Quick setting up gravitational teleport jump box (bastion host)











up vote
0
down vote

favorite












I'm trying to setup a cluster in my virtual box according to the quickstart docs here https://gravitational.com/teleport/docs/quickstart/



I've got a problem with adding a new node to the cluster. When I run on the new node the command (gotten from auth server):
sudo teleport start --roles=node --token=TOKEN --auth-server=192.168.99.101:3025, I get the error message:



ERRO [PROC:1] Critical service ssh.node has exited with error Get https://teleport.cluster.local/v2/namespaces/default: x509: certificate signed by unknown authority, aborting. service/signals.go:148



EDIT: I tried as well the approach described in the docs https://gravitational.com/teleport/docs/admin-guide/#adding-nodes-to-the-cluster . There was the same error.






linux







share|improve this question









New contributor




Roman T is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
























    up vote
    0
    down vote

    favorite












    I'm trying to setup a cluster in my virtual box according to the quickstart docs here https://gravitational.com/teleport/docs/quickstart/



    I've got a problem with adding a new node to the cluster. When I run on the new node the command (gotten from auth server):
    sudo teleport start --roles=node --token=TOKEN --auth-server=192.168.99.101:3025, I get the error message:



    ERRO [PROC:1] Critical service ssh.node has exited with error Get https://teleport.cluster.local/v2/namespaces/default: x509: certificate signed by unknown authority, aborting. service/signals.go:148



    EDIT: I tried as well the approach described in the docs https://gravitational.com/teleport/docs/admin-guide/#adding-nodes-to-the-cluster . There was the same error.






    linux







    share|improve this question









    New contributor




    Roman T is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.






















      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      I'm trying to setup a cluster in my virtual box according to the quickstart docs here https://gravitational.com/teleport/docs/quickstart/



      I've got a problem with adding a new node to the cluster. When I run on the new node the command (gotten from auth server):
      sudo teleport start --roles=node --token=TOKEN --auth-server=192.168.99.101:3025, I get the error message:



      ERRO [PROC:1] Critical service ssh.node has exited with error Get https://teleport.cluster.local/v2/namespaces/default: x509: certificate signed by unknown authority, aborting. service/signals.go:148



      EDIT: I tried as well the approach described in the docs https://gravitational.com/teleport/docs/admin-guide/#adding-nodes-to-the-cluster . There was the same error.






      linux







      share|improve this question









      New contributor




      Roman T is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      I'm trying to setup a cluster in my virtual box according to the quickstart docs here https://gravitational.com/teleport/docs/quickstart/



      I've got a problem with adding a new node to the cluster. When I run on the new node the command (gotten from auth server):
      sudo teleport start --roles=node --token=TOKEN --auth-server=192.168.99.101:3025, I get the error message:



      ERRO [PROC:1] Critical service ssh.node has exited with error Get https://teleport.cluster.local/v2/namespaces/default: x509: certificate signed by unknown authority, aborting. service/signals.go:148



      EDIT: I tried as well the approach described in the docs https://gravitational.com/teleport/docs/admin-guide/#adding-nodes-to-the-cluster . There was the same error.






      linux




      linux






      share|improve this question









      New contributor




      Roman T is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      share|improve this question









      New contributor




      Roman T is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      share|improve this question




      share|improve this question








      edited Nov 14 at 12:29





















      New contributor




      Roman T is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      asked Nov 14 at 10:01









      Roman T

      1012




      1012




      New contributor




      Roman T is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.





      New contributor





      Roman T is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






      Roman T is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          0
          down vote













          From https://gravitational.com/teleport/docs/admin-guide/#adding-nodes-to-the-cluster paragraph "Untrusted auth servers":




          In a zero-trust environment, you must assume that an attacker can highjack the IP address of the auth server e.g. 10.0.10.5. To prevent this from happening, you need to distribute the CA certificate of the auth server to the node prior to adding it:




          # on the auth server:
          
$ tctl auth export --type=tls > ca.cert
          

          
# on the new node, prior to calling 'teleport start'
          
$ mkdir -p /var/lib/teleport
          
$ cp ca.cert /var/lib/teleport/ca.cert


          The message suggests you perhaps didn't do this yet?






          share|improve this answer





















          • I did with the same error.
            – Roman T
            Nov 14 at 12:27











          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "106"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });






          Roman T is a new contributor. Be nice, and check out our Code of Conduct.










