Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSH via Intellij products on Windows does not work #46024

Open
rosstimothy opened this issue Aug 29, 2024 · 3 comments
Open

SSH via Intellij products on Windows does not work #46024

rosstimothy opened this issue Aug 29, 2024 · 3 comments
Labels
bug server-access

Comments

@rosstimothy
Copy link
Contributor

rosstimothy commented Aug 29, 2024
edited
Loading

SSH connections do work when established outside of IntelliJ products on Windows:

C:\Users\Administrator> tsh config > ssh.config
C:\Users\Administrator> ssh -F ssh.config [email protected] uptime
 8:58  up 9 days, 14:12, 6 users, load averages: 1.10 1.71 1.79

However, attempting to use the same configuration within IntelliJ products fails:
Screenshot 2024-08-29 at 9 01 45 AM

Node logs show that a connection is being attempted, but closed prior to the SSH handshake completing:

2024-08-29T09:01:41-04:00 DEBU [NODE:RESU] Proceeding with connection resumption exchange. pid:71726.1 resumption/server_detect.go:236
2024-08-29T09:01:41-04:00 INFO [NODE:RESU] Handling new resumable SSH connection. pid:71726.1 resumption/server_exchange.go:91
2024-08-29T09:01:41-04:00 INFO [NODE:RESU] Handing resumable connection to the SSH server. pid:71726.1 resumption/server_exchange.go:135
2024-08-29T09:01:41-04:00 DEBU [NODE:RESU] "Handling new resumable connection: read loop\n\treading ack\n\t\tEOF" pid:71726.1 resumption/server_exchange.go:143
IntelliJ Logs 
2024-08-29 13:03:23,141 [55708485]   WARN - #c.i.o.u.WindowStateService - cannot find a project frame for ProjectDefault (Template) Project
2024-08-29 13:03:23,141 [55708485]   WARN - #c.i.o.u.WindowStateService - cannot find a project frame for ProjectDefault (Template) Project
2024-08-29 13:03:36,896 [55722240]   FINE - #c.i.s.c.OpenSshConfigViaToolService - stderr of ssh -G -vvv tunnel.vanbergh.teleport.sh:
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
debug1: Reading configuration data C:\\Users\\Administrator/.ssh/config
debug1: C:\\Users\\Administrator/.ssh/config line 1: Applying options for *.vanbergh.teleport.sh
debug1: C:\\Users\\Administrator/.ssh/config line 8: Applying options for *.vanbergh.teleport.sh
debug3: Failed to open file:C:/ProgramData/ssh/ssh_config error:2
Pseudo-terminal will not be allocated because stdin is not a terminal.

2024-08-29 13:03:36,896 [55722240]  FINER - #c.i.s.c.OpenSshConfigViaToolService - stdout of ssh -G -vvv tunnel.vanbergh.teleport.sh:
user administrator
hostname tunnel.vanbergh.teleport.sh
port 3022
addkeystoagent false
addressfamily any
batchmode no
canonicalizefallbacklocal yes
canonicalizehostname false
challengeresponseauthentication yes
checkhostip yes
compression no
controlmaster false
enablesshkeysign no
clearallforwardings no
exitonforwardfailure no
fingerprinthash SHA256
forwardagent no
forwardx11 no
forwardx11trusted no
gatewayports no
gssapiauthentication no
gssapidelegatecredentials no
hashknownhosts no
hostbasedauthentication no
identitiesonly no
kbdinteractiveauthentication yes
nohostauthenticationforlocalhost no
passwordauthentication yes
permitlocalcommand no
proxyusefdpass no
pubkeyauthentication yes
requesttty auto
streamlocalbindunlink no
stricthostkeychecking ask
tcpkeepalive yes
tunnel false
verifyhostkeydns false
visualhostkey no
updatehostkeys false
canonicalizemaxdots 1
connectionattempts 1
forwardx11timeout 1200
numberofpasswordprompts 3
serveralivecountmax 3
serveraliveinterval 0
ciphers [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
hostkeyalgorithms [email protected],[email protected],[email protected]
hostbasedkeytypes [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
kexalgorithms curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
casignaturealgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
loglevel DEBUG3
macs [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
pubkeyacceptedkeytypes [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
xauthlocation /usr/X11R6/bin/xauth
identityfile C:\Users\Administrator\AppData\Roaming\Teleport Connect\tsh\keys\vanbergh.teleport.sh\rosstimothy
canonicaldomains
certificatefile C:\Users\Administrator\AppData\Roaming\Teleport Connect\tsh\keys\vanbergh.teleport.sh\rosstimothy-ssh\vanbergh.teleport.sh-cert.pub
globalknownhostsfile __PROGRAMDATA__\ssh/ssh_known_hosts __PROGRAMDATA__\ssh/ssh_known_hosts2
userknownhostsfile C:\Users\Administrator\AppData\Roaming\Teleport Connect\tsh\known_hosts
connecttimeout 15000000
tunneldevice any:any
controlpersist no
escapechar ~
ipqos af21 cs1
rekeylimit 0 0
streamlocalbindmask 0177
syslogfacility USER
proxycommand "C:\Users\Administrator\AppData\Local\Programs\teleport-connect\resources\bin\tsh.exe" proxy ssh -d --no-no-resume --cluster=vanbergh.teleport.sh --proxy=vanbergh.teleport.sh:443 %r@%h:%p

