Conversation
1. tctl auth export now dumps both user&host keys if --type key is missing 2. created fixtures for testing key imports: they're in fixtures/trusted_clusters 3. configuration parser reads "trusted_clusters" files expecting the output of tctl auth export
- Friendly error messages when parsing configuration and establishing connection - Bugs related to "first start" vs subsequent starts (reverse tunnells added to YAML file won't be seen upon restart) - Nicer logging
`tctl auth` now treats local CAs differently from "trusted CAs": - `tctl auth ls` prints two tables: local authorities and trusted authorities. - `tctl auth export` only exports local keys Also, when showing "allowed logins" for each CA, tctl now prints "N/A" for host CAs and user-friendly "<nobody>" or "<everyone>"
`tsh` has always supported reverse tunnels via undocumented "sites" command. This commit: 1. Renames "sites" to "clusters" to be consistent with the rest of Teleport naming conventions 2. Adds --cluster flag to `tsh ssh` 3. Updates the User Manual in the documentation dir Refs #437
AKA "trusted clusters"
|
|
||
| |Concept | Description | ||
| |----------|------------ | ||
| |Node | Synonym to "server" or "computer", something one can "SSH to". A node must be running `teleport` daemon running with "node" role/service turned on. |
Contributor
|
I'll dig in more detail tomorrow |
Contributor
|
tests fail: |
Refs #450 (first error)
| if err := asrv.UpsertReverseTunnel(tunnel, 0); err != nil { | ||
| return nil, nil, trace.Wrap(err) | ||
| } | ||
| if len(cfg.ReverseTunnels) != 0 { |
Contributor
There was a problem hiding this comment.
so if there's no firstStart logic here it means there's no way for me to preconfigure tunnels and then later remove them.
| if len(fc.AuthServers) > 0 { | ||
| cfg.AuthServers = make([]utils.NetAddr, 0, len(fc.AuthServers)) | ||
| for _, as := range fc.AuthServers { | ||
| addr, err := utils.ParseAddr(as) |
Contributor
There was a problem hiding this comment.
utils.ParseAddr supports both tcp:// and simple host:port format, no need to introduce a breaking change here
Contributor
|
lgtm |
hatched
pushed a commit
to hatched/teleport-merge
that referenced
this pull request
Nov 30, 2022
* first version * Fix build * Fix * fixes * add app context * Add Navigator * more screens * add cluster * grpc * Add gateways * add node-pty * add tshd daemon * add main process quick reload * add tsh access * Use default terminal shell and add context menu (gravitational#444) * node-pty errors * Fix build process and include `tsh` in the package (gravitational#451) * Use single `package.json` config * Include `tsh` in app package * fix linux package target * add global search * fix tsc (errors) build step * Add mocks * Add logging to file (gravitational#455) * minor cleanups * Add keyboard shortcuts service (gravitational#462) * add sync statuses for teleport resources * add teleterm icon (gravitational#470) * Fix dev reloads of main process * minore bug fixes * implement auth * update webpack configs to v5 (gravitational#492) * arrange the cards evenly depending on the available space & add drag and drop (gravitational#486) * fix text truncation on tabs * Add logout and cluster removal * Add context menu to clusters (gravitational#500) * Add tabs shortcuts & open new tab basing on active tab (gravitational#495) * Make xterm understand resize sequence (gravitational#507) * use `Immer` in teleterm store (gravitational#516) * Add apps and kubes * Teleterm bugfixes (gravitational#519) * add command palette * Replace Gateways with Connections * add tc * Clean up * Add basic config service (gravitational#526) * add fonts config (gravitational#528) * Fix resize bug * Minor teleterm fixes (gravitational#531) * remove exit code checking before closing a tab * prevent closing `home` tab * Fix crashing errors * Remove Roles and Activities * Remove GlobalSearch * Add context menu to tab items (gravitational#533) * make quickIInput always visible on top * Add workspace service (gravitational#538) * Add recently opened documents to workspace (gravitational#547) * add recently opened documents to workspace * review fixes * review fixes * add `ClusterConnect` component * remove the `close` item and electron help items from the app menu (gravitational#560) * improve navigator behaviour (gravitational#565) * improve navigator behaviour * Add new connection handling * Add username to gateways * add kube connect command * Gateway should render instructions per DB protocol * Address design changes Co-authored-by: gzdunek <gzdunek@users.noreply.github.com>
hatched
pushed a commit
that referenced
this pull request
Dec 20, 2022
* first version * Fix build * Fix * fixes * add app context * Add Navigator * more screens * add cluster * grpc * Add gateways * add node-pty * add tshd daemon * add main process quick reload * add tsh access * Use default terminal shell and add context menu (#444) * node-pty errors * Fix build process and include `tsh` in the package (#451) * Use single `package.json` config * Include `tsh` in app package * fix linux package target * add global search * fix tsc (errors) build step * Add mocks * Add logging to file (#455) * minor cleanups * Add keyboard shortcuts service (#462) * add sync statuses for teleport resources * add teleterm icon (#470) * Fix dev reloads of main process * minore bug fixes * implement auth * update webpack configs to v5 (#492) * arrange the cards evenly depending on the available space & add drag and drop (#486) * fix text truncation on tabs * Add logout and cluster removal * Add context menu to clusters (#500) * Add tabs shortcuts & open new tab basing on active tab (#495) * Make xterm understand resize sequence (#507) * use `Immer` in teleterm store (#516) * Add apps and kubes * Teleterm bugfixes (#519) * add command palette * Replace Gateways with Connections * add tc * Clean up * Add basic config service (#526) * add fonts config (#528) * Fix resize bug * Minor teleterm fixes (#531) * remove exit code checking before closing a tab * prevent closing `home` tab * Fix crashing errors * Remove Roles and Activities * Remove GlobalSearch * Add context menu to tab items (#533) * make quickIInput always visible on top * Add workspace service (#538) * Add recently opened documents to workspace (#547) * add recently opened documents to workspace * review fixes * review fixes * add `ClusterConnect` component * remove the `close` item and electron help items from the app menu (#560) * improve navigator behaviour (#565) * improve navigator behaviour * Add new connection handling * Add username to gateways * add kube connect command * Gateway should render instructions per DB protocol * Address design changes Co-authored-by: gzdunek <gzdunek@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR adds:
clusterscommand fortsh--clusterflag fortshThis PR fixes & changes:
tctl auth lscommand now shows local vs "trusted" clusters.tctl auth exportuses different format for exporting CA keys, and it only exports local keys.Fixes #437
Fixes #443
Potentially Breaking Changes
tctl auth exportnow uses "known_hosts" format for both user and host CAs. Does this break exporting keys and using them with OpenSSH?Undocumented Changes
It is now possible to specify
*(wildcard) as "allowed logins" for a user CA. This is how you can say "trust every key signed by this CA". I have not documented it yet.