Linux Ziti Tunneller for Ubuntu 22.04 and digitalocean example

Tunneler Apps Ziti Tunnel
21

I just have done everything on AWS instance, and it seems work, right ?

:~$ systemctl status ziti-edge-tunnel
● ziti-edge-tunnel.service - Ziti Edge Tunnel
     Loaded: loaded (/etc/systemd/system/ziti-edge-tunnel.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2023-06-07 19:06:31 UTC; 1min 7s ago
    Process: 20700 ExecStartPre=/opt/openziti/bin/ziti-edge-tunnel.sh (code=exited, status=0/SUCCESS)
   Main PID: 20711 (ziti-edge-tunne)
      Tasks: 5 (limit: 4686)
     Memory: 5.4M
        CPU: 312ms
     CGroup: /system.slice/ziti-edge-tunnel.service
             └─20711 /opt/openziti/bin/ziti-edge-tunnel run --verbose=2 --dns-ip-range=100.64.0.1/10 --identity-dir=/opt/openziti/etc/identities

Jun 07 19:06:31 ip-172-31-18-251 ziti-edge-tunnel.sh[20704]: (20704)[        0.000]    INFO ziti-sdk:utils.c:188 ziti_log_set_level() set log level: root=3/INFO
Jun 07 19:06:31 ip-172-31-18-251 ziti-edge-tunnel.sh[20704]: (20704)[        0.000]    INFO ziti-sdk:utils.c:188 ziti_log_set_level() set log level: root=3/INFO
Jun 07 19:06:31 ip-172-31-18-251 ziti-edge-tunnel.sh[20704]: (20704)[        0.000]    INFO ziti-sdk:ziti_enroll.c:90 ziti_enroll() Ziti C SDK version 0.32.6 @2fc3556>
Jun 07 19:06:31 ip-172-31-18-251 ziti-edge-tunnel.sh[20700]: INFO: enrolled ziti-id.jwt in /opt/openziti/etc/identities/ziti-id.json
Jun 07 19:06:31 ip-172-31-18-251 systemd[1]: Started Ziti Edge Tunnel.
Jun 07 19:06:31 ip-172-31-18-251 ziti-edge-tunnel[20711]: (20711)[        0.000]   ERROR ziti-edge-tunnel:instance-config.c:61 load_config_from_file() The config file>
Jun 07 19:06:31 ip-172-31-18-251 ziti-edge-tunnel[20711]: (20711)[        0.000]   ERROR ziti-edge-tunnel:instance-config.c:61 load_config_from_file() The config file>
Jun 07 19:06:31 ip-172-31-18-251 ziti-edge-tunnel[20711]: (20711)[        0.000]    WARN ziti-edge-tunnel:instance-config.c:98 load_tunnel_status_from_file() Config f>
Jun 07 19:06:31 ip-172-31-18-251 ziti-edge-tunnel[20711]: (20711)[        0.000]    WARN ziti-edge-tunnel:instance.c:39 find_tunnel_identity() Identity ztx[/opt/openz>
Jun 07 19:06:31 ip-172-31-18-251 ziti-edge-tunnel[20711]: (20711)[        0.017]   ERROR ziti-edge-tunnel:instance-config.c:136 save_tunnel_status_to_file() Could not>

However, there are still some error messages. Are those error messages big problem ?
The following are how it looks in controller:

4
41832×674 111 KB

5
51320×995 108 KB

22

Yes. Congratulations, your tunnel is running.

I cannot read the wrong ERROR message since they are cutoff. You can run:

sudo journalctl -u ziti-edge-tunnel

to give me the complete line.

I am very sure they are not affecting the operation of your tunnel.

Regards,

James

23

Hi Nick,

I have been trying to duplicate your issue.

So, when you created the controller on Digital Ocean, i assumed you used IP? And when you created the controller on AWS, you used DNS?

Is that what you did?

Thanks,

James

24

Yes.
Just like you said.

25

Excellent… Thank you.

We know what the issue is, I will try to fix the document, so the IP also works.

Appreciate your help to identify this issue.

Regards,

James

26

I also thank all of you, help me a lot.

27

Hi there is a problem happened in the last step “3.4.6 Verify the connection” in Services | OpenZiti .

