Why does boundary modify the available authentication SSH methods?

Boundary
1

Hello everyone I recently contacted the forum with an authentication problem (Authentification Failed - #10 by politehnn). Now I have discovered another strange problem. If I connect to the same server using shh via Boundary or directly, I get completely different authentication methods provided by ssh. Running ssh with the -v parameter in case of accessing directly and through the created session:

  1. BOUNDARY (ssh -vvv 127.0.0.1 35969)
    debug3: receive packet: type 6
    debug2: service_accept: ssh-userauth
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug3: send packet: type 50
    debug3: receive packet: type 51
    debug1: Authentications that can continue: publickey
    debug3: start over, passed a different list publickey

  2. ssh -vvv 10.20.5.10 22
    debug3: send packet: type 50
    debug3: receive packet: type 51
    debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
    debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
    debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
    Why does boundary modify the available authentication methods?

2

Hi @politehnn,

Assuming you’re using a TCP type target, Boundary has no visibility into SSH at all, it is simply acting as a TCP relay. My only guess at the moment would be that perhaps you have values in your SSH config file (on the client side) for 127.0.0.1 that are causing the discrepancy (or vice versa, config values that apply to the 10.20.5.10 address).