Hi there,
I am always getting this error in boundary.
boundary connect ssh -target-id $TARGET_ID
Session credentials were not accepted, or session is unauthorized
kex_exchange_identification: read: Connection reset by peer
error fetching connection to send session teardown request to worker: Session credentials were not accepted, or session is unauthorized
I’m running Boundary server in non dev mode with systemd in the cloud. and I’m running Boundary client on my laptop to run the CLI commands.
I can confirm that port 9202, 9201, 9200 are running and listening on the server pulic IP.
I can authenticate with the controller successfuly. However can’t connect to targets.
boundary targets read -id $TARGET_ID
Target information:
Created Time: Mon, 23 May 2022 15:28:01 +01
Description: Provides an initial target in Boundary
ID: ttcp_ZNW6aFHixz
Name: Generated target
Session Connection Limit: -1
Session Max Seconds: 28800
Type: tcp
Updated Time: Mon, 23 May 2022 15:28:01 +01
Version: 2
Scope:
ID: p_gawL69Aqxm
Name: Generated project scope
Parent Scope ID: o_N7UlEgvpj6
Type: project
Authorized Actions:
no-op
read
update
delete
add-host-sets
set-host-sets
remove-host-sets
add-host-sources
set-host-sources
remove-host-sources
add-credential-libraries
set-credential-libraries
remove-credential-libraries
add-credential-sources
set-credential-sources
remove-credential-sources
authorize-session
Host Sources:
Host Catalog ID: hcst_3pisgUSp7P
ID: hsst_fP5LfqN3Aa
Attributes:
Default Port: 22
My controller hcl:
# Controller configuration block
controller {
# This name attr must be unique!
name = "demo-controller-1"
# Description of this controller
description = "A controller for a demo!"
database {
url = "postgresql://boundary:boundary@127.0.0.1:5432/boundary"
}
}
# API listener configuration block
listener "tcp" {
# Should be the address of the NIC that the controller server will be reached on
address = "Public_IP"
# The purpose of this listener block
purpose = "api"
tls_cert_file = "/etc/boundary/cert.pem"
tls_key_file = "/etc/boundary/key.pem"
}
# Data-plane listener configuration block (used for worker coordination)
listener "tcp" {
# Should be the IP of the NIC that the worker will connect on
address = "Public_IP"
# The purpose of this listener
purpose = "cluster"
}
# Root KMS configuration block: this is the root key for Boundary
# Use a production KMS such as AWS KMS in production installs
kms "aead" {
purpose = "root"
aead_type = "aes-gcm"
key = "sP1fnF5Xz85RrXyELHFeZg9Ad2qt4Z4bgNHVGtD6ung="
key_id = "global_root"
}
# Worker authorization KMS
# Use a production KMS such as AWS KMS for production installs
# This key is the same key used in the worker configuration
kms "aead" {
purpose = "worker-auth"
aead_type = "aes-gcm"
key = "8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ="
key_id = "global_worker-auth"
}
# Recovery KMS block: configures the recovery key for Boundary
# Use a production KMS such as AWS KMS for production installs
kms "aead" {
purpose = "recovery"
aead_type = "aes-gcm"
key = "8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ="
key_id = "global_recovery"
}
My worker hcl:
listener "tcp" {
purpose = "proxy"
address = "Public_IP"
}
worker {
# Name attr must be unique
name = "demo-worker-1"
description = "A default worker created demonstration"
public_addr = "Public_IP"
controllers = [
"Public_IP"
]
}
# must be same key as used on controller config
kms "aead" {
purpose = "worker-auth"
aead_type = "aes-gcm"
key = "8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ="
key_id = "global_worker-auth"
}
Systemd status:
sudo systemctl status boundary-controller.service
[sudo] password for wdahhane:
● boundary-controller.service - boundary controller
Loaded: loaded (/etc/systemd/system/boundary-controller.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2022-05-23 14:45:05 UTC; 1h 38min ago
Main PID: 7463 (boundary)
Tasks: 23 (limit: 2274)
Memory: 332.7M