In my controller, everything looks fine:

ubuntu@ip-172-31-28-18:~$ ziti edge list edge-router-policies
╭────────────────────────┬───────────────────────────────┬──────────────────────────────┬──────────────────────────────╮
│ ID                     │ NAME                          │ EDGE ROUTER ROLES            │ IDENTITY ROLES               │
├────────────────────────┼───────────────────────────────┼──────────────────────────────┼──────────────────────────────┤
│ 1QrYv064tMfVllSRfjYnsp │ allEdgeRouters                │ #public                      │ #all                         │
│ Rrtl76zhT3             │ edge-router-Rrtl76zhT3-system │ @ip-172-31-28-18-edge-router │ @ip-172-31-28-18-edge-router │
╰────────────────────────┴───────────────────────────────┴──────────────────────────────┴──────────────────────────────╯
results: 1-2 of 2
ubuntu@ip-172-31-28-18:~$ ziti edge list edge-routers
╭────────────┬─────────────────────────────┬────────┬───────────────┬──────┬────────────╮
│ ID         │ NAME                        │ ONLINE │ ALLOW TRANSIT │ COST │ ATTRIBUTES │
├────────────┼─────────────────────────────┼────────┼───────────────┼──────┼────────────┤
│ Rrtl76zhT3 │ ip-172-31-28-18-edge-router │ true   │ true          │    0 │ public     │
│ oJvkSiY.M  │ zrouter1                    │ true   │ true          │    0 │ public     │
╰────────────┴─────────────────────────────┴────────┴───────────────┴──────┴────────────╯
results: 1-2 of 2
ubuntu@ip-172-31-28-18:~$ ziti edge list configs
╭────────────────────────┬─────────────┬──────────────╮
│ ID                     │ NAME        │ CONFIG TYPE  │
├────────────────────────┼─────────────┼──────────────┤
│ 1JpAPCaoyeBGrjBVa0uMGd │ t2thostconf │ host.v1      │
│ 4EpGoQItXKXGsvY30qPj6m │ t2tintconf  │ intercept.v1 │
╰────────────────────────┴─────────────┴──────────────╯
results: 1-2 of 2
ubuntu@ip-172-31-28-18:~$ ziti edge list configs
╭────────────────────────┬─────────────┬──────────────╮
│ ID                     │ NAME        │ CONFIG TYPE  │
├────────────────────────┼─────────────┼──────────────┤
│ 1JpAPCaoyeBGrjBVa0uMGd │ t2thostconf │ host.v1      │
│ 4EpGoQItXKXGsvY30qPj6m │ t2tintconf  │ intercept.v1 │
╰────────────────────────┴─────────────┴──────────────╯
results: 1-2 of 2
ubuntu@ip-172-31-28-18:~$ ziti edge create service t2tssh -c t2tintconf,t2thostconf
New service t2tssh created with id: 7cpa1k1gZF9seHS7rAMrit
ubuntu@ip-172-31-28-18:~$ ziti edge list services
╭────────────────────────┬────────┬────────────┬─────────────────────┬────────────╮
│ ID                     │ NAME   │ ENCRYPTION │ TERMINATOR STRATEGY │ ATTRIBUTES │
│                        │        │  REQUIRED  │                     │            │
├────────────────────────┼────────┼────────────┼─────────────────────┼────────────┤
│ 7cpa1k1gZF9seHS7rAMrit │ t2tssh │ true       │ smartrouting        │            │
╰────────────────────────┴────────┴────────────┴─────────────────────┴────────────╯
results: 1-1 of 1
ubuntu@ip-172-31-28-18:~$ ziti edge list service-policies
╭────────────────────────┬─────────────┬──────────┬───────────────┬────────────────┬─────────────────────╮
│ ID                     │ NAME        │ SEMANTIC │ SERVICE ROLES │ IDENTITY ROLES │ POSTURE CHECK ROLES │
├────────────────────────┼─────────────┼──────────┼───────────────┼────────────────┼─────────────────────┤
│ 3IM507jEAGuHYO1GFi8hV3 │ t2tssh.bind │ AllOf    │ @t2tssh       │ @egressclient  │                     │
│ 5CPc5IsoniQvAaVD7Oy97D │ t2tssh.dial │ AllOf    │ @t2tssh       │ @ingressclient │                     │
╰────────────────────────┴─────────────┴──────────┴───────────────┴────────────────┴─────────────────────╯
results: 1-2 of 2
ubuntu@ip-172-31-28-18:~$ ziti edge policy-advisor services |grep t2tssh
OKAY : ingressclient (2) -> t2tssh (2) Common Routers: (2/2) Dial: Y Bind: N 
OKAY : egressclient (2) -> t2tssh (2) Common Routers: (2/2) Dial: N Bind: Y

