Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Address of proxy host is not set correctly in output of 'teleport status' or SSH_SESSION_WEBPROXY_ADDR environment variable #3217

Closed
webvictim opened this issue Dec 16, 2019 · 7 comments · Fixed by #18579
Closed

Address of proxy host is not set correctly in output of 'teleport status' or SSH_SESSION_WEBPROXY_ADDR environment variable #3217

webvictim opened this issue Dec 16, 2019 · 7 comments · Fixed by #18579
Labels
bug c-ab Internal Customer Reference c-m Internal Customer Reference c-vx Internal Customer Reference good-starter-issue Good starter issue to start contributing to Teleport qol-s Quality of Life - Small
Milestone
Runway Milestone

Comments

@webvictim
Copy link
Contributor

What happened: When logging into a server via tsh and running teleport status, the proxy host address is not set correctly - it appears as <proxyhost>:3080 (which appears to be the default value) instead of example.gravitational.co:3080:

$ teleport status
User ID     : gus@gravitational.com, logged in as root from 1.2.3.4 41152 3022
Cluster Name: example.gravitational.co
Host UUID   : b2a41144-77c5-41cc-9706-a957b4ee3dca
Session ID  : 732bd7eb-<redacted>
Session URL : https://<proxyhost>:3080/web/cluster/example.gravitational.co/node/b2a41144-77c5-41cc-9706-a957b4ee3dca/root/732bd7eb-<redacted>

This issue means that sharing the link to join the session with other users will not work as intended.

The SSH_SESSION_WEBPROXY_ADDR is also set incorrectly:

$ env | grep SSH_SESSION_WEBPROXY_ADDR
SSH_SESSION_WEBPROXY_ADDR=<proxyhost>:3080

The Teleport config file does specify the correct public_addr for the cluster:

teleport:
  log:
    output: stderr
    severity: DEBUG
  data_dir: /var/lib/teleport
  storage:
    type: dir

auth_service:
  enabled: true
  license_file: /var/lib/license/license.pem
  authentication:
    type: oidc
  public_addr: example.gravitational.co:3025
  cluster_name: example.gravitational.co

ssh_service:
  enabled: yes
  labels:
    environment: demo
    role: auth
  commands:
  - command:
    - uptime
    - -p
    name: uptime
    period: 1m
  - command:
    - uname
    - -r
    name: kernel
    period: 1h

proxy_service:
  enabled: true
  public_addr: example.gravitational.co:3080
  ssh_public_addr: example.gravitational.co:3023
  web_listen_addr: 0.0.0.0:3080
  listen_addr: 0.0.0.0:3023
  https_key_file: /var/lib/certs/privkey.pem
  https_cert_file: /var/lib/certs/fullchain.pem
  kubernetes:
    enabled: true
    listen_addr: 0.0.0.0:3026
    public_addr: example.gravitational.co:3026

What you expected to happen: Both the output of teleport status and the SSH_SESSION_WEBPROXY_ADDR environment variable should contain the correct hostname to access the proxy.

How to reproduce it (as minimally and precisely as possible): Set up a Teleport cluster using a similar config to that shown here, log into a host and see that that the output of teleport status is not set correctly.

Environment:

  • Teleport version (use teleport version): Teleport Enterprise v4.1.2git:v4.1.2-0-g7886df10 go1.12.1
  • Tsh version (use tsh version): Teleport v4.1.4 git:v4.1.4-0-gc487a75c go1.13.2
  • OS (e.g. from /etc/os-release): Fedora 30
@webvictim webvictim added the bug label Dec 16, 2019
@russjones russjones mentioned this issue Apr 30, 2020
Closed
@webvictim
Copy link
Contributor Author

Related to < proxyhost >

@benarent benarent added OpenSSH For customers using Teleport and OpenSSH qol-s Quality of Life - Small and removed OpenSSH For customers using Teleport and OpenSSH labels Jul 10, 2020
@aelkugia aelkugia added the c-m Internal Customer Reference label Sep 17, 2020
@travelton
Copy link
Contributor

If you run teleport start with no configuration, an SSH session within this cluster will report a correct Session URL (the value is replaced with the proxy public address). However, if you run teleport start -c teleport.yaml (using a defined configuration file) the Session URL value includes the <proxyhost>:3080 value.