2024-08-29 13:03:36,896 [55722240]   FINE - #c.i.s.c.OpenSshConfigViaToolService - ssh -G -vvv tunnel.vanbergh.teleport.sh executed in PT0.1016385S
2024-08-29 13:03:36,896 [55722240]   FINE - #c.i.s.c.SshConnectionConfig - Change after applying remote credentials for host tunnel.vanbergh.teleport.sh:
  user: administrator
     -> tim
2024-08-29 13:03:36,896 [55722240]   FINE - #c.i.s.c.SshConnectionConfigService - Change after replacing %-tokens for host tunnel.vanbergh.teleport.sh:
  proxyConfig: Command(command="C:\Users\Administrator\AppData\Local\Programs\teleport-connect\resources\bin\tsh.exe" proxy ssh -d --no-no-resume --cluster=vanbergh.teleport.sh --proxy=vanbergh.teleport.sh:443 %r@%h:%p)
            -> Command(command="C:\Users\Administrator\AppData\Local\Programs\teleport-connect\resources\bin\tsh.exe" proxy ssh -d --no-no-resume --cluster=vanbergh.teleport.sh --proxy=vanbergh.teleport.sh:443 [email protected]:3022)
2024-08-29 13:03:36,896 [55722240]   FINE - #c.i.s.i.SshConnection - Checking that can authenticate [email protected]:3022
2024-08-29 13:03:36,896 [55722240]   INFO - net.schmizz.sshj.transport.random.JCERandom - Creating new SecureRandom.
2024-08-29 13:03:36,896 [55722240]   FINE - #c.i.s.i.s.sshj - Full connection config:
  authMethods: PublicKey(privateKeys=[C:\Users\Administrator\AppData\Roaming\Teleport Connect\tsh\keys\vanbergh.teleport.sh\rosstimothy], agent=ALL), Password, KeyboardInteractive
  ciphers: [[email protected], aes128-ctr, aes192-ctr, aes256-ctr, [email protected], [email protected]]
  compression: false
  connectTimeout: PT10S
  environmentVariables: []
  forwardAgent: false
  host: tunnel.vanbergh.teleport.sh
  hostKeyAlgorithms: [[email protected], [email protected], [email protected]]
  hostKeyVerifier: OpenSSH-like host key verifier (knownHostsFile=[C:\Users\Administrator\AppData\Roaming\Teleport, C:\Users\Administrator\Desktop\Connect\tsh\known_hosts, C:\Users\Administrator\Desktop\__PROGRAMDATA__\ssh\ssh_known_hosts, C:\Users\Administrator\Desktop\__PROGRAMDATA__\ssh\ssh_known_hosts2], strictHostKeyChecking=ASK, hashKnownHosts=false)
  identityAgent: null
  initialLocalTcpForwardings: []
  initialRemoteTcpForwardings: []
  kexAlgorithms: [curve25519-sha256, [email protected], ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1]
  macs: [[email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], hmac-sha2-256, hmac-sha2-512, hmac-sha1]
  port: 3022
  proxyConfig: Command(command="C:\Users\Administrator\AppData\Local\Programs\teleport-connect\resources\bin\tsh.exe" proxy ssh -d --no-no-resume --cluster=vanbergh.teleport.sh --proxy=vanbergh.teleport.sh:443 [email protected]:3022)
  serverAlive: null
  user: tim
  x11Forwarding: null
2024-08-29 13:03:36,915 [55722259]   FINE - #c.i.s.i.s.sshj - Delegating connection to non-default socket factory com.intellij.ssh.ProxyCommandSocketFactory@42dbbaf3
2024-08-29 13:03:36,928 [55722272]   INFO - #c.i.s.ProxyCommand - ProxyCommand for tunnel.vanbergh.teleport.sh:3022: "C:\Users\Administrator\AppData\Local\Programs\teleport-connect\resources\bin\tsh.exe" proxy ssh -d --no-no-resume --cluster=vanbergh.teleport.sh --proxy=vanbergh.teleport.sh:443 [email protected]:3022
2024-08-29 13:03:36,928 [55722272]   INFO - #c.i.s.ProxyCommand - Started ProxyCommand for tunnel.vanbergh.teleport.sh:3022: Process[pid=3556, exitValue="not exited"]
2024-08-29 13:03:36,928 [55722272]   INFO - #c.i.s.i.s.sshj - Client identity string: SSH-2.0-IntelliJ__GoLand_GO-242.20224.424__SSHJ_0.38.1_SNAPSHOT
2024-08-29 13:03:37,666 [55723010]   INFO - #c.i.s.i.s.sshj - Server identity string: SSH-2.0-Teleport
2024-08-29 13:03:37,991 [55723335]   FINE - c.i.s.i.s.PlatformAuthPublickey - Attempting authentication using PKCS8KeyFile{resource=[PrivateKeyFileResource] C:\Users\Administrator\AppData\Roaming\Teleport Connect\tsh\keys\vanbergh.teleport.sh\rosstimothy}
2024-08-29 13:03:37,991 [55723335]   FINE - #c.i.s.i.s.sshj - The IDE decided to disconnect the SSH session com.intellij.ssh.impl.sshj.PlatformSSHClient@463b96d9
java.lang.Exception
	at com.intellij.ssh.impl.sshj.PlatformSSHClient.disconnect(SshjConnectionUtil.kt:599)
	at com.intellij.ssh.impl.sshj.SshjConnectionUtilKt.setUpSessionForSshJ(SshjConnectionUtil.kt:239)
	at com.intellij.ssh.impl.SshConnection.doSshjSshConnection(SshConnection.kt:293)
	at com.intellij.ssh.impl.SshConnection.access$doSshjSshConnection(SshConnection.kt:33)
	at com.intellij.ssh.impl.SshConnection$createSshSessionForSshj$1.invoke(SshConnection.kt:286)
	at com.intellij.ssh.impl.SshConnection$createSshSessionForSshj$1.invoke(SshConnection.kt:283)
	at com.intellij.ssh.Ssh.wrapBlockingSshCall(ssh.kt:396)
	at com.intellij.ssh.Ssh.wrapBlockingSshCall$default(ssh.kt:377)
	at com.intellij.ssh.impl.SshConnection.createSshSessionForSshj(SshConnection.kt:283)
	at com.intellij.ssh.impl.SshConnection.access$createSshSessionForSshj(SshConnection.kt:33)
	at com.intellij.ssh.impl.SshConnection$checkCanAuthenticate$1.invoke(SshConnection.kt:222)
	at com.intellij.ssh.impl.SshConnection$checkCanAuthenticate$1.invoke(SshConnection.kt:217)
	at com.intellij.ssh.Ssh.wrapBlockingSshCall(ssh.kt:396)
	at com.intellij.ssh.Ssh.wrapBlockingSshCall$default(ssh.kt:377)
	at com.intellij.ssh.impl.SshConnection.checkCanAuthenticate(SshConnection.kt:217)
	at com.intellij.ssh.SshConnectionService.checkCanAuthenticate(SshConnectionService.kt:212)
	at com.intellij.ssh.Ssh.checkCanAuthenticate(ssh.kt:264)
	at com.intellij.ssh.Ssh.access$checkCanAuthenticate(ssh.kt:1)
	at com.intellij.ssh.ConnectionBuilder.checkCanAuthenticate(ssh.kt:109)
	at com.intellij.ssh.ui.unified.SshCredentialsEditorEx$1.lambda$actionPerformed$0(SshCredentialsEditorEx.java:68)
	at com.intellij.openapi.application.impl.AnyThreadWriteThreadingSupport$executeOnPooledThread$1.run(AnyThreadWriteThreadingSupport.kt:134)
	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:572)
	at com.intellij.util.concurrency.ContextCallable.call(ContextCallable.java:32)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317)
	at com.intellij.util.concurrency.ContextRunnable.run(ContextRunnable.java:27)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
	at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1$1.run(Executors.java:735)
	at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1$1.run(Executors.java:732)
	at java.base/java.security.AccessController.doPrivileged(AccessController.java:400)
	at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1.run(Executors.java:732)
	at java.base/java.lang.Thread.run(Thread.java:1583)
2024-08-29 13:03:37,991 [55723335]   INFO - #c.i.s.i.s.sshj - Disconnected - BY_APPLICATION
2024-08-29 13:03:37,991 [55723335]   INFO - #c.i.s.ProxyCommand - End of Process[pid=3556, exitValue=1] stderr: 
2024-08-29T13:03:37Z INFO [CLIENT]    ALPN connection upgrade required for "vanbergh.teleport.sh:443": false. client\api.go:831
2024-08-29T13:03:37Z WARN [CLIENT]    [KEY AGENT] Unable to connect to SSH agent on socket "": open \\.\pipe\openssh-ssh-agent: The system cannot find the file specified. client\api.go:4576
2024-08-29T13:03:37Z DEBU [KEYSTORE]  Reading certificates from path "C:\\Users\\Administrator\\.tsh\\keys\\vanbergh.teleport.sh\\rosstimothy-ssh\\vanbergh.teleport.sh-cert.pub". client\keystore.go:357
2024-08-29T13:03:37Z DEBU [KEYSTORE]  Teleport TLS certificate valid until "2024-08-29 20:30:47 +0000 UTC". client\client_store.go:118
2024-08-29T13:03:37Z INFO [KEYAGENT]  Loading SSH key for user "rosstimothy" and cluster "vanbergh.teleport.sh". client\keyagent.go:198
2024-08-29T13:03:37Z DEBU [KEYSTORE]  Teleport TLS certificate valid until "2024-08-29 20:30:47 +0000 UTC". client\client_store.go:118
2024-08-29T13:03:37Z DEBU [KEYSTORE]  Teleport TLS certificate valid until "2024-08-29 20:30:47 +0000 UTC". client\client_store.go:118
2024-08-29T13:03:37Z DEBU [KEYSTORE]  Teleport TLS certificate valid until "2024-08-29 20:30:47 +0000 UTC". client\client_store.go:118
2024-08-29T13:03:37Z DEBU [KEYSTORE]  Teleport TLS certificate valid until "2024-08-29 20:30:47 +0000 UTC". client\client_store.go:118
2024-08-29T13:03:37Z DEBU [KEYSTORE]  Teleport TLS certificate valid until "2024-08-29 20:30:47 +0000 UTC". client\client_store.go:118
2024-08-29T13:03:37Z DEBU  attaching new resumable connection trace_id:b6308abffda54a4634bc9f49b81aef3f span_id:b525bbf5e59e9343 resumption/client.go:284
2024-08-29 13:03:38,025 [55723369]   WARN - #c.i.s.ProxyCommand - Process[pid=3556, exitValue=1] exited with code 1

Disabling session resumption causes logs on the node to be slightly different, but still point to the SSH connection being terminated by IntelliJ.