in the ingress tunnel VM :slight_smile:

ubuntu@ip-172-31-23-156:~$ sudo systemctl enable --now ziti-edge-tunnel.service
Created symlink /etc/systemd/system/multi-user.target.wants/ziti-edge-tunnel.service → /opt/openziti/share/ziti-edge-tunnel.service.
Created symlink /etc/systemd/system/ziti-edge-tunnel.service → /opt/openziti/share/ziti-edge-tunnel.service.
ubuntu@ip-172-31-23-156:~$ systemctl status ziti-edge-tunnel
● ziti-edge-tunnel.service - Ziti Edge Tunnel
     Loaded: loaded (/etc/systemd/system/ziti-edge-tunnel.service; enabled; vendor preset: enab>
     Active: active (running) since Thu 2023-06-08 04:59:52 UTC; 15s ago
    Process: 21823 ExecStartPre=/opt/openziti/bin/ziti-edge-tunnel.sh (code=exited, status=0/SU>
   Main PID: 21834 (ziti-edge-tunne)
      Tasks: 5 (limit: 4686)
     Memory: 5.3M
        CPU: 160ms
     CGroup: /system.slice/ziti-edge-tunnel.service
             └─21834 /opt/openziti/bin/ziti-edge-tunnel run --verbose=2 --dns-ip-range=100.64.0>
lines 1-10
ubuntu@ip-172-31-23-156:~$ ssh t2tssh.ziti
The authenticity of host 't2tssh.ziti (100.64.0.3)' can't be established.
ED25519 key fingerprint is SHA256:6r+8WVwjLVLBJXGIO99K376rcdDEJtDoq0x38HhXMFU.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 't2tssh.ziti' (ED25519) to the list of known hosts.
ubuntu@t2tssh.ziti: Permission denied (publickey).

Why the “Permission denied (publickey)” happen ? and how to fix ?

Thank you

28

This current controller log with “Permission denied (publickey)” problem :

