the boundary ssh is showing as pending . its not getting connected.
![Screenshot 2024-11-13 at 1.35.06 PM|690x499](upload://jknCbY3WS8ts7f6ap3XzEmY6wNY.png
i am using below architecture the connection from worker to backend host on native ssh working fine. but via boundary its not working.
boundary hosts read -id hst_OlJeA24zQt
Host information:
Created Time: Tue, 12 Nov 2024 18:42:30 IST
Description: Backend server #172.18.4.4
Host Catalog ID: hcst_v2z59y3F76
ID: hst_OlJeA24zQt
Name: backend_server_172.18.4.4
Type: static
Updated Time: Tue, 12 Nov 2024 18:42:30 IST
Version: 1
Scope:
ID: p_0LDZvv00Mo
Name: Landing Zone
Parent Scope ID: o_rqFFRE1zne
Type: project
Authorized Actions:
no-op
read
update
delete
Host Set IDs:
hsst_k6ZykclxXP
Attributes:
address: 172.18.4.4
boundary targets read -id ttcp_yYXWEDnGMX
Target information:
Created Time: Tue, 12 Nov 2024 18:42:35 IST
Description: Backend SSH target
Egress Worker Filter: âegressâ in â/tags/typeâ
ID: ttcp_yYXWEDnGMX
Name: backend_servers_ssh
Session Connection Limit: -1
Session Max Seconds: 28800
Type: tcp
Updated Time: Tue, 12 Nov 2024 19:54:32 IST
Version: 6
Scope:
ID: p_0LDZvv00Mo
Name: Landing Zone
Parent Scope ID: o_rqFFRE1zne
Type: project
Authorized Actions:
remove-credential-sources
read
authorize-session
add-host-sources
add-credential-sources
set-credential-sources
set-host-sources
remove-host-sources
update
delete
no-op
Host Sources:
Host Catalog ID: hcst_v2z59y3F76
ID: hsst_k6ZykclxXP
Brokered Credential Sources:
Credential Store ID: csst_LFm0JtDRVB
ID: credup_RYRQrkXvFy
Attributes:
Default Port: 22
my configs look like : azureuser@controller-0:~$ cat /etc/boundary/boundary-controller.hcl
disable_mlock = true
telemetry {
prometheus_retention_time = â24hâ
disable_hostname = true
}
controller {
name = âcontroller-controller-0â
description = âLanding Zone Boundary Controllerâ
database {
url = âpostgresql://sqladmin:@.postgres.database.azure.com:5432/boundary?sslmode=requireâ
}
}
listener âtcpâ {
address = â172.18.2.4:9200â
purpose = âapiâ
tls_disable = true
tls_cert_file = â/etc/pki/tls/boundary/cert.crtâ
tls_key_file = â/etc/pki/tls/boundary/cert.keyâ
proxy_protocol_behavior = âallow_authorizedâ
proxy_protocol_authorized_addrs = â127.0.0.1â
cors_enabled = true
cors_allowed_origins = [â*â]
}
listener âtcpâ {
address = â172.18.2.4:9201â
purpose = âclusterâ
tls_disable = true
tls_cert_file = â/etc/pki/tls/boundary/cert.crtâ
tls_key_file = â/etc/pki/tls/boundary/cert.keyâ
proxy_protocol_behavior = âallow_authorizedâ
proxy_protocol_authorized_addrs = â127.0.0.1â
}
kms âazurekeyvaultâ {
purpose = ârootâ
tenant_id = âxxxxxxxxxâ
vault_name = âboundary-vault-lz-sK8kâ
key_name = ârootâ
}
kms âazurekeyvaultâ {
purpose = âworker-authâ
tenant_id = âxxxxxxâ
vault_name = âboundary-vault-lz-sK8kâ
key_name = âworkerâ
}
kms âazurekeyvaultâ {
purpose = ârecoveryâ
tenant_id = âxxxxxxxxâ
vault_name = âboundary-vault-lz-sK8kâ
key_name = ârecoveryâ
}
azureuser@controller-0:~$
azureuser@controller-0:~ telnet 172.18.3.4 9202 Trying 172.18.3.4... Connected to 172.18.3.4. Escape character is '^]'. ^CConnection closed by foreign host. azureuser@controller-0:~
azureuser@worker-0:~$ cat /etc/boundary/boundary-worker.hcl
listener âtcpâ {
address = â172.18.3.4:9202â
purpose = âproxyâ
tls_disable = true
tls_cert_file = â/etc/pki/tls/boundary/cert.crtâ
tls_key_file = â/etc/pki/tls/boundary/cert.keyâ
# proxy_protocol_behavior = âallow_authorizedâ
# proxy_protocol_authorized_addrs = â127.0.0.1â
}
worker {
# Name attr must be unique
# public_addr = âx.x.x.xâ
name = âworker-worker-0â
description = âLanding Zone Boundary Workerâ
tags {
type = [âworkerâ, âegressâ]
}
initial_upstreams = [
â172.18.2.4â,
]
}
kms âazurekeyvaultâ {
purpose = âworker-authâ
tenant_id = âxxxxxxxxxxâ
vault_name = âboundary-vault-lz-sK8kâ
key_name = âworkerâ
}
azureuser@worker-0:~$ telnet 172.18.4.4 22
Trying 172.18.4.4âŚ
Connected to 172.18.4.4.
Escape character is â^]â.
SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.10
^C
Connection closed by foreign host.
@kishore-behera When running the connect command Boundary creates a localhost proxy to connect to which will then proxy your traffic to the worker and finally the target.
The command you show is the first step boundary connect
which creates the localhost proxy, you then need to ssh into this localhost proxy. Alternatively you can use the connect helpers to automatically ssh Connect helpers | Boundary | HashiCorp Developer