2024-08-29T09:09:47-04:00 DEBU [PROXY:AGE] Transport request: teleport-transport. leaseID:2 target:vanbergh.teleport.sh:443 localCluster: targetCluster:vanbergh.teleport.sh reversetunnel/agent.go:575
2024-08-29T09:09:47-04:00 DEBU [NODE:RESU] Returning non-resumable connection to multiplexer. pid:71726.1 resumption/server_detect.go:223
2024-08-29T09:09:48-04:00 WARN [SSH:NODE]  Error occurred in handshake for new SSH conn error:[ssh: disconnect, reason 11: ] remote_addr:35.166.164.122:54205 sshutils/server.go:524
IntelliJ logs 
2024-08-29 13:11:31,081 [56196425]   FINE - #c.i.s.i.s.sshj - Delegating connection to non-default socket factory com.intellij.ssh.ProxyCommandSocketFactory@32fc9693
2024-08-29 13:11:31,081 [56196425]   INFO - #c.i.s.ProxyCommand - ProxyCommand for tunnel.vanbergh.teleport.sh:3022: "C:\Users\Administrator\AppData\Local\Programs\teleport-connect\resources\bin\tsh.exe" proxy ssh -d --no-resume --cluster=vanbergh.teleport.sh --proxy=vanbergh.teleport.sh:443 [email protected]:3022
2024-08-29 13:11:31,097 [56196441]   INFO - #c.i.s.ProxyCommand - Started ProxyCommand for tunnel.vanbergh.teleport.sh:3022: Process[pid=6704, exitValue="not exited"]
2024-08-29 13:11:31,097 [56196441]   INFO - #c.i.s.i.s.sshj - Client identity string: SSH-2.0-IntelliJ__GoLand_GO-242.20224.424__SSHJ_0.38.1_SNAPSHOT
2024-08-29 13:11:31,732 [56197076]   INFO - #c.i.s.i.s.sshj - Server identity string: SSH-2.0-Teleport resume-v1 BHI6hT0Z/I76T0s6zG3kBBkQk5h1IaIf3KFWsgrewCAsYKJV78zvYZwwuDpFb1SNtJHZN7KqONRUjfRSSs5TnfM 3713491f-7ffe-48ee-9921-391765434c57
2024-08-29 13:11:32,122 [56197466]   FINE - c.i.s.i.s.PlatformAuthPublickey - Attempting authentication using PKCS8KeyFile{resource=[PrivateKeyFileResource] C:\Users\Administrator\AppData\Roaming\Teleport Connect\tsh\keys\vanbergh.teleport.sh\rosstimothy}
2024-08-29 13:11:32,122 [56197466]   FINE - #c.i.s.i.s.sshj - The IDE decided to disconnect the SSH session com.intellij.ssh.impl.sshj.PlatformSSHClient@d509f6e
java.lang.Exception
	at com.intellij.ssh.impl.sshj.PlatformSSHClient.disconnect(SshjConnectionUtil.kt:599)
	at com.intellij.ssh.impl.sshj.SshjConnectionUtilKt.setUpSessionForSshJ(SshjConnectionUtil.kt:239)
	at com.intellij.ssh.impl.SshConnection.doSshjSshConnection(SshConnection.kt:293)
	at com.intellij.ssh.impl.SshConnection.access$doSshjSshConnection(SshConnection.kt:33)
	at com.intellij.ssh.impl.SshConnection$createSshSessionForSshj$1.invoke(SshConnection.kt:286)
	at com.intellij.ssh.impl.SshConnection$createSshSessionForSshj$1.invoke(SshConnection.kt:283)
	at com.intellij.ssh.Ssh.wrapBlockingSshCall(ssh.kt:396)
	at com.intellij.ssh.Ssh.wrapBlockingSshCall$default(ssh.kt:377)
	at com.intellij.ssh.impl.SshConnection.createSshSessionForSshj(SshConnection.kt:283)
	at com.intellij.ssh.impl.SshConnection.access$createSshSessionForSshj(SshConnection.kt:33)
	at com.intellij.ssh.impl.SshConnection$checkCanAuthenticate$1.invoke(SshConnection.kt:222)
	at com.intellij.ssh.impl.SshConnection$checkCanAuthenticate$1.invoke(SshConnection.kt:217)
	at com.intellij.ssh.Ssh.wrapBlockingSshCall(ssh.kt:396)
	at com.intellij.ssh.Ssh.wrapBlockingSshCall$default(ssh.kt:377)
	at com.intellij.ssh.impl.SshConnection.checkCanAuthenticate(SshConnection.kt:217)
	at com.intellij.ssh.SshConnectionService.checkCanAuthenticate(SshConnectionService.kt:212)
	at com.intellij.ssh.Ssh.checkCanAuthenticate(ssh.kt:264)
	at com.intellij.ssh.Ssh.access$checkCanAuthenticate(ssh.kt:1)
	at com.intellij.ssh.ConnectionBuilder.checkCanAuthenticate(ssh.kt:109)
	at com.intellij.ssh.ui.unified.SshCredentialsEditorEx$1.lambda$actionPerformed$0(SshCredentialsEditorEx.java:68)
	at com.intellij.openapi.application.impl.AnyThreadWriteThreadingSupport$executeOnPooledThread$1.run(AnyThreadWriteThreadingSupport.kt:134)
	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:572)
	at com.intellij.util.concurrency.ContextCallable.call(ContextCallable.java:32)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317)
	at com.intellij.util.concurrency.ContextRunnable.run(ContextRunnable.java:27)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
	at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1$1.run(Executors.java:735)
	at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1$1.run(Executors.java:732)
	at java.base/java.security.AccessController.doPrivileged(AccessController.java:400)
	at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1.run(Executors.java:732)
	at java.base/java.lang.Thread.run(Thread.java:1583)
2024-08-29 13:11:32,122 [56197466]   INFO - #c.i.s.i.s.sshj - Disconnected - BY_APPLICATION
2024-08-29 13:11:32,122 [56197466]   INFO - #c.i.s.ProxyCommand - End of Process[pid=6704, exitValue=1] stderr: 
2024-08-29T13:11:31Z INFO [CLIENT]    ALPN connection upgrade required for "vanbergh.teleport.sh:443": false. client\api.go:831
2024-08-29T13:11:31Z WARN [CLIENT]    [KEY AGENT] Unable to connect to SSH agent on socket "": open \\.\pipe\openssh-ssh-agent: The system cannot find the file specified. client\api.go:4576
2024-08-29T13:11:31Z DEBU [KEYSTORE]  Reading certificates from path "C:\\Users\\Administrator\\.tsh\\keys\\vanbergh.teleport.sh\\rosstimothy-ssh\\vanbergh.teleport.sh-cert.pub". client\keystore.go:357
2024-08-29T13:11:31Z DEBU [KEYSTORE]  Teleport TLS certificate valid until "2024-08-29 20:30:47 +0000 UTC". client\client_store.go:118
2024-08-29T13:11:31Z INFO [KEYAGENT]  Loading SSH key for user "rosstimothy" and cluster "vanbergh.teleport.sh". client\keyagent.go:198
2024-08-29T13:11:31Z DEBU [KEYSTORE]  Teleport TLS certificate valid until "2024-08-29 20:30:47 +0000 UTC". client\client_store.go:118
2024-08-29T13:11:31Z DEBU [KEYSTORE]  Teleport TLS certificate valid until "2024-08-29 20:30:47 +0000 UTC". client\client_store.go:118
2024-08-29T13:11:31Z DEBU [KEYSTORE]  Teleport TLS certificate valid until "2024-08-29 20:30:47 +0000 UTC". client\client_store.go:118
2024-08-29T13:11:31Z DEBU [KEYSTORE]  Teleport TLS certificate valid until "2024-08-29 20:30:47 +0000 UTC". client\client_store.go:118
2024-08-29T13:11:31Z DEBU [KEYSTORE]  Teleport TLS certificate valid until "2024-08-29 20:30:47 +0000 UTC". client\client_store.go:118
2024-08-29 13:11:32,122 [56197466]   WARN - #c.i.s.ProxyCommand - Process[pid=6704, exitValue=1] exited with code 1

Mac

No issues when connecting to the same host via IntelliJ on macOS.

image

IntelliJ Logs 
2024-08-29 09:15:37,093 [  78144]   FINE - #c.i.s.c.OpenSshConfigViaToolService - stderr of ssh -G -vvv tunnel.vanbergh.teleport.sh:
OpenSSH_9.7p1, LibreSSL 3.3.6
debug1: Reading configuration data /Users/tim/.ssh/config
debug2: checking match for 'Host west' host tunnel.vanbergh.teleport.sh originally tunnel.vanbergh.teleport.sh
debug3: /Users/tim/.ssh/config line 1: not matched 'Host "tunnel.vanbergh.teleport.sh"' 
debug2: match not found
debug2: checking match for 'Host east' host tunnel.vanbergh.teleport.sh originally tunnel.vanbergh.teleport.sh
debug3: /Users/tim/.ssh/config line 7: not matched 'Host "tunnel.vanbergh.teleport.sh"' 
debug2: match not found
debug1: /Users/tim/.ssh/config line 18: Applying options for *.vanbergh.teleport.sh
debug1: /Users/tim/.ssh/config line 25: Applying options for *.vanbergh.teleport.sh
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
Pseudo-terminal will not be allocated because stdin is not a terminal.

2024-08-29 09:15:37,093 [  78144]  FINER - #c.i.s.c.OpenSshConfigViaToolService - stdout of ssh -G -vvv tunnel.vanbergh.teleport.sh:
host tunnel.vanbergh.teleport.sh
user tim
hostname tunnel.vanbergh.teleport.sh
port 3022
addressfamily any
batchmode no
canonicalizefallbacklocal yes
canonicalizehostname false
checkhostip no
compression no
controlmaster false
enablesshkeysign no
clearallforwardings no
exitonforwardfailure no
fingerprinthash SHA256
forwardx11 no
forwardx11trusted no
gatewayports no
gssapiauthentication no
gssapidelegatecredentials no
hashknownhosts no
hostbasedauthentication no
identitiesonly no
kbdinteractiveauthentication yes
nohostauthenticationforlocalhost no
nohostauthenticationforproxycommand no
passwordauthentication yes
permitlocalcommand no
proxyusefdpass no
pubkeyauthentication true
requesttty auto
sessiontype default
stdinnull no
forkafterauthentication no
streamlocalbindunlink no
stricthostkeychecking ask
tcpkeepalive yes
tunnel false
verifyhostkeydns false
visualhostkey no
updatehostkeys false
enableescapecommandline no
applemultipath no
canonicalizemaxdots 1
connectionattempts 1
forwardx11timeout 1200
numberofpasswordprompts 3
serveralivecountmax 3
serveraliveinterval 0
requiredrsasize 1024
obscurekeystroketiming yes
ciphers [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
hostkeyalgorithms [email protected],[email protected],[email protected]
hostbasedacceptedalgorithms [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256
kexalgorithms [email protected],curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
casignaturealgorithms ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256
loglevel DEBUG3
macs [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
securitykeyprovider $SSH_SK_PROVIDER
pubkeyacceptedalgorithms [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256
xauthlocation /usr/X11R6/bin/xauth
identityfile /Users/tim/.tsh/keys/vanbergh.teleport.sh/rosstimothy
canonicaldomains none
certificatefile /Users/tim/.tsh/keys/vanbergh.teleport.sh/rosstimothy-ssh/vanbergh.teleport.sh-cert.pub
globalknownhostsfile /etc/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts2
userknownhostsfile /Users/tim/.tsh/known_hosts
sendenv LANG
sendenv LC_*
logverbose none
channeltimeout none
permitremoteopen any
addkeystoagent false
forwardagent no
connecttimeout none
tunneldevice any:any
canonicalizePermittedcnames none
controlpersist no
escapechar ~
ipqos af21 cs1
rekeylimit 0 0
streamlocalbindmask 0177
syslogfacility USER
proxycommand "/Users/tim/src/rusty/teleport/local/releases/16.0.0/tsh" proxy ssh --cluster=vanbergh.teleport.sh --proxy=vanbergh.teleport.sh:443 %r@%h:%p

