aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'efe9fe780d'
${ noResults }
boundary/website/content/docs/concepts/connection-workflows/exec-flag.mdx

82 lines
3.3 KiB
Raw Blame History

---
layout: docs
page_title: -exec flag
description: >-
Learn how to use the `-exec` flag to execute TCP sessions or pass flags using your preferred client.
---
# Exec flag
Boundary includes built-in connect helpers for clients, however, `boundary connect` can execute clients even when there is no built-in support for a specific client using the `-exec` flag.
The `-exec` flag lets you wrap Boundary TCP sessions in your preferred client.
You can use this flag to create an authenticated proxy to almost anything.
When you use `-exec`, you can pass flags to the client by including them in the executed command after a double-dash `--`.
For example, the following command passes `-l myuser -i ~/.ssh/identity` to the PuTTY client:
```shell-session
$ boundary connect ssh -style putty -exec putty.exe -target-id ttcp_1234567890 -- -l myuser -i ~/.ssh/identity
```
You can substitute the following templated values into the command arguments.
Boundary injects these values in the executed command as environment variables:
- `{{boundary.ip}}` (`BOUNDARY_PROXIED_IP`): The IP address of the listening socket that `boundary connect` opened.
- `{{boundary.port}}` (`BOUNDARY_PROXIED_PORT`): The port of the listening socket that `boundary connect` has opened.
- `{{boundary.addr}}` (`BOUNDARY_PROXIED_ADDR`): The host:port format of the address.
This value is essentially equivalent to `{{boundary.ip}}:{{boundary.port}}`.
For example, if you wanted to use Boundary to create an authenticated firewall
around `curl`, you could update the default TCP target from a default port
of `:22` to `:443` using the following command:
```shell-session
$ boundary targets update tcp -default-port 443 -id ttcp_1234567890
Target information:
Address: 127.0.0.1
Created Time: Fri, 25 Sep 2020 18:35:47 PDT
Description: Provides an initial target in Boundary
ID: ttcp_1234567890
Name: Generated target
Session Connection Limit: 1
Session Max Seconds: 28800
Type: tcp
Updated Time: Fri, 25 Sep 2020 18:36:18 PDT
Version: 2
Scope:
ID: p_1234567890
Name: Generated project scope
Parent Scope ID: o_1234567890
Type: project
Attributes:
Default Port: 443
```
In the output above, the default port for the target has now changed to `:443`.
Now, you can use `curl` as the client for a TCP target session.
For example, the following command uses `curl` to perform an authenticated download of hashicorp.com:
```shell-session
$ boundary connect -exec curl -target-id ttcp_1234567890 \
-- -vvsL --output /dev/null hashicorp.com
* Trying 76.76.21.21...
* TCP_NODELAY set
* Connected to hashicorp.com (76.76.21.21) port 80 (#0)
> GET / HTTP/1.1
> Host: hashicorp.com
> User-Agent: curl/7.64.1
> Accept: */*
...<truncated output>...
```
Note that you can use `-exec` for subcommands that wrap clients as well.
As an example, if `putty.exe` is available on a Windows host but the command is being run from WSL, you could use the following command to specify the correct binary to use, since WSL must use `.exe` when it invokes Windows binaries:
```shell-session
$ boundary connect ssh -style putty -exec putty.exe -target-id ttcp_1234567890
```
Reference in new issue View Git Blame Copy Permalink