@Tim Malone has joined the channel
@xluffy has joined the channel
@Mike Nock has joined the channel
@Leo Starcevic has joined the channel
Hey guys!! Awesome work with the bastion container, but I have one issue, when building the image myself it won’t run, I get
Initializing ssh-audit - Enabling SSH Audit Logs Password: chsh: PAM: Authentication token manipulation error FATAL: Failed to initializeInitializing ssh-audit - Enabling SSH Audit Logs Password: chsh: PAM: Authentication token manipulation error FATAL: Failed to initialize
Using the image from docker hub works fine though, any idea what could be wrong?
Hrmmm… not sure off the top of my head
Seems to be passwd related which is why the chsh error is emitted
Where are you running the container?
aws, but I tried locally on my ubuntu machine as well, same error
How are you invoking it?
When you use our version, how are you referencing the image? With a release tag or latest?
docker run -p 1234:22 -d --name bastion \ -e MFA_PROVIDER=google-authenticator \ -v ~/.ssh/authorized_keys:/root/.ssh/authorized_keys \ bastion
bastion is the one I built,
cloudposse/bastion works fine though
Can you confirm it still works if you pin to the latest release?
what do you mean? that is the latest?!
My concern is “latest” might be stale or something… maybe Travis didn’t tag latest
ah ok, so
Though I think without the -228
It’s been a while since I looked at Travis for that project
0.4.4 from docker hub works fine as well
Ok very odd indeed
I am afk, but will test when I get to the office
could it be something gets a later version when I run the docker build today, 0.4.4 was built like a month ago
thanks, no rush!
Possibly - we try to pin most things down to a version
But not down to the package level
@Juan Cruz Diaz has joined the channel
@monsoon.anmol.nagpal has joined the channel
@Erik Osterman (Cloud Posse) has joined the channel
@Erik Osterman (Cloud Posse) set the channel purpose: Discuss cloudposse/bastion
@hairyhenderson has joined the channel
What’s your challenge?
so I’m having a lot less trouble than I was
the helm chart is… rusty
We are using teleport with our customers now
But we maybe able to address/fix problems in bastion
I’d looked at that, but bastion seems so much simpler
@Andriy Knysh (Cloud Posse) has joined the channel
Yes teleport is much more complicated, but also more feature rich
Bastion is quite simple by comparison
How far did you get and what’s the current problem?
sec - got pulled into a call
No worries! Just post back here when you are free. I will also be jumping on a call shortly.
ok so… the initial problem was I was constantly getting
Connection closed by authenticating user hairyhenderson 127.0.0.1 port 49698 [preauth] errors, and I couldn’t see
github-authorized-keys being called, but it turns out the commented-out env vars in the
values.yaml aren’t all the default values - specifically
SSH_AUTHORIZED_KEYS_COMMAND: "/usr/bin/github-authorized-keys" is super-important to uncomment
I’ll probably issue a PR with a bunch of updates once I’m through the learning curve
Certainly - we’ll get that approved quickly
ping me here, if you’re blocked
the helm chart was a bit complicated as I recall due to the need for initializing a shared volume in
/etc/ and running
github-authorized-keys as a sidecar
@Erik Osterman (Cloud Posse) set the channel topic: https://github.com/cloudposse/bastion
@pecigonzalo has joined the channel
@tamsky has joined the channel