2024-08-29 09:15:37,100 [  78151]   FINE - #c.i.s.c.OpenSshConfigViaToolService - ssh -G -vvv tunnel.vanbergh.teleport.sh executed in PT0.02517525S
2024-08-29 09:15:37,100 [  78151]   FINE - #c.i.s.c.SshConnectionConfig - No changes after applying remote credentials for host tunnel.vanbergh.teleport.sh.
2024-08-29 09:15:37,101 [  78152]   FINE - #c.i.s.c.SshConnectionConfigService - Change after replacing %-tokens for host tunnel.vanbergh.teleport.sh:
  proxyConfig: Command(command="/Users/tim/src/rusty/teleport/local/releases/16.0.0/tsh" proxy ssh --cluster=vanbergh.teleport.sh --proxy=vanbergh.teleport.sh:443 %r@%h:%p)
            -> Command(command="/Users/tim/src/rusty/teleport/local/releases/16.0.0/tsh" proxy ssh --cluster=vanbergh.teleport.sh --proxy=vanbergh.teleport.sh:443 [email protected]:3022)
2024-08-29 09:15:37,104 [  78155]   FINE - #c.i.s.i.SshConnection - Checking that can authenticate [email protected]:3022
2024-08-29 09:15:37,113 [  78164]   INFO - net.schmizz.sshj.transport.random.JCERandom - Creating new SecureRandom.
2024-08-29 09:15:37,186 [  78237]   FINE - #c.i.s.i.s.sshj - Full connection config:
  authMethods: PublicKey(privateKeys=[/Users/tim/.tsh/keys/vanbergh.teleport.sh/rosstimothy], agent=ALL), Password, KeyboardInteractive
  ciphers: [[email protected], aes128-ctr, aes192-ctr, aes256-ctr, [email protected], [email protected]]
  compression: false
  connectTimeout: PT10S
  environmentVariables: [Inherit(glob=LANG), Inherit(glob=LC_*)]
  forwardAgent: false
  host: tunnel.vanbergh.teleport.sh
  hostKeyAlgorithms: [[email protected], [email protected], [email protected]]
  hostKeyVerifier: OpenSSH-like host key verifier (knownHostsFile=[/Users/tim/.tsh/known_hosts, /private/etc/ssh/ssh_known_hosts, /private/etc/ssh/ssh_known_hosts2], strictHostKeyChecking=ASK, hashKnownHosts=false)
  identityAgent: null
  initialLocalTcpForwardings: []
  initialRemoteTcpForwardings: []
  kexAlgorithms: [[email protected], curve25519-sha256, [email protected], ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256]
  macs: [[email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], hmac-sha2-256, hmac-sha2-512, hmac-sha1]
  port: 3022
  proxyConfig: Command(command="/Users/tim/src/rusty/teleport/local/releases/16.0.0/tsh" proxy ssh --cluster=vanbergh.teleport.sh --proxy=vanbergh.teleport.sh:443 [email protected]:3022)
  serverAlive: null
  user: tim
  x11Forwarding: null
2024-08-29 09:15:37,233 [  78284]   FINE - #c.i.s.SshConnectionService - Creating authentication agent connector
2024-08-29 09:15:37,233 [  78284]   FINE - #c.i.s.SshConnectionService - UNIX-domain socket /tmp/ssh-60ZxlXIPqhuG/agent.13296 defined in environment variable SSH_AUTH_SOCK will be used to connect to authentication agent
2024-08-29 09:15:37,271 [  78322]   FINE - #c.i.s.i.s.sshj - Delegating connection to non-default socket factory com.intellij.ssh.ProxyCommandSocketFactory@babbaa
2024-08-29 09:15:37,306 [  78357]   INFO - #c.i.s.ProxyCommand - ProxyCommand for tunnel.vanbergh.teleport.sh:3022: "/Users/tim/src/rusty/teleport/local/releases/16.0.0/tsh" proxy ssh --cluster=vanbergh.teleport.sh --proxy=vanbergh.teleport.sh:443 [email protected]:3022
2024-08-29 09:15:37,311 [  78362]   INFO - #c.i.s.ProxyCommand - Started ProxyCommand for tunnel.vanbergh.teleport.sh:3022: Process[pid=8816, exitValue="not exited"]
2024-08-29 09:15:37,311 [  78362]   INFO - #c.i.s.i.s.sshj - Client identity string: SSH-2.0-IntelliJ__GoLand_GO-242.20224.424__SSHJ_0.38.1_SNAPSHOT
2024-08-29 09:15:38,411 [  79462]   INFO - #c.i.s.i.s.sshj - Server identity string: SSH-2.0-Teleport
2024-08-29 09:15:38,617 [  79668]   FINE - c.i.s.i.s.PlatformAuthAgent - Attempting authentication using agent identity teleport:vanbergh.teleport.sh:vanbergh.teleport.sh:rosstimothy
2024-08-29 09:15:38,620 [  79671]   WARN - #c.i.s.i.s.sshj - While was authenticating publickey from the SSH agent, comment: teleport:vanbergh.teleport.sh:vanbergh.teleport.sh:rosstimothy
net.schmizz.sshj.userauth.UserAuthException: No KeyAlgorithm configured for key ssh-rsa
	at com.intellij.ssh.impl.sshj.PlatformAuthAgent.putPubKey(SshjConnectionUtil.kt:1015)
	at com.jcraft.jsch.agentproxy.sshj.AuthAgent.buildReq(AuthAgent.java:117)
	at com.jcraft.jsch.agentproxy.sshj.AuthAgent.buildReq(AuthAgent.java:124)
	at net.schmizz.sshj.userauth.method.AbstractAuthMethod.request(AbstractAuthMethod.java:68)
	at net.schmizz.sshj.userauth.UserAuthImpl.authenticate(UserAuthImpl.java:73)
	at com.intellij.ssh.impl.sshj.AuthMethodGroup.authenticateMethod(SshjConnectionUtil.kt:776)
	at com.intellij.ssh.impl.sshj.AuthMethodGroup.authenticate(SshjConnectionUtil.kt:750)
	at com.intellij.ssh.impl.sshj.SshjConnectionUtilKt.authenticate(SshjConnectionUtil.kt:562)
	at com.intellij.ssh.impl.sshj.SshjConnectionUtilKt.setUpSessionForSshJ$lambda$11(SshjConnectionUtil.kt:223)
	at java.base/java.util.concurrent.CompletableFuture$AsyncRun.run(CompletableFuture.java:1804)
	at com.intellij.util.concurrency.ContextRunnable.run(ContextRunnable.java:27)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
	at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1$1.run(Executors.java:735)
	at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1$1.run(Executors.java:732)
	at java.base/java.security.AccessController.doPrivileged(AccessController.java:400)
	at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1.run(Executors.java:732)
	at java.base/java.lang.Thread.run(Thread.java:1583)
Caused by: net.schmizz.sshj.transport.TransportException: Cannot find an available KeyAlgorithm for type ssh-rsa
	at net.schmizz.sshj.transport.TransportImpl.getClientKeyAlgorithms(TransportImpl.java:667)
	at com.intellij.ssh.impl.sshj.PlatformAuthAgent.getPublicKeyAlgorithm(SshjConnectionUtil.kt:995)
	at com.intellij.ssh.impl.sshj.PlatformAuthAgent.putPubKey(SshjConnectionUtil.kt:1008)
	... 17 more
2024-08-29 09:15:38,622 [  79673]   FINE - c.i.s.i.s.PlatformAuthAgent - Attempting authentication using agent identity [email protected]
2024-08-29 09:15:38,622 [  79673]   WARN - #c.i.s.i.s.sshj - While was authenticating publickey from the SSH agent, comment: [email protected]
net.schmizz.sshj.userauth.UserAuthException: No KeyAlgorithm configured for key ecdsa-sha2-nistp256
	at com.intellij.ssh.impl.sshj.PlatformAuthAgent.putPubKey(SshjConnectionUtil.kt:1015)
	at com.jcraft.jsch.agentproxy.sshj.AuthAgent.buildReq(AuthAgent.java:117)
	at com.jcraft.jsch.agentproxy.sshj.AuthAgent.buildReq(AuthAgent.java:124)
	at net.schmizz.sshj.userauth.method.AbstractAuthMethod.request(AbstractAuthMethod.java:68)
	at net.schmizz.sshj.userauth.UserAuthImpl.authenticate(UserAuthImpl.java:73)
	at com.intellij.ssh.impl.sshj.AuthMethodGroup.authenticateMethod(SshjConnectionUtil.kt:776)
	at com.intellij.ssh.impl.sshj.AuthMethodGroup.authenticate(SshjConnectionUtil.kt:750)
	at com.intellij.ssh.impl.sshj.SshjConnectionUtilKt.authenticate(SshjConnectionUtil.kt:562)
	at com.intellij.ssh.impl.sshj.SshjConnectionUtilKt.setUpSessionForSshJ$lambda$11(SshjConnectionUtil.kt:223)
	at java.base/java.util.concurrent.CompletableFuture$AsyncRun.run(CompletableFuture.java:1804)
	at com.intellij.util.concurrency.ContextRunnable.run(ContextRunnable.java:27)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
	at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1$1.run(Executors.java:735)
	at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1$1.run(Executors.java:732)
	at java.base/java.security.AccessController.doPrivileged(AccessController.java:400)
	at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1.run(Executors.java:732)
	at java.base/java.lang.Thread.run(Thread.java:1583)
Caused by: net.schmizz.sshj.transport.TransportException: Cannot find an available KeyAlgorithm for type ecdsa-sha2-nistp256
	at net.schmizz.sshj.transport.TransportImpl.getClientKeyAlgorithms(TransportImpl.java:667)
	at com.intellij.ssh.impl.sshj.PlatformAuthAgent.getPublicKeyAlgorithm(SshjConnectionUtil.kt:995)
	at com.intellij.ssh.impl.sshj.PlatformAuthAgent.putPubKey(SshjConnectionUtil.kt:1008)
	... 17 more
2024-08-29 09:15:38,623 [  79674]   FINE - c.i.s.i.s.PlatformAuthAgent - Attempting authentication using agent identity teleport:vanbergh.teleport.sh:vanbergh.teleport.sh:rosstimothy
2024-08-29 09:15:38,762 [  79813]   INFO - #c.i.s.i.s.sshj - Authentication log: SSH connection to [email protected]:3022
 * With altered connection settings:
  - authMethods: PublicKey(privateKeys=[/Users/tim/.tsh/keys/vanbergh.teleport.sh/rosstimothy], agent=ALL), Password, KeyboardInteractive
  - ciphers: [[email protected], aes128-ctr, aes192-ctr, aes256-ctr, [email protected], [email protected]]
  - connectTimeout: PT10S
  - environmentVariables: [Inherit(glob=LANG), Inherit(glob=LC_*)]
  - hostKeyAlgorithms: [[email protected], [email protected], [email protected]]
  - hostKeyVerifier: OpenSSH-like host key verifier (knownHostsFile=[/Users/tim/.tsh/known_hosts, /private/etc/ssh/ssh_known_hosts, /private/etc/ssh/ssh_known_hosts2], strictHostKeyChecking=ASK, hashKnownHosts=false)
  - kexAlgorithms: [[email protected], curve25519-sha256, [email protected], ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256]
  - macs: [[email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], hmac-sha2-256, hmac-sha2-512, hmac-sha1]
  - port: 3022
  - proxyConfig: Command(command="/Users/tim/src/rusty/teleport/local/releases/16.0.0/tsh" proxy ssh --cluster=vanbergh.teleport.sh --proxy=vanbergh.teleport.sh:443 [email protected]:3022)
 * With auth agent ssh-agent[/tmp/ssh-60ZxlXIPqhuG/agent.13296]
 * Connected: Socket[addr=null,port=0,localport=0]
 * Starting authentication
  => none (failure, new auth methods allowed by the server: publickey)
  => publickey from the SSH agent, comment: teleport:vanbergh.teleport.sh:vanbergh.teleport.sh:rosstimothy (user auth exception: No KeyAlgorithm configured for key ssh-rsa)
  => publickey from the SSH agent, comment: [email protected] (user auth exception: No KeyAlgorithm configured for key ecdsa-sha2-nistp256)
  => publickey from the SSH agent, comment: teleport:vanbergh.teleport.sh:vanbergh.teleport.sh:rosstimothy (success)
2024-08-29 09:15:41,789 [  82840]   FINE - #c.i.s.c.SshConnectionConfigService - Change after replacing %-tokens for host tunnel.vanbergh.teleport.sh:
  proxyConfig: Command(command="/Users/tim/src/rusty/teleport/local/releases/16.0.0/tsh" proxy ssh --cluster=vanbergh.teleport.sh --proxy=vanbergh.teleport.sh:443 %r@%h:%p)
            -> Command(command="/Users/tim/src/rusty/teleport/local/releases/16.0.0/tsh" proxy ssh --cluster=vanbergh.teleport.sh --proxy=vanbergh.teleport.sh:443 [email protected]:0)
2024-08-29 09:15:41,789 [  82840]   FINE - #c.i.s.c.SshConnectionConfigService - Change after replacing %-tokens for host tunnel.vanbergh.teleport.sh:
  proxyConfig: Command(command="/Users/tim/src/rusty/teleport/local/releases/16.0.0/tsh" proxy ssh --cluster=vanbergh.teleport.sh --proxy=vanbergh.teleport.sh:443 %r@%h:%p)
            -> Command(command="/Users/tim/src/rusty/teleport/local/releases/16.0.0/tsh" proxy ssh --cluster=vanbergh.teleport.sh --proxy=vanbergh.teleport.sh:443 [email protected]:0)
2024-08-29 09:15:41,793 [  82844]   FINE - #c.i.s.i.SshConnection - Not found a candidate for opening a channel. Faulty sessions number: 0, total active sessions number: 0
2024-08-29 09:15:41,795 [  82846]   FINE - #c.i.s.i.SshConnection - Establishing new SSH session to [email protected]:0
2024-08-29 09:15:41,795 [  82846]   INFO - net.schmizz.sshj.transport.random.JCERandom - Creating new SecureRandom.
2024-08-29 09:15:41,802 [  82853]   FINE - #c.i.s.i.s.sshj - Full connection config:
  authMethods: PublicKey(privateKeys=[/Users/tim/.tsh/keys/vanbergh.teleport.sh/rosstimothy], agent=ALL), Password, KeyboardInteractive
  ciphers: [[email protected], aes128-ctr, aes192-ctr, aes256-ctr, [email protected], [email protected]]
  compression: false
  connectTimeout: null
  environmentVariables: [Inherit(glob=LANG), Inherit(glob=LC_*)]
  forwardAgent: false
  host: tunnel.vanbergh.teleport.sh
  hostKeyAlgorithms: [[email protected], [email protected], [email protected]]
  hostKeyVerifier: OpenSSH-like host key verifier (knownHostsFile=[/Users/tim/.tsh/known_hosts, /private/etc/ssh/ssh_known_hosts, /private/etc/ssh/ssh_known_hosts2], strictHostKeyChecking=ASK, hashKnownHosts=false)
  identityAgent: null
  initialLocalTcpForwardings: []
  initialRemoteTcpForwardings: []
  kexAlgorithms: [[email protected], curve25519-sha256, [email protected], ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256]
  macs: [[email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], hmac-sha2-256, hmac-sha2-512, hmac-sha1]
  port: 0
  proxyConfig: Command(command="/Users/tim/src/rusty/teleport/local/releases/16.0.0/tsh" proxy ssh --cluster=vanbergh.teleport.sh --proxy=vanbergh.teleport.sh:443 [email protected]:0)
  serverAlive: null
  user: tim
  x11Forwarding: null
2024-08-29 09:15:41,804 [  82855]   FINE - #c.i.s.i.s.sshj - Delegating connection to non-default socket factory com.intellij.ssh.ProxyCommandSocketFactory@369ee9e3
2024-08-29 09:15:41,804 [  82855]   INFO - #c.i.s.ProxyCommand - ProxyCommand for tunnel.vanbergh.teleport.sh:0: "/Users/tim/src/rusty/teleport/local/releases/16.0.0/tsh" proxy ssh --cluster=vanbergh.teleport.sh --proxy=vanbergh.teleport.sh:443 [email protected]:0
2024-08-29 09:15:41,808 [  82859]   INFO - #c.i.s.ProxyCommand - Started ProxyCommand for tunnel.vanbergh.teleport.sh:0: Process[pid=8879, exitValue="not exited"]
2024-08-29 09:15:41,808 [  82859]   INFO - #c.i.s.i.s.sshj - Client identity string: SSH-2.0-IntelliJ__GoLand_GO-242.20224.424__SSHJ_0.38.1_SNAPSHOT
2024-08-29 09:15:42,182 [  83233]   INFO - #c.i.s.i.s.sshj - Server identity string: SSH-2.0-Teleport
2024-08-29 09:15:42,384 [  83435]   FINE - c.i.s.i.s.PlatformAuthAgent - Attempting authentication using agent identity teleport:vanbergh.teleport.sh:vanbergh.teleport.sh:rosstimothy
2024-08-29 09:15:42,385 [  83436]   FINE - c.i.s.i.s.PlatformAuthAgent - Attempting authentication using agent identity [email protected]
2024-08-29 09:15:42,386 [  83437]   FINE - c.i.s.i.s.PlatformAuthAgent - Attempting authentication using agent identity teleport:vanbergh.teleport.sh:vanbergh.teleport.sh:rosstimothy
2024-08-29 09:15:42,531 [  83582]   INFO - #c.i.s.i.s.sshj - Authentication log: SSH connection to [email protected]:0
 * With altered connection settings:
  - authMethods: PublicKey(privateKeys=[/Users/tim/.tsh/keys/vanbergh.teleport.sh/rosstimothy], agent=ALL), Password, KeyboardInteractive
  - ciphers: [[email protected], aes128-ctr, aes192-ctr, aes256-ctr, [email protected], [email protected]]
  - environmentVariables: [Inherit(glob=LANG), Inherit(glob=LC_*)]
  - hostKeyAlgorithms: [[email protected], [email protected], [email protected]]
  - hostKeyVerifier: OpenSSH-like host key verifier (knownHostsFile=[/Users/tim/.tsh/known_hosts, /private/etc/ssh/ssh_known_hosts, /private/etc/ssh/ssh_known_hosts2], strictHostKeyChecking=ASK, hashKnownHosts=false)
  - kexAlgorithms: [[email protected], curve25519-sha256, [email protected], ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256]
  - macs: [[email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], hmac-sha2-256, hmac-sha2-512, hmac-sha1]
  - port: 0
  - proxyConfig: Command(command="/Users/tim/src/rusty/teleport/local/releases/16.0.0/tsh" proxy ssh --cluster=vanbergh.teleport.sh --proxy=vanbergh.teleport.sh:443 [email protected]:0)
 * With auth agent ssh-agent[/tmp/ssh-60ZxlXIPqhuG/agent.13296]
 * Connected: Socket[addr=null,port=0,localport=0]
 * Starting authentication
  => none (failure, new auth methods allowed by the server: publickey)
  => publickey from the SSH agent, comment: teleport:vanbergh.teleport.sh:vanbergh.teleport.sh:rosstimothy (user auth exception: No KeyAlgorithm configured for key ssh-rsa)
  => publickey from the SSH agent, comment: [email protected] (user auth exception: No KeyAlgorithm configured for key ecdsa-sha2-nistp256)
  => publickey from the SSH agent, comment: teleport:vanbergh.teleport.sh:vanbergh.teleport.sh:rosstimothy (success)
2024-08-29 09:15:42,532 [  83583]   FINE - #c.i.s.i.SshConnection - SSH session @7c126682 established to [email protected]:0
2024-08-29 09:15:42,533 [  83584]   FINE - #c.i.s.SshConnectionService - Executing SSH command: cmd /c "set OS & set PROCESSOR_ARCHITECTURE" within SshjSshConnection([email protected])@7c126682
2024-08-29 09:15:42,533 [  83584]   FINE - #c.i.s.SshConnectionService - Executing SSH command: /bin/sh -c 'uname -s || uname -o && uname -m' within SshjSshConnection([email protected])@7c126682
2024-08-29 09:15:42,837 [  83888]   FINE - #c.i.s.f.SshApplicationUsagesCollector - The process for getting stats exited with code 127
2024-08-29 09:15:42,837 [  83888]   FINE - #c.i.s.f.SshApplicationUsagesCollector - Output of remote server info command executed on [email protected]:0 (win): Failure(code=-1, stdio=fish: Unknown command: cmd
fish: 
cmd /c "set OS & set PROCESSOR_ARCHITECTURE"
^~^
)
2024-08-29 09:15:42,864 [  83915]   FINE - #c.i.s.f.SshApplicationUsagesCollector - Output of remote server info command executed on [email protected]:0 (unix): Success(stdio=Darwin
arm64
)
2024-08-29 09:15:45,818 [  86869]   FINE - #c.i.s.c.OpenSshConfigViaToolService - stderr of ssh -G -vvv tunnel.vanbergh.teleport.sh:
OpenSSH_9.7p1, LibreSSL 3.3.6
debug1: Reading configuration data /Users/tim/.ssh/config
debug2: checking match for 'Host west' host tunnel.vanbergh.teleport.sh originally tunnel.vanbergh.teleport.sh
debug3: /Users/tim/.ssh/config line 1: not matched 'Host "tunnel.vanbergh.teleport.sh"' 
debug2: match not found
debug2: checking match for 'Host east' host tunnel.vanbergh.teleport.sh originally tunnel.vanbergh.teleport.sh
debug3: /Users/tim/.ssh/config line 7: not matched 'Host "tunnel.vanbergh.teleport.sh"' 
debug2: match not found
debug1: /Users/tim/.ssh/config line 18: Applying options for *.vanbergh.teleport.sh
debug1: /Users/tim/.ssh/config line 25: Applying options for *.vanbergh.teleport.sh
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
Pseudo-terminal will not be allocated because stdin is not a terminal.

