--- layout: docs page_title: Connect to your first target description: |- Connecting to your first target --- # Connect to your first target The default target is a `tcp` target with a default port of `22` (which corresponds to the default SSH port using TCP). This target is set up with `127.0.0.1` as its address. When you execute `boundary connect` against this target, a local authenticated proxy to the address is established on the target's default port (`127.0.0.1:22`). ```shell-session $ boundary connect -target-id ttcp_1234567890 ``` There is also a secondary `tcp` target with (`ttcp_0987654321`) which uses host sets instead of an address. The host sets for this target contain the default host, which has the address 127.0.0.1. When you execute `boundary connect` against this target, the single available host will be selected and a local authenticated proxy to the host is also established on the target's default port (127.0.0.1:22). ```shell-session boundary connect -target-id ttcp_0987654321 ``` For the purpose of this guide, both of these targets accomplish the same goal, however they have different purposes. Refer to the [domain](/boundary/docs/concepts/domain-model/index) documentation for more information. For the rest of this guide, assume the default is used. The output displays the address and port that your SSH client must utilize. In the next section the `ssh` connect helper is used to make it easier to connect to the target with a client. The `boundary connect` command has a number of notable options, such as `-listen-port` to choose the port on which the connect command will listen for an incoming connection. This is convenient for allowing Boundary to work with applications that allow you to select the connection address but not the port. For many applications, there are still some extra hurdles that can exist, which is why connect helpers can be useful. The dev-mode default target allows you to make as many connections as you want within the authorized session. When you are finished making connections, simply `Ctrl-C/Command-C` the `boundary connect` process to shut down the session. ## Select targets When using `boundary connect` you must identify the target used for connecting. Convention in this documentation is to use the target ID because it refers to a single explicit value, however other flags are supported: - `target-name`: The name of the target - `target-scope-id`: The ID of the scope in which the target lives - `target-scope-name`: The name of the scope in which the target lives Note however that these are not uniquely identifying, as names can be re-used across scopes. As a result, when not using the target ID, you must use the target's name in conjunction with the scope name or scope ID so that Boundary can correctly identify the desired target. Here is an SSH example in dev mode: ```shell-session $ boundary connect ssh -target-name "Generated target" -target-scope-name "Generated project scope" ``` ## Connect helpers Boundary includes connect helpers that automatically accept host SSH key prompts for you. These are written as `boundary connect ` and are supported for the following connection types: - HTTP - Kubernetes - PostgreSQL - RDP - SSH Refer to the [Connect helpers](/boundary/docs/concepts/connection-workflows/connect-helpers) documentation for more information. ## Built-in vs. exec In addition to the built-in connect helpers, `boundary connect` can accommodate executing clients even when there is no built-in support for a specific client using `-exec`. The `-exec` flag is a very powerful tool, allowing you to wrap Boundary TCP sessions in your preferred client. You can use this flag to create an authenticated proxy to almost anything. Refer to the [Exec flag](/boundary/docs/concepts/connection-workflows/exec-flag) documentation for more information. ## SSH ProxyCommand SSH `ProxyCommand` lets you proxy an SSH connection to a target according to a configuration file that you create. It can help simplify common developer and operator workflows. You can configure the file to connect to the target ID or the target domain. Refer to the [SSH ProxyCommand](/boundary/docs/concepts/connection-workflows/workflow-ssh-proxycommand) documentation for more information. ## Desktop client While using the desktop client, choose the target and connect to retrieve local proxy details. ## Next steps See our [basic administration workflows](/boundary/tutorials/oss-administration) for in depth discussion on managing scopes, targets, identities, and sessions.