This was referenced Nov 14, 2020
Merged
Closed
@russjones russjones modified the milestones: 6.0 "San Diego", 6.1 Jan 26, 2021
@russjones russjones modified the milestones: 6.1, Runway Milestone Feb 3, 2021
@travelton travelton added the c-ab Internal Customer Reference label Mar 4, 2021
@russjones russjones added the good-starter-issue Good starter issue to start contributing to Teleport label Mar 4, 2021
@Valien
Copy link
Contributor

Valien commented Mar 10, 2021

Also, if using Teleport Cloud the 3080 will probably need to be removed/changed since the Teleport Cloud runs off 443 vs 3080.

@webvictim webvictim mentioned this issue Jun 29, 2021
Closed
@webvictim
Copy link
Contributor Author

This is still not working.

gus@zeus:~$ teleport status
User ID     : webvictim, logged in as gus from 192.168.64.1 55512 40046
Cluster Name: teleport.example.com
Host UUID   : 6c3161e1-828d-4573-90e2-...
Session ID  : ccf6f6a8-f11d-472f-b471-...
Session URL : https://<proxyhost>:3080/web/cluster/teleport.example.com/node/6c3161e1-828d-4573-90e2-.../gus/ccf6f6a8-f11d-472f-b471-....

gus@zeus:~$ teleport version
Teleport v7.1.0 git:v7.1.0-0-gb52a7d89f go1.16.2

@russjones russjones removed the good-starter-issue Good starter issue to start contributing to Teleport label Nov 19, 2021
@webvictim
Copy link
Contributor Author

Still not working, although the session URL has now changed...

gus@zeus:~$ teleport status
User ID     : webvictim, logged in as gus from 192.168.64.1 64291 55418
Cluster Name: teleport.example.com
Host UUID   : 6c3161e1-828d-4573-90e2-...
Session ID  : 3a975b4b-7704-476c-8f21-...
Session URL : https://<proxyhost>:3080/web/cluster/teleport.example.com/console/session/3a975b4b-7704-476c-8f21-...

gus@zeus:~$ teleport version
Teleport v9.0.1 git:v9.0.1-0-g7bbe6f1 go1.17.7

@Erick-Reyes Erick-Reyes added the c-vx Internal Customer Reference label Jul 25, 2022
@Erick-Reyes
Copy link
Contributor

I have another customer facing the same.

[user@example ~]$ teleport status
User ID     : user@example.com, logged in as user from 100.91.134.92 49260 53850
Cluster Name: teleport.example.com
Host UUID   : dcaeaabe-879a-4f62-b08b-...
Session ID  : e23861cf-bbe5-42de-bb6c-...
Session URL : https://<proxyhost>:3080/web/cluster/teleport.example.com/console/session/e23861cf-bbe5-42de-bb6c-...

[user@example ~]$ teleport version
Teleport Enterprise v10.0.2 git:v10.0.2-0-g47e0914 go1.18.3

@r0mant r0mant added the good-starter-issue Good starter issue to start contributing to Teleport label Aug 3, 2022
@r0mant
Copy link
Collaborator

r0mant commented Aug 3, 2022

Nodes do not have permissions to query proxy resources so they can't fetch proxy advertise address. We can add this information to auth server's ping endpoint instead and have the nodes query it this way.

@Joerger Joerger mentioned this issue Nov 17, 2022
Merged
@webvictim webvictim mentioned this issue May 25, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug c-ab Internal Customer Reference c-m Internal Customer Reference c-vx Internal Customer Reference good-starter-issue Good starter issue to start contributing to Teleport qol-s Quality of Life - Small
Projects
None yet
Milestone
Runway Milestone
Development

Successfully merging a pull request may close this issue.

Provide proxy address when beginning a node session gravitational/teleport
8 participants
@travelton @r0mant @benarent @webvictim @Valien @russjones @aelkugia @Erick-Reyes