh_service:
  enabled: yes
  labels:
  cluster: auth1
  commands:
  - name: kernel
    command: [/bin/uname, -r]
    period: 5m

proxy_service:
  enabled: no

I’m not sure why its not working as I am not doing anything much different to how I normally add a node. The only difference is the ones working I think are all ubuntu and this one is raspbian / debian 10.

Any ideas?

image

How/when did you compile from source? I think we had a bit of instabiility on the master branch recently - it’s probably best to take a known good tagged release such as 4.0.8 or potentially 4.1.0-beta.2 to make sure you don’t hit any of this.

Your logs look like Teleport is definitely somewhat unhappy. Also, what system user are you running teleport as? It’ll need to be root if you’re running the node service so Teleport can log in as the user you’re specifying.

1 Like

Hi,
git clone https://github.com/gravitational/teleport.git
I had to use a late golang 1.13, for armv6l then ran make full in the relevant go folder, then moved the binaries to the usual location.

I then created the /etc/teleport.yaml file, placed in the token that was generated on the auth server and it seems to start okay listening on 3022

On the auth/proxy you can see the pi has registered but when you click on the device to login as a local user it gets access denied with either root or my own login.

Just checked and teleport service is running as root.

OK, its working fine now!

The fix was to blow away the old install, remove the binaries etc, then do a git checkout of the tag/branch 4.0.8, then go through the usual compile procedure.

Also for the record, I had to use the latest Go here: https://dl.google.com/go/go1.13.linux-armv6l.tar.gz

Accidentally tried an older version yesterday and there were missing dependencies.

Thanks! :slight_smile:

Jon.

This topic was automatically closed 12 hours after the last reply. New replies are no longer allowed.