#bastion (2019-10)

https://github.com/cloudposse/bastion

Discuss cloudposse/bastion

2019-10-23

2019-10-17

julien M. avatar
julien M.

Hi, i try to use the cloudposse bastion with docker-compose but i have this error when i try to ssh connect ssh [[email protected]](mailto:[email protected]\.xxx\.xxx\.xxx) -i loadServer -p 1234 [email protected]: Permission denied (publickey).

julien M. avatar
julien M.

i see this error on bastion container :

bastion_1  | AuthorizedKeysCommand /usr/bin/github-authorized-keys jmenan failed, status 7
bastion_1  | AuthorizedKeysCommand /usr/bin/github-authorized-keys jmenan failed, status 7
bastion_1  | Connection closed by authenticating user jmenan x.x.x.x port 50845 [preauth]
julien M. avatar
julien M.

this is my bastion.env :

API_URL=<http://gak:301/user/%s/authorized_keys>
MFA_PROVIDER=google-authenticator
SSH_AUDIT_ENABLED=false
SSH_AUTHORIZED_KEYS_COMMAND=/usr/bin/github-authorized-keys
SSH_AUTHORIZED_KEYS_COMMAND_USER=root
LOGLEVEL=DEBUG
julien M. avatar
julien M.

and my gak.env

GITHUB_API_TOKEN=xxx
GITHUB_ORGANIZATION=xxx
GITHUB_TEAM=ssh
SYNC_USERS_GID=500
SYNC_USERS_GROUPS=sudo
SYNC_USERS_SHELL=/bin/bash
SYNC_USERS_ROOT=/
SYNC_USERS_INTERVAL=30
ETCD_ENDPOINT=<http://etcd:2379>
ETCD_TTL=30
ETCD_PREFIX=github-authorized-keys
LISTEN=:301
INTEGRATE_SSH=true
LOG_LEVEL=debug
LINUX_USER_ADD_TPL=adduser -D -s {shell} {username}
LINUX_USER_ADD_WITH_GID_TPL=adduser -D -s {shell} -u {gid} {username}
LINUX_USER_ADD_TO_GROUP_TPL=addgroup {group}
SSH_AUTHORIZED_KEYS_COMMAND_USER=root
SSH_RESTART_TPL=echo "/usr/sbin/service ssh force-reload"
cjbrignac000 avatar
cjbrignac000

We’re experiencing pretty much the same issue

2019-10-15

guigo2k avatar
guigo2k

after working fine for several months, bastion is now showing error {"job":"syncUsers","level":"error","msg":"Access denied","subsystem":"jobs","time":"2019-10-15T12:17:08Z"}

guigo2k avatar
guigo2k
cloudposse/bastion

Secure Bastion implemented as Docker Container running Alpine Linux with Google Authenticator & DUO MFA support - cloudposse/bastion

guigo2k avatar
guigo2k

any ideas?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Github rate limits?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Github token revoked

    keyboard_arrow_up