#bastion (2019-03)

https://github.com/cloudposse/bastion

Discuss cloudposse/bastion

2019-03-20

Tim Malone avatar
Tim Malone
11:11:48 PM

@Tim Malone has joined the channel

2019-03-19

xluffy avatar
xluffy
03:37:44 PM

@xluffy has joined the channel

2019-03-18

Mike Nock avatar
Mike Nock
06:53:26 PM

@Mike Nock has joined the channel

2019-03-15

Leo Starcevic avatar
Leo Starcevic
10:27:10 AM

@Leo Starcevic has joined the channel

Leo Starcevic avatar
Leo Starcevic

Hey guys!! Awesome work with the bastion container, but I have one issue, when building the image myself it won’t run, I get

Initializing ssh-audit
- Enabling SSH Audit Logs
Password: chsh: PAM: Authentication token manipulation error
FATAL: Failed to initializeInitializing ssh-audit
- Enabling SSH Audit Logs
Password: chsh: PAM: Authentication token manipulation error
FATAL: Failed to initialize

Using the image from docker hub works fine though, any idea what could be wrong?

Erik Osterman avatar
Erik Osterman

Hrmmm… not sure off the top of my head

Erik Osterman avatar
Erik Osterman

Seems to be passwd related which is why the chsh error is emitted

Erik Osterman avatar
Erik Osterman

Where are you running the container?

Leo Starcevic avatar
Leo Starcevic

aws, but I tried locally on my ubuntu machine as well, same error

Erik Osterman avatar
Erik Osterman

How are you invoking it?

Erik Osterman avatar
Erik Osterman

When you use our version, how are you referencing the image? With a release tag or latest?

Leo Starcevic avatar
Leo Starcevic
docker run -p 1234:22 -d --name bastion \
     -e MFA_PROVIDER=google-authenticator \
     -v ~/.ssh/authorized_keys:/root/.ssh/authorized_keys \
     bastion
Leo Starcevic avatar
Leo Starcevic

bastion is the one I built, cloudposse/bastion works fine though

Erik Osterman avatar
Erik Osterman

Can you confirm it still works if you pin to the latest release?

Leo Starcevic avatar
Leo Starcevic

what do you mean? that is the latest?!

Erik Osterman avatar
Erik Osterman

My concern is “latest” might be stale or something… maybe Travis didn’t tag latest

Leo Starcevic avatar
Leo Starcevic

ah ok, so cloudposse/bastion:0.4.4-228 ?

Erik Osterman avatar
Erik Osterman

Though I think without the -228

Erik Osterman avatar
Erik Osterman

It’s been a while since I looked at Travis for that project

Leo Starcevic avatar
Leo Starcevic

0.4.4 from docker hub works fine as well

Erik Osterman avatar
Erik Osterman

Ok very odd indeed

Erik Osterman avatar
Erik Osterman

I am afk, but will test when I get to the office

Leo Starcevic avatar
Leo Starcevic

could it be something gets a later version when I run the docker build today, 0.4.4 was built like a month ago

Leo Starcevic avatar
Leo Starcevic

thanks, no rush!

Erik Osterman avatar
Erik Osterman

Possibly - we try to pin most things down to a version

Erik Osterman avatar
Erik Osterman

But not down to the package level

2019-03-11

Juan Cruz Diaz avatar
Juan Cruz Diaz
03:10:25 PM

@Juan Cruz Diaz has joined the channel

2019-03-06

monsoon.anmol.nagpal avatar
monsoon.anmol.nagpal
11:25:29 AM

@monsoon.anmol.nagpal has joined the channel

2019-03-04

Erik Osterman avatar
Erik Osterman
04:05:28 PM

@Erik Osterman has joined the channel

Erik Osterman avatar
Erik Osterman
04:05:28 PM

@Erik Osterman set the channel purpose: Discuss cloudposse/bastion

hairyhenderson avatar
hairyhenderson
04:05:35 PM

@hairyhenderson has joined the channel

hairyhenderson avatar
hairyhenderson

w00t

Erik Osterman avatar
Erik Osterman

What’s your challenge?

hairyhenderson avatar
hairyhenderson

so I’m having a lot less trouble than I was

hairyhenderson avatar
hairyhenderson

the helm chart is… rusty

Erik Osterman avatar
Erik Osterman

Haha yes

Erik Osterman avatar
Erik Osterman

We are using teleport with our customers now

hairyhenderson avatar
hairyhenderson

oh really!

Erik Osterman avatar
Erik Osterman

But we maybe able to address/fix problems in bastion

hairyhenderson avatar
hairyhenderson

I’d looked at that, but bastion seems so much simpler

aknysh avatar
aknysh
04:07:44 PM

@aknysh has joined the channel

Erik Osterman avatar
Erik Osterman

Yes teleport is much more complicated, but also more feature rich

Erik Osterman avatar
Erik Osterman

Bastion is quite simple by comparison

Erik Osterman avatar
Erik Osterman

How far did you get and what’s the current problem?

hairyhenderson avatar
hairyhenderson

sec - got pulled into a call

Erik Osterman avatar
Erik Osterman

No worries! Just post back here when you are free. I will also be jumping on a call shortly.

hairyhenderson avatar
hairyhenderson

ok so… the initial problem was I was constantly getting Connection closed by authenticating user hairyhenderson 127.0.0.1 port 49698 [preauth] errors, and I couldn’t see github-authorized-keys being called, but it turns out the commented-out env vars in the values.yaml aren’t all the default values - specifically SSH_AUTHORIZED_KEYS_COMMAND: "/usr/bin/github-authorized-keys" is super-important to uncomment

hairyhenderson avatar
hairyhenderson

I’ll probably issue a PR with a bunch of updates once I’m through the learning curve

Erik Osterman avatar
Erik Osterman

Certainly - we’ll get that approved quickly

Erik Osterman avatar
Erik Osterman

ping me here, if you’re blocked

Erik Osterman avatar
Erik Osterman

the helm chart was a bit complicated as I recall due to the need for initializing a shared volume in /etc/ and running github-authorized-keys as a sidecar

Erik Osterman avatar
Erik Osterman
05:12:55 PM

@Erik Osterman set the channel topic: https://github.com/cloudposse/bastion

pecigonzalo avatar
pecigonzalo
05:30:41 PM

@pecigonzalo has joined the channel

tamsky avatar
tamsky
09:58:32 PM

@tamsky has joined the channel

    keyboard_arrow_up