ziti-controller.log
ubuntu@ip-172-31-28-18:~$ cat ziti-controller.log 
Jun 08 04:35:40 ip-172-31-28-18 systemd[1]: Started Ziti-Controller.
Jun 08 04:35:40 ip-172-31-28-18 ziti-controller[24216]: {"arch":"amd64","build-date":"2023-05-26T18:18:07Z","file":"github.com/openziti/ziti/ziti/controller/run.go:60","func":"github.com/openziti/ziti/ziti/controller.run","go-version":"go1.20.4","level":"info","msg":"starting ziti-controller","nodeId":"ip-172-31-28-18","os":"linux","revision":"bcd87b19d952","time":"2023-06-08T04:35:40.523Z","version":"v0.28.0"}
Jun 08 04:35:40 ip-172-31-28-18 ziti-controller[24216]: {"file":"github.com/openziti/fabric@v0.23.29/events/dispatcher.go:122","func":"github.com/openziti/fabric/events.(*Dispatcher).eventLoop","level":"info","msg":"event dispatcher: started","time":"2023-06-08T04:35:40.524Z"}
Jun 08 04:35:40 ip-172-31-28-18 ziti-controller[24216]: {"file":"github.com/openziti/storage@v0.2.6/boltz/migration.go:99","func":"github.com/openziti/storage/boltz.(*migrationManager).Migrate.func1","level":"info","msg":"fabric datastore is up to date at version 5","time":"2023-06-08T04:35:40.524Z"}
Jun 08 04:35:40 ip-172-31-28-18 ziti-controller[24216]: {"file":"github.com/openziti/fabric@v0.23.29/controller/network/network.go:1120","func":"github.com/openziti/fabric/controller/network.(*Network).showOptions","level":"info","msg":"network = {\n  \"CycleSeconds\": 60,\n  \"Smart\": {\n    \"RerouteFraction\": 0.02,\n    \"RerouteCap\": 4,\n    \"MinCostDelta\": 15\n  },\n  \"RouteTimeout\": 10000000000,\n  \"CreateCircuitRetries\": 2,\n  \"CtrlChanLatencyInterval\": 10000000000,\n  \"PendingLinkTimeout\": 10000000000,\n  \"MinRouterCost\": 10,\n  \"RouterConnectChurnLimit\": 60000000000,\n  \"InitialLinkLatency\": 65000000000,\n  \"MetricsReportInterval\": 60000000000,\n  \"IntervalAgeThreshold\": 0\n}","time":"2023-06-08T04:35:40.528Z"}
Jun 08 04:35:40 ip-172-31-28-18 ziti-controller[24216]: {"file":"github.com/openziti/fabric@v0.23.29/controller/controller.go:338","func":"github.com/openziti/fabric/controller.(*Controller).showOptions","level":"info","msg":"ctrl = {\n  \"OutQueueSize\": 4,\n  \"MaxQueuedConnects\": 1,\n  \"MaxOutstandingConnects\": 16,\n  \"ConnectTimeout\": 5000000000,\n  \"DelayRxStart\": false,\n  \"WriteTimeout\": 0,\n  \"NewListener\": null,\n  \"AdvertiseAddress\": null,\n  \"RouterHeartbeatOptions\": {\n    \"sendInterval\": 10000000000,\n    \"checkInterval\": 1000000000,\n    \"closeUnresponsiveTimeout\": 30000000000\n  },\n  \"PeerHeartbeatOptions\": {\n    \"sendInterval\": 10000000000,\n    \"checkInterval\": 1000000000,\n    \"closeUnresponsiveTimeout\": 30000000000\n  }\n}","time":"2023-06-08T04:35:40.528Z"}
Jun 08 04:35:41 ip-172-31-28-18 ziti-controller[24216]: {"file":"github.com/openziti/edge@v0.24.309/controller/server/controller.go:79","func":"github.com/openziti/edge/controller/server.NewController","level":"info","msg":"edge controller instance id: climnb9y50000oopd9tjdp26b","time":"2023-06-08T04:35:41.213Z"}
Jun 08 04:35:41 ip-172-31-28-18 ziti-controller[24216]: {"file":"github.com/openziti/edge@v0.24.309/controller/server/controller.go:225","func":"github.com/openziti/edge/controller/server.(*Controller).Initialize","level":"info","msg":"initializing edge","time":"2023-06-08T04:35:41.214Z"}
Jun 08 04:35:41 ip-172-31-28-18 ziti-controller[24216]: {"file":"github.com/openziti/storage@v0.2.6/boltz/migration.go:99","func":"github.com/openziti/storage/boltz.(*migrationManager).Migrate.func1","level":"info","msg":"edge datastore is up to date at version 31","time":"2023-06-08T04:35:41.220Z"}
