Error in connecting to target via ssh


When i try to connect target host via ssh, i get this error “ubuntu@ Permission denied (publickey).”

I have configured controller and worker on same server Ubuntu AWS server

I used this command to connect to target host
“BOUNDARY_ADDR=‘’ boundary connect ssh -target-id ttcp_WNoPZuhzTV -host-id=hst_NtlSffpVlX -token=at_hLHbjqQOlM_s14EBjphTMNSUpamX14acL1j2x6s2QtKrrau2CxRnnGAC8PRA4mJdT8sxXLKNoHCwYjc5Bbg3DwbHJMacqTJJadd8nEmG97ghgcqLiHQSmy9uhxdGPZzvb -username=ubuntu”

This is the log i get from controller after this command
“2020-10-21T21:27:34.407+0530 [INFO] controller.worker-handler: session activated: session_id=s_h8TrAfwO4q target_id=ttcp_WNoPZuhzTV user_id=u_0PNYLB8vIm host_set_id=hsst_djXMLW24sb host_id=hst_NtlSffpVlX
2020-10-21T21:27:34.425+0530 [INFO] controller.worker-handler: authorized connection: session_id=s_h8TrAfwO4q connection_id=sc_ckHJ9CEjZ6 connections_left=0
2020-10-21T21:27:34.445+0530 [INFO] controller.worker-handler: connection established: session_id=s_h8TrAfwO4q connection_id=sc_ckHJ9CEjZ6 client_tcp_address= client_tcp_port=52376 endpoint_tcp_address= endpoint_tcp_port=22”

I am not able to figure out what is going wrong

Can someone please help me out here


Hi @glades95 - thank you for trying out Boundary!

This is the SSH daemon saying you have the incorrect public key for the server you’re connecting to. I would double check what key you’re using, or specify one when you’re connecting to the target via Boundary (if the default isn’t correct), using -i <key_path>: boundary connect ssh -username foo -target-it ttcp... -- -i <key_path>

Let me know if this helps! Thanks!

Hi @malnick

Thanks for the reply!

I used the -i flag and i got another error

Error from controller when performing authorize-session against target:
Error information:
Code: Unauthenticated
Message: Unauthenticated, or invalid token.
Status: 401

But i have logged in using admin credentials, which i assume have full rights over all the organizations

Can you please help me out here


Thanks @glades95 - can you try running boundary authenticate first? The timeout on your token is 30 days, or 8hrs of inactivity.

Hi @malnick,

yes, I did boundary authenticate first.

I can see all the resources in the console using admin creds…but am getting error using cli

Error from controller when performing authorize-session against target:
Error information:
Code: Unauthenticated
Message: Unauthenticated, or invalid token.
Status: 401

any suggestions what can i try out here


Assuming that nothing changed on your end between the original error and the 401 you’re seeing now, it does seem like an issue with the token. It’d be interesting to know if that token is working for other commands you’re authorized to perform. I can’t help but wonder if maybe a single character was cut off or something. (You might want to put it in BOUNDARY_TOKEN so you don’t have to pop it in every command.)

Also note that 0.1.1, which should be coming out today, will give you the opportunity to use pass for storing tokens which might allow you to not have to copy and paste it around.

Yes, i tried running different commands using same token it worked,

Its only when i try to connect to target via ssh i get unauthenticated msg

Can you paste your actual command line?

My suspicion is that you are using -token as a flag instead of as an env var but that the positioning of the flag is not correct in the connect call.

Thanks! I could ssh after using token as environment variable

Just in case i want to use it as a flag where should i place the token assuming this is my command

BOUNDARY_ADDR=‘’ boundary connect ssh -target-id ttcp_WNoPZuhzTV -host-id=hst_NtlSffpVlX – -i /home/ubuntu/web.pem -token=xxx

Also another query, Is starting boundary as a systemctl process same as using boundary server or is there a difference if we want to use it in production environment?

We recommend using some kind of init system to manage Boundary if you’re running it as a long running process. Examples such as sysinit V, systemd, etc., would all fit into that category. We have an example of systemd in our docs since it’s the most modern.

1 Like