To test that, you can issue the Boundary command without the ssh argument. It will output the credentials to the screen and still proxy the tcp connection, but without attempting to run ssh for you. You’d be responsible for copying the username and key and inputting those to ssh.
Alternatively, check this out.
I’m not an HCP Boundary user but I believe they don’t provide those (or at least I couldn’t find them). One thing you can do though is to run the worker in the same VPC as the instance you’re trying to access.
That’s correct. It does not connect to any local service. It will create an outbound connection to the worker on port tcp/9202. That would only be a problem if you have egress firewall rules. You can easily test that though if you have Netcat installed:
$ nc -v -z <boundary_worker_hostname> 9202
Connection to ****** port 9202 [tcp/wap-wsp-s] succeeded!
It would still be good if you could set the sshd LogLevel to DEBUG and share the connection logs here.