Boundary new version 0.9.0

trying to connect using boundary desktop using ssh , ssh 127.0.0.1 -p 50500
ssh_exchange_identification: read: Connection reset

What version is your Boundary server?

boundary server version is 0.9.0

What do you get when you add -vvv to the SSH command flags? It should give you a bunch of debug output.

yes , its showing me that,when i try with ssh username@host ,entering the correct password ,results to permission denied

Permission denied in an SSH session wouldn’t be coming from Boundary. That would be something configured on the SSH server. Can you post the SSH debug output from -vvv here?

This is what the error is:
ssh_exchange_identification: read: Connection reset
This is what debug output is
usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
[-D [bind_address:]port] [-E log_file] [-e escape_char]
[-F configfile] [-I pkcs11] [-i identity_file]
[-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec]
[-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address]
[-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]]
[user@]hostname [command]

@omkensey Also does boundary provide secure access to other aws services like S3, EC2
Also ,We are able to create AWS dynamic host catalog and while trying to create hostset in it, irrespective of tag filters, it is allowing all hosts of the region into it.
Tag format used :
tag:tag_key=tag_value

Also we are able set filters while creating the host set plugin using commands, but the created hostset details are not appeared in boundary console.

When you use -vvv you should be getting info about the details of how the connection is being established, not SSH usage info. It should look like this:

$ ssh -vvv -p [some port] 127.0.0.1
OpenSSH_8.7p1, OpenSSL 1.1.1n  FIPS 15 Mar 2022
debug1: Reading configuration data /home/kensey/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 55: Including file /etc/ssh/ssh_config.d/50-redhat.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
debug2: checking match for 'final all' host 127.0.0.1 originally 127.0.0.1
debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 3: not matched 'final'
debug2: match not found
debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 (parse only)
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-]
debug3: kex names ok: [curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512]
[... lots more stuff ...]

Tag format used :
tag:tag_key=tag_value

What do your host set filters look like?

ssh -vvv -p 12345 127.0.0.1
OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5
debug3: Failed to open file:C:/Users/Administrator/.ssh/config error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_config error:2
debug2: resolve_canonicalize: hostname 127.0.0.1 is address
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 12345.
debug1: Connection established.
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_rsa error:2
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_rsa.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\Users\Administrator/.ssh/id_rsa type -1
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_rsa-cert error:2
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_rsa-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\Users\Administrator/.ssh/id_rsa-cert type -1
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_dsa error:2
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_dsa.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\Users\Administrator/.ssh/id_dsa type -1
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_dsa-cert error:2
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_dsa-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\Users\Administrator/.ssh/id_dsa-cert type -1
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_ecdsa error:2
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_ecdsa.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\Users\Administrator/.ssh/id_ecdsa type -1
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_ecdsa-cert error:2
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_ecdsa-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\Users\Administrator/.ssh/id_ecdsa-cert type -1
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_ed25519 error:2
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_ed25519.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\Users\Administrator/.ssh/id_ed25519 type -1
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_ed25519-cert error:2
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_ed25519-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\Users\Administrator/.ssh/id_ed25519-cert type -1
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_xmss error:2
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_xmss.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\Users\Administrator/.ssh/id_xmss type -1
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_xmss-cert error:2
debug3: Failed to open file:C:/Users/Administrator/.ssh/id_xmss-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\Users\Administrator/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_7.7
debug3: recv - from CB(2) ERROR:108, io:0000017AC7EFCF60
ssh_exchange_identification: read: Connection reset

tag:boundary_connect=true

What do your host tags look like?

For the SSH issue – I see that when I start up an instance where the worker proxy port (9202) isn’t reachable by the clients. You might need to open up your security groups to allow inbound access to port 9202 from your client. If you’re running the Boundary server in dev mode, you might need to use -proxy-listen-address 0.0.0.0 -worker-public-address [the external IP of your Boundary instance] when you run boundary dev.

this is what the entire command looks like
boundary host-sets create plugin
-name ec2
-host-catalog-id $HOST_CATALOG_ID
-attr filters=tag:boundary_connect=true

Could you provide me a snippet for this or the command , so that I can get a clear idea.

What do the tags on your EC2 instances in AWS look like? Do you have instances that are not tagged or tagged with other tags than the ones you’re trying to filter for?

我也遇到这个情况，ssh错误代码是108，检查route路由表发现，docker占用了172.17.0.0网段，正好和我的外网网段冲突，导致流量都流向了docker的内网。正确方法是修改docker默认容器网段： 修改/etc/docker/daemon.json（daemon.json没有就新建）文件，加入以下代码

{
    "default-address-pools":[
        {"base":"172.30.0.0/16","size":24}
    ]
}

然后重启docker即可