CGroup: /system.slice/boundary-controller.service
├─7463 /usr/bin/boundary server -config /etc/boundary-controller.hcl
├─7487 /tmp/2963995187/boundary-plugin-host-aws
└─7495 /tmp/2802775466/boundary-plugin-host-azure
May 23 16:05:32 hashicorp-boundary boundary[7463]: {"id":"mXOXn0grn6","source":"https://hashicorp.com/boundary/demo-controller-1","specversion":"1.0","type":"observa>
May 23 16:05:58 hashicorp-boundary boundary[7463]: {"id":"G1I9gt9XIN","source":"https://hashicorp.com/boundary/demo-controller-1","specversion":"1.0","type":"observa>
May 23 16:07:14 hashicorp-boundary boundary[7463]: {"id":"Lkjbe3d3D5","source":"https://hashicorp.com/boundary/demo-controller-1","specversion":"1.0","type":"observa>
May 23 16:07:22 hashicorp-boundary boundary[7463]: {"id":"mIfotiVOkf","source":"https://hashicorp.com/boundary/demo-controller-1","specversion":"1.0","type":"observa>
May 23 16:07:33 hashicorp-boundary boundary[7463]: {"id":"2OOwFgdAsB","source":"https://hashicorp.com/boundary/demo-controller-1","specversion":"1.0","type":"observa>
May 23 16:07:51 hashicorp-boundary boundary[7463]: {"id":"mQgulV8Kmg","source":"https://hashicorp.com/boundary/demo-controller-1","specversion":"1.0","type":"observa>
May 23 16:07:53 hashicorp-boundary boundary[7463]: {"id":"8je7hjUkvh","source":"https://hashicorp.com/boundary/demo-controller-1","specversion":"1.0","type":"observa>
May 23 16:07:58 hashicorp-boundary boundary[7463]: {"id":"XYNWGaw26z","source":"https://hashicorp.com/boundary/demo-controller-1","specversion":"1.0","type":"observa>
May 23 16:08:16 hashicorp-boundary boundary[7463]: {"id":"tfcSubeubf","source":"https://hashicorp.com/boundary/demo-controller-1","specversion":"1.0","type":"observa>
May 23 16:08:19 hashicorp-boundary boundary[7463]: {"id":"IyaiJkd5XJ","source":"https://hashicorp.com/boundary/demo-controller-1","specversion":"1.0","type":"observa
sudo systemctl status boundary-worker.service
● boundary-worker.service - boundary worker
Loaded: loaded (/etc/systemd/system/boundary-worker.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2022-05-23 14:45:10 UTC; 1h 39min ago
Main PID: 7514 (boundary)
Tasks: 8 (limit: 2274)
Memory: 52.2M
CGroup: /system.slice/boundary-worker.service
└─7514 /usr/bin/boundary server -config /etc/boundary-worker.hcl
May 23 15:57:56 hashicorp-boundary boundary[7514]: {"id":"Oo6cjz1TRI","source":"https://hashicorp.com/boundary/demo-worker-1","specversion":"1.0","type":"system","da>
May 23 16:05:58 hashicorp-boundary boundary[7514]: {"id":"8vhNFsB041","source":"https://hashicorp.com/boundary/demo-worker-1","specversion":"1.0","type":"system","da>
May 23 16:07:14 hashicorp-boundary boundary[7514]: {"id":"apHJgr0lq5","source":"https://hashicorp.com/boundary/demo-worker-1","specversion":"1.0","type":"system","da>
May 23 16:07:22 hashicorp-boundary boundary[7514]: {"id":"Ern1FckaBk","source":"https://hashicorp.com/boundary/demo-worker-1","specversion":"1.0","type":"system","da>
May 23 16:07:33 hashicorp-boundary boundary[7514]: {"id":"c5T7rceuuW","source":"https://hashicorp.com/boundary/demo-worker-1","specversion":"1.0","type":"system","da>
May 23 16:07:51 hashicorp-boundary boundary[7514]: {"id":"Jz0RAhODQs","source":"https://hashicorp.com/boundary/demo-worker-1","specversion":"1.0","type":"system","da>
May 23 16:07:53 hashicorp-boundary boundary[7514]: {"id":"TTCzmoSFLx","source":"https://hashicorp.com/boundary/demo-worker-1","specversion":"1.0","type":"system","da>
May 23 16:07:58 hashicorp-boundary boundary[7514]: {"id":"9tJn6oOrD0","source":"https://hashicorp.com/boundary/demo-worker-1","specversion":"1.0","type":"system","da>
May 23 16:08:16 hashicorp-boundary boundary[7514]: {"id":"OtVZg1Sygb","source":"https://hashicorp.com/boundary/demo-worker-1","specversion":"1.0","type":"system","da>
May 23 16:08:19 hashicorp-boundary boundary[7514]: {"id":"ZRBOMOs4Hm","source":"https://hashicorp.com/boundary/demo-worker-1","specversion":"1.0","type":"system","da