Authenticate users without giving them an ssh key for servers via boundary

My current setup

  • I have hosted boundary in dev mode on an instance in AWS which can be reached publicly.
  • All the firewall rules are in place.
  • I am also able to authenticate to boundary via the public Boundary API URL from my laptop.
  • Once authenticated I can connect to my target easily only when I have the right SSH key.


Is there a way where I don’t have to give the users (people who want to access the target) the host’s ssh_key/password ?

Hello and thanks for your interest in Boundary! Boundary engineer here. This is a great suggestion. Right now we support a TCP target type, which you can use SSH with: Connect to Your First Target | Boundary - HashiCorp Learn. This means providing a key or password for now. We’re looking into ways to improve the workflow for SSH. Stay tuned!