the boundary ssh is showing as pending . its not getting connected.
boundary hosts read -id hst_OlJeA24zQt
Host information:
Created Time: Tue, 12 Nov 2024 18:42:30 IST
Description: Backend server #172.18.4.4
Host Catalog ID: hcst_v2z59y3F76
ID: hst_OlJeA24zQt
Name: backend_server_172.18.4.4
Type: static
Updated Time: Tue, 12 Nov 2024 18:42:30 IST
Version: 1
Scope:
ID: p_0LDZvv00Mo
Name: Landing Zone
Parent Scope ID: o_rqFFRE1zne
Type: project
Authorized Actions:
no-op
read
update
delete
Host Set IDs:
hsst_k6ZykclxXP
Attributes:
address: 172.18.4.4
boundary targets read -id ttcp_yYXWEDnGMX
Target information:
Created Time: Tue, 12 Nov 2024 18:42:35 IST
Description: Backend SSH target
Egress Worker Filter: “egress” in “/tags/type”
ID: ttcp_yYXWEDnGMX
Name: backend_servers_ssh
Session Connection Limit: -1
Session Max Seconds: 28800
Type: tcp
Updated Time: Tue, 12 Nov 2024 19:54:32 IST
Version: 6
Scope:
ID: p_0LDZvv00Mo
Name: Landing Zone
Parent Scope ID: o_rqFFRE1zne
Type: project
Authorized Actions:
remove-credential-sources
read
authorize-session
add-host-sources
add-credential-sources
set-credential-sources
set-host-sources
remove-host-sources
update
delete
no-op
Host Sources:
Host Catalog ID: hcst_v2z59y3F76
ID: hsst_k6ZykclxXP
Brokered Credential Sources:
Credential Store ID: csst_LFm0JtDRVB
ID: credup_RYRQrkXvFy
Attributes:
Default Port: 22
my configs look like : azureuser@controller-0:~$ cat /etc/boundary/boundary-controller.hcl
disable_mlock = true
telemetry {
prometheus_retention_time = “24h”
disable_hostname = true
}
controller {
name = “controller-controller-0”
description = “Landing Zone Boundary Controller”
database {
url = “postgresql://sqladmin:@.postgres.database.azure.com:5432/boundary?sslmode=require”
}
}
listener “tcp” {
address = “172.18.2.4:9200”
purpose = “api”
tls_disable = true
tls_cert_file = “/etc/pki/tls/boundary/cert.crt”
tls_key_file = “/etc/pki/tls/boundary/cert.key”
proxy_protocol_behavior = “allow_authorized”
proxy_protocol_authorized_addrs = “127.0.0.1”
cors_enabled = true
cors_allowed_origins = [“*”]
}
listener “tcp” {
address = “172.18.2.4:9201”
purpose = “cluster”
tls_disable = true
tls_cert_file = “/etc/pki/tls/boundary/cert.crt”
tls_key_file = “/etc/pki/tls/boundary/cert.key”
proxy_protocol_behavior = “allow_authorized”
proxy_protocol_authorized_addrs = “127.0.0.1”
}
kms “azurekeyvault” {
purpose = “root”
tenant_id = “xxxxxxxxx”
vault_name = “boundary-vault-lz-sK8k”
key_name = “root”
}
kms “azurekeyvault” {
purpose = “worker-auth”
tenant_id = “xxxxxx”
vault_name = “boundary-vault-lz-sK8k”
key_name = “worker”
}
kms “azurekeyvault” {
purpose = “recovery”
tenant_id = “xxxxxxxx”
vault_name = “boundary-vault-lz-sK8k”
key_name = “recovery”
}
azureuser@controller-0:~$
azureuser@controller-0:~ telnet 172.18.3.4 9202 Trying 172.18.3.4... Connected to 172.18.3.4. Escape character is '^]'. ^CConnection closed by foreign host. azureuser@controller-0:~
azureuser@worker-0:~$ cat /etc/boundary/boundary-worker.hcl
listener “tcp” {
address = “172.18.3.4:9202”
purpose = “proxy”
tls_disable = true
tls_cert_file = “/etc/pki/tls/boundary/cert.crt”
tls_key_file = “/etc/pki/tls/boundary/cert.key”
# proxy_protocol_behavior = “allow_authorized”
# proxy_protocol_authorized_addrs = “127.0.0.1”
}
worker {
# Name attr must be unique
# public_addr = “x.x.x.x”
name = “worker-worker-0”
description = “Landing Zone Boundary Worker”
tags {
type = [“worker”, “egress”]
}
initial_upstreams = [
“172.18.2.4”,
]
}
kms “azurekeyvault” {
purpose = “worker-auth”
tenant_id = “xxxxxxxxxx”
vault_name = “boundary-vault-lz-sK8k”
key_name = “worker”
}
azureuser@worker-0:~$ telnet 172.18.4.4 22
Trying 172.18.4.4…
Connected to 172.18.4.4.
Escape character is ‘^]’.
SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.10
^C
Connection closed by foreign host.
@kishore-behera When running the connect command Boundary creates a localhost proxy to connect to which will then proxy your traffic to the worker and finally the target.
The command you show is the first step boundary connect which creates the localhost proxy, you then need to ssh into this localhost proxy. Alternatively you can use the connect helpers to automatically ssh Connect helpers | Boundary | HashiCorp Developer