diff --git a/website/content/docs/getting-started/connect-to-target.mdx b/website/content/docs/getting-started/connect-to-target.mdx index 214c40c86b..f4efb06edd 100644 --- a/website/content/docs/getting-started/connect-to-target.mdx +++ b/website/content/docs/getting-started/connect-to-target.mdx @@ -6,28 +6,52 @@ description: |- Connecting to your first target --- -# Connect to Your First Target +## Connect to Your First Target -The default target is a TCP target with a default port of `22` (SSH). The host -sets for this target contain the default host, which has the address -`127.0.0.1`. When we run `boundary connect` against this target, the single -available host will be selected and we'll open a local authenticated proxy to -the target host on the target's default port (`127.0.0.1:22`). Because this -target is proxying to our local SSH server, we can use our built-in `connect ssh` -command to wrap the proxied TCP connection and SSH via Boundary: +The default target is a `tcp` target with a default port of `22` (which +corresponds to the default SSH port using TCP). The host sets for this target +contain the default host, which has the address `127.0.0.1`. When we run +`boundary connect` against this target, the single available host will be +selected and we'll open a local authenticated proxy to the host on the target's +default port (`127.0.0.1:22`). ``` -$ boundary connect ssh -target-id ttcp_1234567890 +$ boundary connect -target-id ttcp_1234567890 ``` -This will execute SSH on the target and port combination specified by the local -boundary proxy. If you want to specify a username other than your currently -logged-in user, you can do so via the `-username` flag. +In the output you'll see the address and port that your SSH client must be told +to use. In the next section you'll see the `ssh` connect helper in action to +make it easier to connect to the target with a client. + +`boundary connect` has a number of options; one notable option is `-listen-port` +to choose the port on which the connect command will listen for an incoming +connection. This can be convenient for allowing Boundary to work with +applications that allow you to select the address to connect to but not the +port, but for many applications there are still some extra hurdles that can +exist, which is why we are building out helpers. + +The dev-mode default target allows you to make as many connections as you want +within the authorized session. When you are finished making connections, simply +`Ctrl-C/Command-C` the `boundary connect` process to shut down the session. + +### Using Connect Helpers + +It can be annoying to keep accepting host SSH key prompts as the port changes, much less having to keep +copying and pasting the current port. To make this easier, Boundary includes +connect helpers that take care of this work for you. These take the form of +`boundary connect `. In the following example, the helper will +automatically execute `ssh` for you, filling in the local address/port, and setting +an expected host ID so that future connections on different +automatically-allocated ports don't complain about the host ID changing (you'll +still need to accept a host key the first time): + +``` +$ boundary connect ssh -target-id ttcp_1234567890 +``` If you want to pass additional flags to the SSH client, you can do so by adding them to the command line separated by a double-dash; anything after the double -dash will be passed to the executed client. For instance, rather than using -`-username`, an equivalent alternative would be: +dash will be passed to the executed client. For instance: ``` $ boundary connect ssh -target-id ttcp_1234567890 -- -l some-other-user @@ -38,6 +62,13 @@ different style expected by different SSH clients. At the moment, besides `ssh` (the default), the `boundary connect ssh` command supports `-style putty` to support passing connection information to PuTTY. +One advantage to styles is that Boundary will provide information to the client +in the format that makes sense. For example, if you want to specify a username +other than your currently logged-in user, you can do so via the `-username` +flag. This will ensure that regardless of whether you use the default `ssh` +style or the `putty` style, the username is properly passed to the executed +client -- you don't need to figure out the syntax yourself. + ## Selecting Targets When using `boundary connect` you must identify the target used for connecting.