Jun 08 04:35:41 ip-172-31-28-18 ziti-controller[24216]: {"file":"github.com/openziti/edge@v0.24.309/controller/internal/policy/api_session_enforcer.go:52","frequency":"5s","func":"github.com/openziti/edge/controller/internal/policy.NewSessionEnforcer","level":"info","msg":"session enforcer configured","sessionTimeout":"30m0s","time":"2023-06-08T04:35:41.223Z"}
Jun 08 04:35:41 ip-172-31-28-18 ziti-controller[24216]: {"file":"github.com/openziti/edge@v0.24.309/controller/server/controller.go:279","func":"github.com/openziti/edge/controller/server.(*Controller).Run","level":"info","msg":"starting edge","time":"2023-06-08T04:35:41.224Z"}
Jun 08 04:35:41 ip-172-31-28-18 ziti-controller[24216]: {"file":"github.com/openziti/fabric@v0.23.29/metrics/pool_metrics.go:50","func":"github.com/openziti/fabric/metrics.GoroutinesPoolMetricsConfigF.func1.1","idleTime":10000000000,"level":"info","maxQueueSize":1,"maxWorkers":16,"minWorkers":1,"msg":"starting goroutine pool","poolType":"pool.listener.ctrl","time":"2023-06-08T04:35:41.225Z"}
Jun 08 04:35:41 ip-172-31-28-18 ziti-controller[24216]: {"file":"github.com/openziti/edge@v0.24.309/controller/server/controller.go:337","func":"github.com/openziti/edge/controller/server.(*Controller).checkEdgeInitialized","level":"info","msg":"edge initialized","time":"2023-06-08T04:35:41.254Z"}
Jun 08 04:35:41 ip-172-31-28-18 ziti-controller[24216]: {"file":"github.com/openziti/channel/v2@v2.0.78/accept_dispatcher.go:61","func":"github.com/openziti/channel/v2.(*UnderlayDispatcher).Run","level":"info","msg":"started","time":"2023-06-08T04:35:41.254Z"}
Jun 08 04:35:41 ip-172-31-28-18 ziti-controller[24216]: {"file":"github.com/openziti/fabric@v0.23.29/controller/network/network.go:823","func":"github.com/openziti/fabric/controller/network.(*Network).Run","level":"info","msg":"started","time":"2023-06-08T04:35:41.266Z"}
Jun 08 04:35:41 ip-172-31-28-18 ziti-controller[24216]: {"file":"github.com/openziti/xweb/v2@v2.0.2/server.go:194","func":"github.com/openziti/xweb/v2.(*Server).Start","level":"info","msg":"starting ApiConfig to listen and serve tls on 0.0.0.0:8441 for server client-management with APIs: [edge-management edge-client fabric]","time":"2023-06-08T04:35:41.487Z"}
Jun 08 04:35:41 ip-172-31-28-18 ziti-controller[24216]: {"file":"github.com/openziti/fabric@v0.23.29/controller/handler_ctrl/bind.go:90","func":"github.com/openziti/fabric/controller/handler_ctrl.(*bindHandler).BindChannel","level":"info","msg":"router supports heartbeats","routerId":"Rrtl76zhT3","routerVersion":"v0.28.0","time":"2023-06-08T04:35:41.536Z"}
Jun 08 04:35:41 ip-172-31-28-18 ziti-controller[24216]: {"file":"github.com/openziti/fabric@v0.23.29/controller/handler_ctrl/accept.go:115","func":"github.com/openziti/fabric/controller/handler_ctrl.(*CtrlAccepter).Bind","level":"info","msg":"accepted new router connection [r/Rrtl76zhT3]","routerId":"Rrtl76zhT3","time":"2023-06-08T04:35:41.537Z"}
Jun 08 04:35:41 ip-172-31-28-18 ziti-controller[24216]: {"file":"github.com/openziti/edge@v0.24.309/controller/env/broker.go:95","func":"github.com/openziti/edge/controller/env.(*Broker).RouterConnected.func1","level":"info","msg":"broker detected edge router with id Rrtl76zhT3 connecting","routerFingerprint":"fd37d00f2d890a0d11db0daa3521e74de228a30f","routerId":"Rrtl76zhT3","routerName":"ip-172-31-28-18-edge-router","time":"2023-06-08T04:35:41.546Z"}
