2019
Oct

#bastion

Discuss cloudposse/bastion

2019-10-23

2019-10-17

julien M.

Hi, i try to use the cloudposse bastion with docker-compose but i have this error when i try to ssh connect ssh <mailto:[email protected]> -i loadServer -p 1234 [email protected]: Permission denied (publickey).

julien M.

i see this error on bastion container :

bastion_1  \| AuthorizedKeysCommand /usr/bin/github-authorized-keys jmenan failed, status 7
bastion_1  \| AuthorizedKeysCommand /usr/bin/github-authorized-keys jmenan failed, status 7
bastion_1  \| Connection closed by authenticating user jmenan x.x.x.x port 50845 [preauth]
julien M.

this is my bastion.env :

API_URL=<http<i class="em em-//gak"></i>301/user/%s/authorized_keys>
MFA_PROVIDER=google-authenticator
SSH_AUDIT_ENABLED=false
SSH_AUTHORIZED_KEYS_COMMAND=/usr/bin/github-authorized-keys
SSH_AUTHORIZED_KEYS_COMMAND_USER=root
LOGLEVEL=DEBUG
julien M.

and my gak.env

GITHUB_API_TOKEN=xxx
GITHUB_ORGANIZATION=xxx
GITHUB_TEAM=ssh
SYNC_USERS_GID=500
SYNC_USERS_GROUPS=sudo
SYNC_USERS_SHELL=/bin/bash
SYNC_USERS_ROOT=/
SYNC_USERS_INTERVAL=30
ETCD_ENDPOINT=<http<i class="em em-//etcd"></i>2379>
ETCD_TTL=30
ETCD_PREFIX=github-authorized-keys
LISTEN=:301
INTEGRATE_SSH=true
LOG_LEVEL=debug
LINUX_USER_ADD_TPL=adduser -D -s {shell} {username}
LINUX_USER_ADD_WITH_GID_TPL=adduser -D -s {shell} -u {gid} {username}
LINUX_USER_ADD_TO_GROUP_TPL=addgroup {group}
SSH_AUTHORIZED_KEYS_COMMAND_USER=root
SSH_RESTART_TPL=echo "/usr/sbin/service ssh force-reload"

We’re experiencing pretty much the same issue

2019-10-15

guigo2k

after working fine for several months, bastion is now showing error {"job"<i class="em em-"syncUsers","level""></i>"error","msg":"Access denied","subsystem"<i class="em em-"jobs","time""></i>"2019-10-15T12<i class="em em-17"></i>08Z"}

guigo2k
cloudposse/bastion

Secure Bastion implemented as Docker Container running Alpine Linux with Google Authenticator & DUO MFA support - cloudposse/bastion

guigo2k

any ideas?

Erik Osterman

Github rate limits?

Erik Osterman

Github token revoked

2019
Oct
    keyboard_arrow_up