2024-08-29 09:15:45,818 [  86869]  FINER - #c.i.s.c.OpenSshConfigViaToolService - stdout of ssh -G -vvv tunnel.vanbergh.teleport.sh:
host tunnel.vanbergh.teleport.sh
user tim
hostname tunnel.vanbergh.teleport.sh
port 3022
addressfamily any
batchmode no
canonicalizefallbacklocal yes
canonicalizehostname false
checkhostip no
compression no
controlmaster false
enablesshkeysign no
clearallforwardings no
exitonforwardfailure no
fingerprinthash SHA256
forwardx11 no
forwardx11trusted no
gatewayports no
gssapiauthentication no
gssapidelegatecredentials no
hashknownhosts no
hostbasedauthentication no
identitiesonly no
kbdinteractiveauthentication yes
nohostauthenticationforlocalhost no
nohostauthenticationforproxycommand no
passwordauthentication yes
permitlocalcommand no
proxyusefdpass no
pubkeyauthentication true
requesttty auto
sessiontype default
stdinnull no
forkafterauthentication no
streamlocalbindunlink no
stricthostkeychecking ask
tcpkeepalive yes
tunnel false
verifyhostkeydns false
visualhostkey no
updatehostkeys false
enableescapecommandline no
applemultipath no
canonicalizemaxdots 1
connectionattempts 1
forwardx11timeout 1200
numberofpasswordprompts 3
serveralivecountmax 3
serveraliveinterval 0
requiredrsasize 1024
obscurekeystroketiming yes
ciphers [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
hostkeyalgorithms [email protected],[email protected],[email protected]
hostbasedacceptedalgorithms [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256
kexalgorithms [email protected],curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
casignaturealgorithms ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256
loglevel DEBUG3
macs [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
securitykeyprovider $SSH_SK_PROVIDER
pubkeyacceptedalgorithms [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256
xauthlocation /usr/X11R6/bin/xauth
identityfile /Users/tim/.tsh/keys/vanbergh.teleport.sh/rosstimothy
canonicaldomains none
certificatefile /Users/tim/.tsh/keys/vanbergh.teleport.sh/rosstimothy-ssh/vanbergh.teleport.sh-cert.pub
globalknownhostsfile /etc/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts2
userknownhostsfile /Users/tim/.tsh/known_hosts
sendenv LANG
sendenv LC_*
logverbose none
channeltimeout none
permitremoteopen any
addkeystoagent false
forwardagent no
connecttimeout none
tunneldevice any:any
canonicalizePermittedcnames none
controlpersist no
escapechar ~
ipqos af21 cs1
rekeylimit 0 0
streamlocalbindmask 0177
syslogfacility USER
proxycommand "/Users/tim/src/rusty/teleport/local/releases/16.0.0/tsh" proxy ssh --cluster=vanbergh.teleport.sh --proxy=vanbergh.teleport.sh:443 %r@%h:%p

