Fix OpenSSH EICE nodes connections by Joerger · Pull Request #59928 · gravitational/teleport

Joerger · 2025-10-03T21:06:24Z

Changelog: Fix a bug where OpenSSH EICE node connections would fail.

In #58700, we mistakenly began to require AgentlessSigner to be set for OpenSSH EICE node before it is actually set.

… EICE nodes.

zmb3 · 2025-10-03T22:23:48Z

Can we write a test that would have caught this bug?

I added a basic test for CheckDefaults. I'm not sure about adding a more in-depth test (e.g. fully mocked EICE flow in an integration test) given that the EICE flow is deprecated.

espadolini · 2025-10-06T09:26:06Z

 	}
-	if s.TargetServer.IsOpenSSHNode() {
+	switch s.TargetServer.GetSubKind() {
+	case types.SubKindTeleportNode:


Should we add a "" case too just to be safe? I'm not sure we enforce that the subkind must be "teleport" for regular node heartbeats.

Suggested change

case types.SubKindTeleportNode:

case types.SubKindTeleportNode, "":

SubKind() defaults to Teleport Node if unset:

teleport/api/types/server.go

Lines 178 to 182 in 5e2b4a7

func (s *ServerV2) GetSubKind() string {

// if the server is a node subkind isn't set, this is a teleport node.

if s.Kind == KindNode && s.SubKind == "" {

return SubKindTeleportNode

}

Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com>

marcoandredinis

Just tested this and it works 👍

backport-bot-workflows · 2025-10-07T17:05:30Z

@Joerger See the table below for backport results.

Branch	Result
branch/v16	Failed
branch/v17	Failed
branch/v18	Failed

* Don't require agentless signer during CheckAndSetDefaults for OpenSSH EICE nodes. * Add CheckDefaults test. * Update lib/reversetunnel/local_cluster.go Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com> --------- Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com>

* Don't require agentless signer during CheckAndSetDefaults for OpenSSH EICE nodes. * Add CheckDefaults test. * Update lib/reversetunnel/local_cluster.go --------- Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com>

* Don't require agentless signer during CheckAndSetDefaults for OpenSSH EICE nodes. * Add CheckDefaults test. * Update lib/reversetunnel/local_cluster.go Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com> --------- Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com>

Joerger added backport/branch/v16 backport/branch/v17 backport/branch/v18 labels Oct 3, 2025

github-actions bot added the size/sm label Oct 3, 2025

github-actions bot requested review from danielashare and espadolini October 3, 2025 21:07

Don't require agentless signer during CheckAndSetDefaults for OpenSSH…

b4f6629

… EICE nodes.

Joerger force-pushed the joerger/fix-eice-connections branch from b063fad to b4f6629 Compare October 3, 2025 21:07

zmb3 reviewed Oct 3, 2025

View reviewed changes

Add CheckDefaults test.

3d544a2

espadolini approved these changes Oct 6, 2025

View reviewed changes

Update lib/reversetunnel/local_cluster.go

cc552fb

Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com>

Joerger requested review from marcoandredinis, rosstimothy and zmb3 October 6, 2025 17:26

marcoandredinis approved these changes Oct 7, 2025

View reviewed changes

public-teleport-github-review-bot bot removed request for danielashare and rosstimothy October 7, 2025 09:01

Joerger added this pull request to the merge queue Oct 7, 2025

Merged via the queue into master with commit 1796b40 Oct 7, 2025
40 checks passed

Joerger deleted the joerger/fix-eice-connections branch October 7, 2025 17:02

Joerger mentioned this pull request Oct 9, 2025

[v18] Fix OpenSSH EICE nodes connections #60124

Merged

Joerger mentioned this pull request Oct 9, 2025

[v17] Fix OpenSSH EICE nodes connections #60125

Merged

Joerger mentioned this pull request Oct 9, 2025

[v16] Fix OpenSSH EICE nodes connections #60126

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix OpenSSH EICE nodes connections#59928

Fix OpenSSH EICE nodes connections#59928
Joerger merged 3 commits intomasterfrom
joerger/fix-eice-connections

Joerger commented Oct 3, 2025

Uh oh!

zmb3 Oct 3, 2025

Uh oh!

Joerger Oct 3, 2025 •

edited

Loading

Uh oh!

Uh oh!

espadolini Oct 6, 2025

Uh oh!

Joerger Oct 6, 2025

Uh oh!

marcoandredinis left a comment

Uh oh!

Uh oh!

backport-bot-workflows bot commented Oct 7, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

	case types.SubKindTeleportNode:
	case types.SubKindTeleportNode, "":

	func (s *ServerV2) GetSubKind() string {
	// if the server is a node subkind isn't set, this is a teleport node.
	if s.Kind == KindNode && s.SubKind == "" {
	return SubKindTeleportNode
	}

Conversation

Joerger commented Oct 3, 2025

Uh oh!

zmb3 Oct 3, 2025

Choose a reason for hiding this comment

Uh oh!

Joerger Oct 3, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

espadolini Oct 6, 2025

Choose a reason for hiding this comment

Uh oh!

Joerger Oct 6, 2025

Choose a reason for hiding this comment

Uh oh!

marcoandredinis left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

backport-bot-workflows bot commented Oct 7, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Joerger Oct 3, 2025 •

edited

Loading