Jun 08 04:35:41 ip-172-31-28-18 ziti-controller[24216]: {"file":"github.com/openziti/edge@v0.24.309/controller/sync_strats/sync_instant.go:183","func":"github.com/openziti/edge/controller/sync_strats.(*InstantStrategy).RouterConnected","level":"info","msg":"edge router connected, adding to sync routerConnectedQueue","routerFingerprint":"fd37d00f2d890a0d11db0daa3521e74de228a30f","routerId":"Rrtl76zhT3","routerName":"ip-172-31-28-18-edge-router","syncStatus":"SYNC_QUEUED","sync_strategy":"instant","time":"2023-06-08T04:35:41.546Z"}
Jun 08 04:35:41 ip-172-31-28-18 ziti-controller[24216]: {"file":"github.com/openziti/edge@v0.24.309/controller/sync_strats/sync_instant.go:341","func":"github.com/openziti/edge/controller/sync_strats.(*InstantStrategy).hello","level":"info","msg":"edge router sync starting","routerChannelIsOpen":true,"routerFingerprint":"fd37d00f2d890a0d11db0daa3521e74de228a30f","routerId":"Rrtl76zhT3","routerName":"ip-172-31-28-18-edge-router","routerTxId":"sN.VRgYLM","strategy":"instant","time":"2023-06-08T04:35:41.546Z"}
Jun 08 04:35:41 ip-172-31-28-18 ziti-controller[24216]: {"file":"github.com/openziti/edge@v0.24.309/controller/sync_strats/sync_instant.go:350","func":"github.com/openziti/edge/controller/sync_strats.(*InstantStrategy).hello","level":"info","msg":"sending edge router hello","routerChannelIsOpen":true,"routerFingerprint":"fd37d00f2d890a0d11db0daa3521e74de228a30f","routerId":"Rrtl76zhT3","routerName":"ip-172-31-28-18-edge-router","routerTxId":"sN.VRgYLM","strategy":"instant","syncStatus":"SYNC_HELLO","time":"2023-06-08T04:35:41.546Z"}
Jun 08 04:35:41 ip-172-31-28-18 ziti-controller[24216]: {"arch":"amd64","buildDate":"2023-05-26T18:18:07Z","data":null,"file":"github.com/openziti/edge@v0.24.309/controller/sync_strats/sync_instant.go:449","func":"github.com/openziti/edge/controller/sync_strats.(*InstantStrategy).ReceiveClientHello","level":"info","listeners":[{"address":{"value":"tls:0.0.0.0:8442","protocol":"tls","hostname":"0.0.0.0","port":8442},"advertise":{"value":"18.222.123.20:8442","protocol":"tls","hostname":"18.222.123.20","port":8442}}],"msg":"edge router sent hello with version [v0.28.0] to controller with version [v0.28.0]","os":"linux","protocolPorts":["8442"],"protocols":["tls"],"revision":"bcd87b19d952","routerChannelIsOpen":true,"routerFingerprint":"fd37d00f2d890a0d11db0daa3521e74de228a30f","routerId":"Rrtl76zhT3","routerName":"ip-172-31-28-18-edge-router","routerTxId":"sN.VRgYLM","strategy":"instant","time":"2023-06-08T04:35:41.548Z","version":"v0.28.0"}
Jun 08 04:35:41 ip-172-31-28-18 ziti-controller[24216]: {"file":"github.com/openziti/edge@v0.24.309/controller/sync_strats/sync_instant.go:465","func":"github.com/openziti/edge/controller/sync_strats.(*InstantStrategy).synchronize","level":"info","msg":"started synchronizing edge router","routerChannelIsOpen":true,"routerFingerprint":"fd37d00f2d890a0d11db0daa3521e74de228a30f","routerId":"Rrtl76zhT3","routerName":"ip-172-31-28-18-edge-router","routerTxId":"sN.VRgYLM","strategy":"instant","time":"2023-06-08T04:35:41.548Z"}
Jun 08 04:35:41 ip-172-31-28-18 ziti-controller[24216]: {"file":"github.com/openziti/edge@v0.24.309/controller/sync_strats/sync_instant.go:455","func":"github.com/openziti/edge/controller/sync_strats.(*InstantStrategy).synchronize.func1","level":"info","msg":"exiting synchronization, final status: SYNC_DONE","routerChannelIsOpen":true,"routerFingerprint":"fd37d00f2d890a0d11db0daa3521e74de228a30f","routerId":"Rrtl76zhT3","routerName":"ip-172-31-28-18-edge-router","routerTxId":"sN.VRgYLM","strategy":"instant","time":"2023-06-08T04:35:41.549Z"}
Jun 08 04:35:41 ip-172-31-28-18 ziti-controller[24216]: {"file":"github.com/openziti/fabric@v0.23.29/controller/network/network.go:830","func":"github.com/openziti/fabric/controller/network.(*Network).Run","level":"info","msg":"changed router","routerId":"Rrtl76zhT3","time":"2023-06-08T04:35:41.788Z"}