           

          draft saved


          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f481661%2fquick-setting-up-gravitational-teleport-jump-box-bastion-host%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          0
          down vote













          From https://gravitational.com/teleport/docs/admin-guide/#adding-nodes-to-the-cluster paragraph "Untrusted auth servers":




          In a zero-trust environment, you must assume that an attacker can highjack the IP address of the auth server e.g. 10.0.10.5. To prevent this from happening, you need to distribute the CA certificate of the auth server to the node prior to adding it:




          # on the auth server:
          
$ tctl auth export --type=tls > ca.cert
          

          
# on the new node, prior to calling 'teleport start'
          
$ mkdir -p /var/lib/teleport
          
$ cp ca.cert /var/lib/teleport/ca.cert


          The message suggests you perhaps didn't do this yet?






          share|improve this answer





















          • I did with the same error.
            – Roman T
            Nov 14 at 12:27















          up vote
          0
          down vote













          From https://gravitational.com/teleport/docs/admin-guide/#adding-nodes-to-the-cluster paragraph "Untrusted auth servers":




          In a zero-trust environment, you must assume that an attacker can highjack the IP address of the auth server e.g. 10.0.10.5. To prevent this from happening, you need to distribute the CA certificate of the auth server to the node prior to adding it:




          # on the auth server:
          
$ tctl auth export --type=tls > ca.cert
          

          
# on the new node, prior to calling 'teleport start'
          
$ mkdir -p /var/lib/teleport
          
$ cp ca.cert /var/lib/teleport/ca.cert


          The message suggests you perhaps didn't do this yet?






          share|improve this answer





















          • I did with the same error.
            – Roman T
            Nov 14 at 12:27













          up vote
          0
          down vote










          up vote
          0
          down vote









          From https://gravitational.com/teleport/docs/admin-guide/#adding-nodes-to-the-cluster paragraph "Untrusted auth servers":




          In a zero-trust environment, you must assume that an attacker can highjack the IP address of the auth server e.g. 10.0.10.5. To prevent this from happening, you need to distribute the CA certificate of the auth server to the node prior to adding it:




          # on the auth server:
          
$ tctl auth export --type=tls > ca.cert
          

          
# on the new node, prior to calling 'teleport start'
          
$ mkdir -p /var/lib/teleport
          
$ cp ca.cert /var/lib/teleport/ca.cert


          The message suggests you perhaps didn't do this yet?






          share|improve this answer












          From https://gravitational.com/teleport/docs/admin-guide/#adding-nodes-to-the-cluster paragraph "Untrusted auth servers":




          In a zero-trust environment, you must assume that an attacker can highjack the IP address of the auth server e.g. 10.0.10.5. To prevent this from happening, you need to distribute the CA certificate of the auth server to the node prior to adding it:




          # on the auth server:
          
$ tctl auth export --type=tls > ca.cert
          

          
# on the new node, prior to calling 'teleport start'
          
$ mkdir -p /var/lib/teleport
          
$ cp ca.cert /var/lib/teleport/ca.cert


          The message suggests you perhaps didn't do this yet?







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 14 at 11:30









          telcoM

          14.1k11842




          14.1k11842












          • I did with the same error.
            – Roman T
            Nov 14 at 12:27


















          • I did with the same error.
            – Roman T
            Nov 14 at 12:27
















          I did with the same error.
          – Roman T
          Nov 14 at 12:27




          I did with the same error.
          – Roman T
          Nov 14 at 12:27










          Roman T is a new contributor. Be nice, and check out our Code of Conduct.