2024-08-29 09:15:45,819 [  86870]   FINE - #c.i.s.c.OpenSshConfigViaToolService - ssh -G -vvv tunnel.vanbergh.teleport.sh executed in PT0.007663833S
2024-08-29 09:15:45,819 [  86870]   FINE - #c.i.s.c.SshConnectionConfigService - Change after replacing %-tokens for host tunnel.vanbergh.teleport.sh:
  proxyConfig: Command(command="/Users/tim/src/rusty/teleport/local/releases/16.0.0/tsh" proxy ssh --cluster=vanbergh.teleport.sh --proxy=vanbergh.teleport.sh:443 %r@%h:%p)
            -> Command(command="/Users/tim/src/rusty/teleport/local/releases/16.0.0/tsh" proxy ssh --cluster=vanbergh.teleport.sh --proxy=vanbergh.teleport.sh:443 [email protected]:0)
2024-08-29 09:15:45,819 [  86870]   FINE - #c.i.s.SshConnectionService - Executing SSH command: /bin/sh -c 'uname -s || uname -o && uname -m' within SshjSshConnection([email protected])@7c126682
2024-08-29 09:15:45,820 [  86871]   FINE - #c.i.s.c.SshConnectionConfigService - Change after replacing %-tokens for host tunnel.vanbergh.teleport.sh:
  proxyConfig: Command(command="/Users/tim/src/rusty/teleport/local/releases/16.0.0/tsh" proxy ssh --cluster=vanbergh.teleport.sh --proxy=vanbergh.teleport.sh:443 %r@%h:%p)
            -> Command(command="/Users/tim/src/rusty/teleport/local/releases/16.0.0/tsh" proxy ssh --cluster=vanbergh.teleport.sh --proxy=vanbergh.teleport.sh:443 [email protected]:0)
2024-08-29 09:15:45,820 [  86871]   FINE - #c.i.s.SshConnectionService - Executing SSH command: cmd /c "set OS & set PROCESSOR_ARCHITECTURE" within SshjSshConnection([email protected])@7c126682
2024-08-29 09:15:46,130 [  87181]   FINE - #c.i.s.f.SshApplicationUsagesCollector - The process for getting stats exited with code 127
2024-08-29 09:15:46,130 [  87181]   FINE - #c.i.s.f.SshApplicationUsagesCollector - Output of remote server info command executed on [email protected]:0 (win): Failure(code=-1, stdio=fish: Unknown command: cmd
fish: 
cmd /c "set OS & set PROCESSOR_ARCHITECTURE"
^~^
)
2024-08-29 09:15:46,157 [  87208]   FINE - #c.i.s.f.SshApplicationUsagesCollector - Output of remote server info command executed on [email protected]:0 (unix): Success(stdio=Darwin
arm64
)
@programmerq
Copy link
Contributor