Jun 08 04:37:11 ip-172-31-28-18 ziti-controller[24216]: {"level":"info","msg":"http: TLS handshake error from 172.31.28.18:55222: remote error: tls: bad certificate","time":"2023-06-08T04:37:11.942Z"}
Jun 08 04:40:56 ip-172-31-28-18 ziti-controller[24216]: {"level":"info","msg":"http: TLS handshake error from 96.54.56.4:60397: remote error: tls: unknown certificate","time":"2023-06-08T04:40:56.292Z"}
Jun 08 04:40:59 ip-172-31-28-18 ziti-controller[24216]: {"level":"info","msg":"http: TLS handshake error from 96.54.56.4:60399: remote error: tls: unknown certificate","time":"2023-06-08T04:40:59.194Z"}
Jun 08 04:40:59 ip-172-31-28-18 ziti-controller[24216]: {"level":"info","msg":"http: TLS handshake error from 96.54.56.4:60400: EOF","time":"2023-06-08T04:40:59.379Z"}
Jun 08 04:49:34 ip-172-31-28-18 ziti-controller[24216]: {"file":"github.com/openziti/fabric@v0.23.29/controller/handler_ctrl/bind.go:90","func":"github.com/openziti/fabric/controller/handler_ctrl.(*bindHandler).BindChannel","level":"info","msg":"router supports heartbeats","routerId":"oJvkSiY.M","routerVersion":"v0.28.0","time":"2023-06-08T04:49:34.857Z"}
Jun 08 04:49:34 ip-172-31-28-18 ziti-controller[24216]: {"file":"github.com/openziti/fabric@v0.23.29/controller/handler_ctrl/accept.go:115","func":"github.com/openziti/fabric/controller/handler_ctrl.(*CtrlAccepter).Bind","level":"info","msg":"accepted new router connection [r/oJvkSiY.M]","routerId":"oJvkSiY.M","time":"2023-06-08T04:49:34.857Z"}
Jun 08 04:49:34 ip-172-31-28-18 ziti-controller[24216]: {"file":"github.com/openziti/edge@v0.24.309/controller/env/broker.go:95","func":"github.com/openziti/edge/controller/env.(*Broker).RouterConnected.func1","level":"info","msg":"broker detected edge router with id oJvkSiY.M connecting","routerFingerprint":"37f6c30049f62a80533b96f82a9827b806a94d66","routerId":"oJvkSiY.M","routerName":"zrouter1","time":"2023-06-08T04:49:34.857Z"}
Jun 08 04:49:34 ip-172-31-28-18 ziti-controller[24216]: {"file":"github.com/openziti/edge@v0.24.309/controller/sync_strats/sync_instant.go:183","func":"github.com/openziti/edge/controller/sync_strats.(*InstantStrategy).RouterConnected","level":"info","msg":"edge router connected, adding to sync routerConnectedQueue","routerFingerprint":"37f6c30049f62a80533b96f82a9827b806a94d66","routerId":"oJvkSiY.M","routerName":"zrouter1","syncStatus":"SYNC_QUEUED","sync_strategy":"instant","time":"2023-06-08T04:49:34.857Z"}
Jun 08 04:49:34 ip-172-31-28-18 ziti-controller[24216]: {"file":"github.com/openziti/edge@v0.24.309/controller/sync_strats/sync_instant.go:341","func":"github.com/openziti/edge/controller/sync_strats.(*InstantStrategy).hello","level":"info","msg":"edge router sync starting","routerChannelIsOpen":true,"routerFingerprint":"37f6c30049f62a80533b96f82a9827b806a94d66","routerId":"oJvkSiY.M","routerName":"zrouter1","routerTxId":"rqqdSiYLE","strategy":"instant","time":"2023-06-08T04:49:34.857Z"}
Jun 08 04:49:34 ip-172-31-28-18 ziti-controller[24216]: {"file":"github.com/openziti/edge@v0.24.309/controller/sync_strats/sync_instant.go:350","func":"github.com/openziti/edge/controller/sync_strats.(*InstantStrategy).hello","level":"info","msg":"sending edge router hello","routerChannelIsOpen":true,"routerFingerprint":"37f6c30049f62a80533b96f82a9827b806a94d66","routerId":"oJvkSiY.M","routerName":"zrouter1","routerTxId":"rqqdSiYLE","strategy":"instant","syncStatus":"SYNC_HELLO","time":"2023-06-08T04:49:34.857Z"}