           

          draft saved


          draft discarded


















          Roman T is a new contributor. Be nice, and check out our Code of Conduct.













          Roman T is a new contributor. Be nice, and check out our Code of Conduct.












          Roman T is a new contributor. Be nice, and check out our Code of Conduct.















           


          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f481661%2fquick-setting-up-gravitational-teleport-jump-box-bastion-host%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Morgemoulin

          Image
          Morgemoulin — miejscowość i gmina — Państwo   Francja Region Grand Est Departament Moza Okręg Verdun Kod INSEE 55357 Powierzchnia 6,82 km² Populacja  (1990) • liczba ludności 75 • gęstość 11 os./km² Kod pocztowy 55400 Położenie na mapie Francji Morgemoulin 49°14′N   5°35′E / 49,233333   5,583333 Portal Francja Morgemoulin – miejscowość i gmina we Francji, w regionie Grand Est, w departamencie Moza. Według danych na rok 1990 gminę zamieszkiwało 75 osób, a gęstość zaludnienia wynosiła 11 osób/km² (wśród 2335 gmin Lotaryngii Morgemoulin plasuje się na 970. miejscu pod względem liczby ludności, natomiast pod względem powierzchni na miejscu 848.). Bibliografia | Francuski urząd statystyczny ( fr. ) . p   •   d   •   e Gminy okręgu Verdun Abaucourt-Hautecourt • Aincreville • Ambly-sur-Meuse • Amel-sur-l'Étang • Ancemont • Arrancy-sur-Crusne • Aubréville • Autré...
          Read more

          Scott Moir

          Image
          Scott Moir Tessa Virtue i Scott Moir w 2016 r. Reprezentacja   Kanada Data i miejsce urodzenia 2 września 1987 London Wzrost 180 cm Konkurencja Pary taneczne Partner sportowy Tessa Virtue Trener Marie-France Dubreuil, Patrice Lauzon, Romain Haguenauer Poprzednio: Marina Zujewa, Oleg Epstein, Igor Szpilband, Johnny Johns, Carol Moir, Paul MacIntosh, Suzanne Killing Klub Montreal International School of Skating Poprzednio: Arctic Edge FSC Ilderton Skating Club Lokalizacja treningowa Montreal Poprzednio: Canton Kitchener Rekordy życiowe ISU przed sezonem 2018/2019 Nota łączna 206,07 Igrzyska Olimpijskie 2018 Taniec krótki 83,67 Igrzyska Olimpijskie 2018 Taniec dowolny 122,40 Igrzyska Olimpijskie 2018 Dorobek medalowy Reprezentacja   Kanada Igrzyska olimpijskie Złoto Vancouver 2010 pary taneczne Złoto Pjongczang 2018 pary taneczne Złoto Pjongczang 2018 drużynowo Srebro S...
          Read more

          Souastre

          Image
          Souastre — miejscowość i gmina — Herb Państwo   Francja Region Hauts-de-France Departament Pas-de-Calais Okręg Arras Kod INSEE 62800 Powierzchnia 7,18 km² Populacja  (1990) • liczba ludności 352 • gęstość 49 os./km² Kod pocztowy 62111 Położenie na mapie Francji Souastre 50°09′N   2°34′E / 50,150000   2,566667 Portal Francja Souastre – miejscowość i gmina we Francji, w regionie Hauts-de-France, w departamencie Pas-de-Calais. Według danych na rok 1990 gminę zamieszkiwały 352 osoby, a gęstość zaludnienia wynosiła 49 osób/km² (wśród 1549 gmin regionu Nord-Pas-de-Calais Souastre plasuje się na 887. miejscu pod względem liczby ludności, natomiast pod względem powierzchni na miejscu 507.). Bibliografia | Francuski urząd statystyczny ( fr. ) . p   •   d   •   e Gminy okręgu Arras Ablain-Saint-Nazaire Ablainzevelle Acheville Achicourt Achiet-le-Grand Achiet-le-Pe...
          Read more