#bastion (2019-03)
Discuss cloudposse/bastion
2019-03-04
@Erik Osterman (Cloud Posse) has joined the channel
@hairyhenderson has joined the channel
w00t
What’s your challenge?
so I’m having a lot less trouble than I was
the helm chart is… rusty
Haha yes
We are using teleport with our customers now
oh really!
But we maybe able to address/fix problems in bastion
I’d looked at that, but bastion seems so much simpler
@Andriy Knysh (Cloud Posse) has joined the channel
Yes teleport is much more complicated, but also more feature rich
Bastion is quite simple by comparison
How far did you get and what’s the current problem?
sec - got pulled into a call
No worries! Just post back here when you are free. I will also be jumping on a call shortly.
ok so… the initial problem was I was constantly getting Connection closed by authenticating user hairyhenderson 127.0.0.1 port 49698 [preauth] errors, and I couldn’t see github-authorized-keys being called, but it turns out the commented-out env vars in the values.yaml aren’t all the default values - specifically SSH_AUTHORIZED_KEYS_COMMAND: "/usr/bin/github-authorized-keys" is super-important to uncomment
I’ll probably issue a PR with a bunch of updates once I’m through the learning curve
Certainly - we’ll get that approved quickly
ping me here, if you’re blocked
the helm chart was a bit complicated as I recall due to the need for initializing a shared volume in /etc/ and running github-authorized-keys as a sidecar
@pecigonzalo has joined the channel
@tamsky has joined the channel
2019-03-06
@monsoon.anmol.nagpal has joined the channel
2019-03-11
@Juan Cruz Diaz has joined the channel
2019-03-15
@Leo Starcevic has joined the channel
Hey guys!! Awesome work with the bastion container, but I have one issue, when building the image myself it won’t run, I get
Initializing ssh-audit
- Enabling SSH Audit Logs
Password: chsh: PAM: Authentication token manipulation error
FATAL: Failed to initializeInitializing ssh-audit
- Enabling SSH Audit Logs
Password: chsh: PAM: Authentication token manipulation error
FATAL: Failed to initialize
Using the image from docker hub works fine though, any idea what could be wrong?
Hrmmm… not sure off the top of my head
Seems to be passwd related which is why the chsh error is emitted
Where are you running the container?
aws, but I tried locally on my ubuntu machine as well, same error
How are you invoking it?
When you use our version, how are you referencing the image? With a release tag or latest?
docker run -p 1234:22 -d --name bastion \
-e MFA_PROVIDER=google-authenticator \
-v ~/.ssh/authorized_keys:/root/.ssh/authorized_keys \
bastion
bastion is the one I built, cloudposse/bastion works fine though
Can you confirm it still works if you pin to the latest release?
what do you mean? that is the latest?!
My concern is “latest” might be stale or something… maybe Travis didn’t tag latest
ah ok, so cloudposse/bastion:0.4.4-228 ?
Though I think without the -228
It’s been a while since I looked at Travis for that project
0.4.4 from docker hub works fine as well
Ok very odd indeed
I am afk, but will test when I get to the office
could it be something gets a later version when I run the docker build today, 0.4.4 was built like a month ago
thanks, no rush!
Possibly - we try to pin most things down to a version
But not down to the package level
2019-03-18
@Mike Nock has joined the channel
2019-03-19
@xluffy has joined the channel
2019-03-20
@Tim Malone has joined the channel