`tsh ssh` with load all CAs does not work #31339

atburke · 2023-09-01T00:07:56Z

Expected behavior:
When logged in to the root cluster of a trusted cluster pair where auth_service.load_all_cas is true, tsh ssh <leaf-node-addr> should work.

Current behavior:
tsh ssh <leaf-node-addr> fails with error direct dialing to nodes not found in inventory is not supported.

Bug details:

Teleport version: v14.0.0-alpha.2
Recreation steps: Follow tsh CA loading section of testplan

#30323 removed support for direct dialing of nodes, which was the only case where load_all_cas applied. It may make sense to also deprecate loading all CAs for tsh ssh.

Edit: Works correctly when TELEPORT_UNSTABLE_UNLISTED_AGENT_DIALING=yes in the proxy's environment.

The text was updated successfully, but these errors were encountered:

zmb3 · 2023-09-01T02:23:38Z

See also #31162

galbeniluz · 2023-10-18T14:36:12Z

Hi, we've recently upgraded our cluster to v14.0.3 and we are experiencing the same issue

atburke added bug test-plan-problem Issues which have been surfaced by running the manual release test plan labels Sep 1, 2023

atburke mentioned this issue Sep 1, 2023

Teleport 14 Test Plan #31122

Closed

lxea mentioned this issue Oct 25, 2023

TestSSHLoadAllCAs/TLS_routing_disabled flakiness #31162

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

`tsh ssh` with load all CAs does not work #31339

`tsh ssh` with load all CAs does not work #31339

atburke commented Sep 1, 2023 •

edited

Loading

zmb3 commented Sep 1, 2023

galbeniluz commented Oct 18, 2023

tsh ssh with load all CAs does not work #31339

tsh ssh with load all CAs does not work #31339

Comments

atburke commented Sep 1, 2023 • edited Loading

zmb3 commented Sep 1, 2023

galbeniluz commented Oct 18, 2023

`tsh ssh` with load all CAs does not work #31339

`tsh ssh` with load all CAs does not work #31339

atburke commented Sep 1, 2023 •

edited

Loading