#bastion (2019-03)
Discuss cloudposse/bastion
2019-03-04
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@Erik Osterman (Cloud Posse) has joined the channel
![hairyhenderson avatar](https://secure.gravatar.com/avatar/3a457dd69d8817d6a61c7dc07b348bfa.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
@hairyhenderson has joined the channel
![hairyhenderson avatar](https://secure.gravatar.com/avatar/3a457dd69d8817d6a61c7dc07b348bfa.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
w00t
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
What’s your challenge?
![hairyhenderson avatar](https://secure.gravatar.com/avatar/3a457dd69d8817d6a61c7dc07b348bfa.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
so I’m having a lot less trouble than I was
![hairyhenderson avatar](https://secure.gravatar.com/avatar/3a457dd69d8817d6a61c7dc07b348bfa.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
the helm chart is… rusty
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Haha yes
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
We are using teleport with our customers now
![hairyhenderson avatar](https://secure.gravatar.com/avatar/3a457dd69d8817d6a61c7dc07b348bfa.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
oh really!
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
But we maybe able to address/fix problems in bastion
![hairyhenderson avatar](https://secure.gravatar.com/avatar/3a457dd69d8817d6a61c7dc07b348bfa.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
I’d looked at that, but bastion seems so much simpler
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
@Andriy Knysh (Cloud Posse) has joined the channel
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Yes teleport is much more complicated, but also more feature rich
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Bastion is quite simple by comparison
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
How far did you get and what’s the current problem?
![hairyhenderson avatar](https://secure.gravatar.com/avatar/3a457dd69d8817d6a61c7dc07b348bfa.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
sec - got pulled into a call
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
No worries! Just post back here when you are free. I will also be jumping on a call shortly.
![hairyhenderson avatar](https://secure.gravatar.com/avatar/3a457dd69d8817d6a61c7dc07b348bfa.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
ok so… the initial problem was I was constantly getting Connection closed by authenticating user hairyhenderson 127.0.0.1 port 49698 [preauth]
errors, and I couldn’t see github-authorized-keys
being called, but it turns out the commented-out env vars in the values.yaml
aren’t all the default values - specifically SSH_AUTHORIZED_KEYS_COMMAND: "/usr/bin/github-authorized-keys"
is super-important to uncomment
![hairyhenderson avatar](https://secure.gravatar.com/avatar/3a457dd69d8817d6a61c7dc07b348bfa.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
I’ll probably issue a PR with a bunch of updates once I’m through the learning curve
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Certainly - we’ll get that approved quickly
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
ping me here, if you’re blocked
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
the helm chart was a bit complicated as I recall due to the need for initializing a shared volume in /etc/
and running github-authorized-keys
as a sidecar
![pecigonzalo avatar](https://avatars.slack-edge.com/2020-02-24/954674862595_11f6ff71106151c32655_72.png)
@pecigonzalo has joined the channel
![tamsky avatar](https://avatars.slack-edge.com/2019-10-31/817094217669_6e765cea39b456597957_72.jpg)
@tamsky has joined the channel
2019-03-06
![monsoon.anmol.nagpal avatar](https://secure.gravatar.com/avatar/b442bbe7f9cacb7ef450e2b24ff25f6e.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0025-72.png)
@monsoon.anmol.nagpal has joined the channel
2019-03-11
![Juan Cruz Diaz avatar](https://avatars.slack-edge.com/2019-10-29/815166113799_f394decf62a6e02cc6b9_72.jpg)
@Juan Cruz Diaz has joined the channel
2019-03-15
![Leo Starcevic avatar](https://secure.gravatar.com/avatar/7c22f8c3a7fcd1d5861409944326309e.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0002-72.png)
@Leo Starcevic has joined the channel
![Leo Starcevic avatar](https://secure.gravatar.com/avatar/7c22f8c3a7fcd1d5861409944326309e.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0002-72.png)
Hey guys!! Awesome work with the bastion container, but I have one issue, when building the image myself it won’t run, I get
Initializing ssh-audit
- Enabling SSH Audit Logs
Password: chsh: PAM: Authentication token manipulation error
FATAL: Failed to initializeInitializing ssh-audit
- Enabling SSH Audit Logs
Password: chsh: PAM: Authentication token manipulation error
FATAL: Failed to initialize
Using the image from docker hub works fine though, any idea what could be wrong?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Hrmmm… not sure off the top of my head
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Seems to be passwd related which is why the chsh error is emitted
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Where are you running the container?
![Leo Starcevic avatar](https://secure.gravatar.com/avatar/7c22f8c3a7fcd1d5861409944326309e.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0002-72.png)
aws, but I tried locally on my ubuntu machine as well, same error
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
How are you invoking it?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
When you use our version, how are you referencing the image? With a release tag or latest?
![Leo Starcevic avatar](https://secure.gravatar.com/avatar/7c22f8c3a7fcd1d5861409944326309e.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0002-72.png)
docker run -p 1234:22 -d --name bastion \
-e MFA_PROVIDER=google-authenticator \
-v ~/.ssh/authorized_keys:/root/.ssh/authorized_keys \
bastion
![Leo Starcevic avatar](https://secure.gravatar.com/avatar/7c22f8c3a7fcd1d5861409944326309e.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0002-72.png)
bastion
is the one I built, cloudposse/bastion
works fine though
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Can you confirm it still works if you pin to the latest release?
![Leo Starcevic avatar](https://secure.gravatar.com/avatar/7c22f8c3a7fcd1d5861409944326309e.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0002-72.png)
what do you mean? that is the latest?!
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
My concern is “latest” might be stale or something… maybe Travis didn’t tag latest
![Leo Starcevic avatar](https://secure.gravatar.com/avatar/7c22f8c3a7fcd1d5861409944326309e.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0002-72.png)
ah ok, so cloudposse/bastion:0.4.4-228
?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Though I think without the -228
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
It’s been a while since I looked at Travis for that project
![Leo Starcevic avatar](https://secure.gravatar.com/avatar/7c22f8c3a7fcd1d5861409944326309e.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0002-72.png)
0.4.4 from docker hub works fine as well
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Ok very odd indeed
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
I am afk, but will test when I get to the office
![Leo Starcevic avatar](https://secure.gravatar.com/avatar/7c22f8c3a7fcd1d5861409944326309e.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0002-72.png)
could it be something gets a later version when I run the docker build today, 0.4.4 was built like a month ago
![Leo Starcevic avatar](https://secure.gravatar.com/avatar/7c22f8c3a7fcd1d5861409944326309e.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0002-72.png)
thanks, no rush!
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Possibly - we try to pin most things down to a version
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
But not down to the package level
2019-03-18
![Mike Nock avatar](https://secure.gravatar.com/avatar/97bd9dab497c55b6d8d753566d1bdaaa.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0000-72.png)
@Mike Nock has joined the channel
2019-03-19
![xluffy avatar](https://secure.gravatar.com/avatar/f3405055ad5ad1d4933752b143807a49.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0014-72.png)
@xluffy has joined the channel
2019-03-20
![Tim Malone avatar](https://secure.gravatar.com/avatar/cec04d078c5af3d798433ab294657e36.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0009-72.png)
@Tim Malone has joined the channel