It looks like the ssh library used by PyCharm doesn't respect a CertificateFile setting in the SSH config. I've seen similar errors in other SSH implementations. Many seem to be very rigid about the cert file having the same name as the private key, but with -cert.pub as a suffix.

Another user ran into this on this upstream SSH library recently: hierynomus/sshj#960

On my Mac, I see it try and fail with my ~/.tsh/ private key specified in IdentityFile. It works because I have an ssh-agent running, and it's able to use the SSH Certificate as it appears in my agent.

The Intellij logs here show that no ssh-agent is running.

I'd recommend running the SSH-Agent service in windows so that tsh and Pycharm both see the same agent.

@rosstimothy
Copy link
Contributor Author

After starting the SSH-Agent service, restarting Goland, and doing a tsh logout && tsh login I was able to establish a session.

IntelliJ Logs from the successful connection attempt:

2024-09-05 17:11:18,051 [ 237414]   FINE - #c.i.s.c.OpenSshConfigViaToolService - stderr of ssh -G -vvv tunnel.vanbergh.teleport.sh:
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
debug1: Reading configuration data C:\\Users\\Administrator/.ssh/config
debug1: C:\\Users\\Administrator/.ssh/config line 2: Applying options for *.vanbergh.teleport.sh
debug1: C:\\Users\\Administrator/.ssh/config line 8: Applying options for *.vanbergh.teleport.sh
debug3: Failed to open file:C:/ProgramData/ssh/ssh_config error:2
Pseudo-terminal will not be allocated because stdin is not a terminal.

2024-09-05 17:11:18,051 [ 237414]   FINE - #c.i.s.c.OpenSshConfigViaToolService - ssh -G -vvv tunnel.vanbergh.teleport.sh executed in PT0.1079724S
2024-09-05 17:11:18,051 [ 237414]   FINE - #c.i.s.c.SshConnectionConfig - Change after applying remote credentials for host tunnel.vanbergh.teleport.sh:
  port: 3022
     -> 22
  user: administrator
     -> tim
2024-09-05 17:11:18,051 [ 237414]   FINE - #c.i.s.c.SshConnectionConfigService - Change after replacing %-tokens for host tunnel.vanbergh.teleport.sh:
  proxyConfig: Command(command="C:\Users\Administrator\AppData\Local\Programs\teleport-connect\resources\bin\tsh.exe" proxy ssh --cluster=vanbergh.teleport.sh --proxy=vanbergh.teleport.sh:443 %r@%h:%p)
            -> Command(command="C:\Users\Administrator\AppData\Local\Programs\teleport-connect\resources\bin\tsh.exe" proxy ssh --cluster=vanbergh.teleport.sh --proxy=vanbergh.teleport.sh:443 [email protected]:22)
2024-09-05 17:11:18,051 [ 237414]   FINE - #c.i.s.i.SshConnection - Checking that can authenticate [email protected]:22
2024-09-05 17:11:18,051 [ 237414]   INFO - net.schmizz.sshj.transport.random.JCERandom - Creating new SecureRandom.
2024-09-05 17:11:18,051 [ 237414]   FINE - #c.i.s.i.s.sshj - Full connection config:
  authMethods: PublicKey(privateKeys=[C:\Users\Administrator\AppData\Roaming\Teleport Connect\tsh\keys\vanbergh.teleport.sh\rosstimothy], agent=ALL), Password, KeyboardInteractive
  ciphers: [[email protected], aes128-ctr, aes192-ctr, aes256-ctr, [email protected], [email protected]]
  compression: false
  connectTimeout: PT10S
  environmentVariables: []
  forwardAgent: false
  host: tunnel.vanbergh.teleport.sh
  hostKeyAlgorithms: [[email protected], [email protected], [email protected]]
  hostKeyVerifier: OpenSSH-like host key verifier (knownHostsFile=[C:\Users\Administrator\AppData\Roaming\Teleport, C:\Users\Administrator\Desktop\Connect\tsh\known_hosts, C:\Users\Administrator\Desktop\__PROGRAMDATA__\ssh\ssh_known_hosts, C:\Users\Administrator\Desktop\__PROGRAMDATA__\ssh\ssh_known_hosts2], strictHostKeyChecking=ASK, hashKnownHosts=false)
  identityAgent: null
  initialLocalTcpForwardings: []
  initialRemoteTcpForwardings: []
  kexAlgorithms: [curve25519-sha256, [email protected], ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1]
  macs: [[email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], hmac-sha2-256, hmac-sha2-512, hmac-sha1]
  port: 22
  proxyConfig: Command(command="C:\Users\Administrator\AppData\Local\Programs\teleport-connect\resources\bin\tsh.exe" proxy ssh --cluster=vanbergh.teleport.sh --proxy=vanbergh.teleport.sh:443 [email protected]:22)
  serverAlive: null
  user: tim
  x11Forwarding: null
2024-09-05 17:11:18,067 [ 237430]   FINE - #c.i.s.i.s.sshj - Delegating connection to non-default socket factory com.intellij.ssh.ProxyCommandSocketFactory@66a0e762
2024-09-05 17:11:18,067 [ 237430]   INFO - #c.i.s.ProxyCommand - ProxyCommand for tunnel.vanbergh.teleport.sh:22: "C:\Users\Administrator\AppData\Local\Programs\teleport-connect\resources\bin\tsh.exe" proxy ssh --cluster=vanbergh.teleport.sh --proxy=vanbergh.teleport.sh:443 [email protected]:22
2024-09-05 17:11:18,067 [ 237430]   INFO - #c.i.s.ProxyCommand - Started ProxyCommand for tunnel.vanbergh.teleport.sh:22: Process[pid=6860, exitValue="not exited"]
2024-09-05 17:11:18,067 [ 237430]   INFO - #c.i.s.i.s.sshj - Client identity string: SSH-2.0-IntelliJ__GoLand_GO-242.21829.165__SSHJ_0.38.1_SNAPSHOT
2024-09-05 17:11:18,765 [ 238128]   INFO - #c.i.s.i.s.sshj - Server identity string: SSH-2.0-Teleport
2024-09-05 17:11:19,085 [ 238448]   FINE - c.i.s.i.s.PlatformAuthAgent - Attempting authentication using agent identity teleport:vanbergh.teleport.sh:vanbergh.teleport.sh:rosstimothy
2024-09-05 17:11:19,304 [ 238667]   INFO - #c.i.s.i.s.sshj - Authentication log: SSH connection to [email protected]:22
 * With altered connection settings:
  - authMethods: PublicKey(privateKeys=[C:\Users\Administrator\AppData\Roaming\Teleport Connect\tsh\keys\vanbergh.teleport.sh\rosstimothy], agent=ALL), Password, KeyboardInteractive
  - ciphers: [[email protected], aes128-ctr, aes192-ctr, aes256-ctr, [email protected], [email protected]]
  - connectTimeout: PT10S
  - hostKeyAlgorithms: [[email protected], [email protected], [email protected]]
  - hostKeyVerifier: OpenSSH-like host key verifier (knownHostsFile=[C:\Users\Administrator\AppData\Roaming\Teleport, C:\Users\Administrator\Desktop\Connect\tsh\known_hosts, C:\Users\Administrator\Desktop\__PROGRAMDATA__\ssh\ssh_known_hosts, C:\Users\Administrator\Desktop\__PROGRAMDATA__\ssh\ssh_known_hosts2], strictHostKeyChecking=ASK, hashKnownHosts=false)
  - kexAlgorithms: [curve25519-sha256, [email protected], ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1]
  - macs: [[email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], hmac-sha2-256, hmac-sha2-512, hmac-sha1]
  - proxyConfig: Command(command="C:\Users\Administrator\AppData\Local\Programs\teleport-connect\resources\bin\tsh.exe" proxy ssh --cluster=vanbergh.teleport.sh --proxy=vanbergh.teleport.sh:443 [email protected]:22)
  - user: tim
 * With auth agent OpenSSH Agent for Windows
 * Connected: Socket[addr=null,port=0,localport=0]
 * Starting authentication
  => none (failure, new auth methods allowed by the server: publickey)
  => publickey from the SSH agent, comment: teleport:vanbergh.teleport.sh:vanbergh.teleport.sh:rosstimothy (success)
2024-09-05 17:11:19,304 [ 238667]   FINE - #c.i.s.i.s.sshj - Disconnecting SshjSshConnection([email protected])@17a04857
2024-09-05 17:11:19,304 [ 238667]   FINE - #c.i.s.i.s.sshj - The IDE decided to disconnect the SSH session com.intellij.ssh.impl.sshj.PlatformSSHClient@527b6de8
java.lang.Exception
	at com.intellij.ssh.impl.sshj.PlatformSSHClient.disconnect(SshjConnectionUtil.kt:599)
	at net.schmizz.sshj.SSHClient.close(SSHClient.java:836)
	at com.intellij.ssh.impl.sshj.SshjSshConnection$disconnect$4.invoke(SshjSshConnection.kt:206)
	at com.intellij.ssh.impl.sshj.SshjSshConnection$disconnect$4.invoke(SshjSshConnection.kt:206)
	at com.intellij.ssh.impl.sshj.SshjSshConnection.disconnect(SshjSshConnection.kt:209)
	at com.intellij.ssh.impl.SshConnection$checkCanAuthenticate$1.invoke$addToThePool$lambda$1(SshConnection.kt:242)
	at com.intellij.util.concurrency.ContextRunnable.run(ContextRunnable.java:27)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
	at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1$1.run(Executors.java:735)
	at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1$1.run(Executors.java:732)
	at java.base/java.security.AccessController.doPrivileged(AccessController.java:400)
	at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1.run(Executors.java:732)
	at java.base/java.lang.Thread.run(Thread.java:1583)
2024-09-05 17:11:19,304 [ 238667]   INFO - #c.i.s.i.s.sshj - Disconnected - BY_APPLICATION
2024-09-05 17:11:19,483 [ 238846]   WARN - #c.i.s.ProxyCommand - Process[pid=6860, exitValue=1] exited with code 1

