Boundary authentication works fine using the command below.
boundary authenticate password -login-name=jeff -password=foofoofoo -auth-method-id=ampw_hJhJKR7YSW
Authentication information:
Account ID: apw_M6ZtEOGaVh
Auth Method ID: ampw_hJhJKR7YSW
Expiration Time: Thu, 11 Mar 2021 16:11:03 JST
Token:
at_zZgCxVE62v_s1DyENSEDpWRqV2qGw3rtKFNiqZL7v6zFs3vYdsYCjo9bJUbehtGrLNB18gBcMqMsdcbxP4QJ3f4ipQqsgZngfFnn4JWuSofAqgbSM3S
User ID: u_imVcjXxKwO
However, using the command boundary connect ssh -target-id ttcp_jQ6THiE5a6 to connect to the target causes the WebSocket dial error.
Error dialing the worker: failed to WebSocket dial: failed to send handshake request: Get "https://boundary-worker.dev.mydomain.cloud:9202/v1/proxy": tls: server selected unsupported protocol version 303
kex_exchange_identification: read: Connection reset by peer
Unsupported protocol version 303 seems to mean TLS 1.2 isn’t supported. However, I gave tls_disable = true to all the listeners in both workers and controllers hcl. I’m using NLB in AWS and the TLS gets terminated at LB. So, I can’t really understand why tls related error arise.
Any suggestions or solutions?
It’s weird that the configurations regarding TLS in Boundary Controller and Boundary Worker are exactly the same. However, the client can successfully connect and get authenticated to the Controller without TLS related error, whereas it can’t successfully connect to the Worker.