@rosstimothy
Copy link
Contributor Author

Connections that attempt to make use of proxy templates to resolve hosts are however rejected.

PS C:\Users\Administrator> cat '.\AppData\Roaming\Teleport Connect\tsh\config\config.yaml'
---
proxy_templates:
  - template: '^(.*):\d+$'
    search: "$1"


PS C:\Users\Administrator> tsh ls
Node Name Address    Labels
--------- ---------- -------------------------------------
tunnel    ⟵ Tunnel   arch=arm64,env=test,fruit=pear,os=mac

image

IntelliJ Logs 
2024-09-05 18:49:49,071 [ 596167]   FINE - #c.i.s.i.s.sshj - Delegating connection to non-default socket factory com.intellij.ssh.ProxyCommandSocketFactory@c874000
2024-09-05 18:49:51,352 [ 598448]   INFO - #c.i.s.ProxyCommand - ProxyCommand for pear:22: "C:\Users\Administrator\AppData\Local\Programs\teleport-connect\resources\bin\tsh.exe" proxy ssh -d --cluster=vanbergh.teleport.sh --proxy=vanbergh.teleport.sh:443 tim@pear:22
2024-09-05 18:49:51,353 [ 598449]   INFO - #c.i.s.ProxyCommand - Started ProxyCommand for pear:22: Process[pid=4428, exitValue="not exited"]
2024-09-05 18:49:51,353 [ 598449]   INFO - #c.i.s.i.s.sshj - Client identity string: SSH-2.0-IntelliJ__GoLand_GO-242.21829.165__SSHJ_0.38.1_SNAPSHOT
2024-09-05 18:49:52,028 [ 599124]   INFO - #c.i.s.i.s.sshj - Server identity string: SSH-2.0-Teleport
2024-09-05 18:49:52,146 [ 599242]   WARN - #c.i.s.i.s.sshj - Dying because - KeyExchange certificate check failed: Hostname `pear` doesn't match any of the principals: `3713491f-7ffe-48ee-9921-391765434c57.vanbergh.teleport.sh`, `3713491f-7ffe-48ee-9921-391765434c57`, `tunnel.vanbergh.teleport.sh`, `tunnel`, `localhost`, `127.0.0.1`, `::1`, `24.147.129.132`
2024-09-05 18:49:52,146 [ 599242]   INFO - #c.i.s.i.s.sshj - Disconnected - KEY_EXCHANGE_FAILED
2024-09-05 18:49:52,146 [ 599242]   WARN - #c.i.s.i.s.sshj - <<kex done>> woke to: net.schmizz.sshj.transport.TransportException: [KEY_EXCHANGE_FAILED] KeyExchange certificate check failed: Hostname `pear` doesn't match any of the principals: `3713491f-7ffe-48ee-9921-391765434c57.vanbergh.teleport.sh`, `3713491f-7ffe-48ee-9921-391765434c57`, `tunnel.vanbergh.teleport.sh`, `tunnel`, `localhost`, `127.0.0.1`, `::1`, `24.147.129.132`
2024-09-05 18:49:52,146 [ 599242]   FINE - #c.i.s.i.s.sshj - The IDE decided to disconnect the SSH session com.intellij.ssh.impl.sshj.PlatformSSHClient@1a7f3646
java.lang.Exception

The same connection attempt directly via SSH works:

PS C:\Users\Administrator> ssh tim@pear uptime
2024-09-05T19:00:19Z DEBU [TSH]       Will search for hosts via "pear" according to proxy template. common\tsh.go:3929
2024-09-05T19:00:19Z INFO [CLIENT]    ALPN connection upgrade required for "vanbergh.teleport.sh:443": false. client\api.go:831
2024-09-05T19:00:19Z INFO [CLIENT]    [KEY AGENT] Connected to the system agent: "\\\\.\\pipe\\openssh-ssh-agent" client\api.go:4580
2024-09-05T19:00:19Z DEBU [KEYSTORE]  Reading certificates from path "C:\\Users\\Administrator\\AppData\\Roaming\\Teleport Connect\\tsh\\keys\\vanbergh.teleport.sh\\rosstimothy-ssh\\vanbergh.teleport.sh-cert.pub". client\keystore.go:357
2024-09-05T19:00:19Z DEBU [KEYSTORE]  Teleport TLS certificate valid until "2024-09-06 02:43:18 +0000 UTC". client\client_store.go:118
2024-09-05T19:00:19Z INFO [KEYAGENT]  Loading SSH key for user "rosstimothy" and cluster "vanbergh.teleport.sh". client\keyagent.go:198
2024-09-05T19:00:19Z DEBU [KEYSTORE]  Teleport TLS certificate valid until "2024-09-06 02:43:18 +0000 UTC". client\client_store.go:118
2024-09-05T19:00:19Z DEBU [KEYSTORE]  Teleport TLS certificate valid until "2024-09-06 02:43:18 +0000 UTC". client\client_store.go:118
2024-09-05T19:00:19Z DEBU [KEYSTORE]  Teleport TLS certificate valid until "2024-09-06 02:43:18 +0000 UTC". client\client_store.go:118
2024-09-05T19:00:19Z DEBU [KEYSTORE]  Teleport TLS certificate valid until "2024-09-06 02:43:18 +0000 UTC". client\client_store.go:118
2024-09-05T19:00:19Z DEBU [KEYSTORE]  Teleport TLS certificate valid until "2024-09-06 02:43:18 +0000 UTC". client\client_store.go:118
2024-09-05T19:00:19Z DEBU  attaching new resumable connection trace_id:7065b99f7625de089deeef6b109d4078 span_id:55af61b2c3375487 resumption/client.go:284
15:00  up 16 days, 20:14, 7 users, load averages: 1.49 1.54 1.64

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug server-access
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@programmerq @rosstimothy