Jun 08 04:49:34 ip-172-31-28-18 ziti-controller[24216]: {"arch":"amd64","buildDate":"2023-05-26T18:18:07Z","data":null,"file":"github.com/openziti/edge@v0.24.309/controller/sync_strats/sync_instant.go:449","func":"github.com/openziti/edge/controller/sync_strats.(*InstantStrategy).ReceiveClientHello","level":"info","listeners":[{"address":{"value":"tls:0.0.0.0:443","protocol":"tls","hostname":"0.0.0.0","port":443},"advertise":{"value":"18.116.48.154:443","protocol":"tls","hostname":"18.116.48.154","port":443}}],"msg":"edge router sent hello with version [v0.28.0] to controller with version [v0.28.0]","os":"linux","protocolPorts":["443"],"protocols":["tls"],"revision":"bcd87b19d952","routerChannelIsOpen":true,"routerFingerprint":"37f6c30049f62a80533b96f82a9827b806a94d66","routerId":"oJvkSiY.M","routerName":"zrouter1","routerTxId":"rqqdSiYLE","strategy":"instant","time":"2023-06-08T04:49:34.859Z","version":"v0.28.0"}
Jun 08 04:49:34 ip-172-31-28-18 ziti-controller[24216]: {"file":"github.com/openziti/edge@v0.24.309/controller/sync_strats/sync_instant.go:465","func":"github.com/openziti/edge/controller/sync_strats.(*InstantStrategy).synchronize","level":"info","msg":"started synchronizing edge router","routerChannelIsOpen":true,"routerFingerprint":"37f6c30049f62a80533b96f82a9827b806a94d66","routerId":"oJvkSiY.M","routerName":"zrouter1","routerTxId":"rqqdSiYLE","strategy":"instant","time":"2023-06-08T04:49:34.859Z"}
Jun 08 04:49:34 ip-172-31-28-18 ziti-controller[24216]: {"file":"github.com/openziti/edge@v0.24.309/controller/sync_strats/sync_instant.go:455","func":"github.com/openziti/edge/controller/sync_strats.(*InstantStrategy).synchronize.func1","level":"info","msg":"exiting synchronization, final status: SYNC_DONE","routerChannelIsOpen":true,"routerFingerprint":"37f6c30049f62a80533b96f82a9827b806a94d66","routerId":"oJvkSiY.M","routerName":"zrouter1","routerTxId":"rqqdSiYLE","strategy":"instant","time":"2023-06-08T04:49:34.860Z"}
Jun 08 04:49:35 ip-172-31-28-18 ziti-controller[24216]: {"file":"github.com/openziti/fabric@v0.23.29/controller/network/network.go:830","func":"github.com/openziti/fabric/controller/network.(*Network).Run","level":"info","msg":"changed router","routerId":"oJvkSiY.M","time":"2023-06-08T04:49:35.107Z"}
Jun 08 04:49:35 ip-172-31-28-18 ziti-controller[24216]: {"dstRouterId":"oJvkSiY.M","file":"github.com/openziti/fabric@v0.23.29/controller/network/assembly.go:59","func":"github.com/openziti/fabric/controller/network.(*Network).assemble","level":"info","linkId":"5bIPJRDy4yWW65TTVlhJ0L","msg":"sending link dial","srcRouterId":"Rrtl76zhT3","time":"2023-06-08T04:49:35.107Z"}
Jun 08 04:49:35 ip-172-31-28-18 ziti-controller[24216]: {"dstRouterId":"Rrtl76zhT3","file":"github.com/openziti/fabric@v0.23.29/controller/network/assembly.go:59","func":"github.com/openziti/fabric/controller/network.(*Network).assemble","level":"info","linkId":"63mPAwzUzhrFeDg3SxKlgN","msg":"sending link dial","srcRouterId":"oJvkSiY.M","time":"2023-06-08T04:49:35.108Z"}
Jun 08 04:49:35 ip-172-31-28-18 ziti-controller[24216]: {"_context":"ch{Rrtl76zhT3}-\u003eu{classic}-\u003ei{V7z1}","file":"github.com/openziti/fabric@v0.23.29/controller/handler_ctrl/fault.go:81","func":"github.com/openziti/fabric/controller/handler_ctrl.(*faultHandler).handleFault","level":"info","linkId":"63mPAwzUzhrFeDg3SxKlgN","msg":"link fault","time":"2023-06-08T04:49:35.194Z"}
Jun 08 04:49:35 ip-172-31-28-18 ziti-controller[24216]: {"file":"github.com/openziti/fabric@v0.23.29/controller/network/network.go:886","func":"github.com/openziti/fabric/controller/network.(*Network).handleLinkChanged","level":"info","linkId":"63mPAwzUzhrFeDg3SxKlgN","msg":"changed link","time":"2023-06-08T04:49:35.194Z"}
Jun 08 04:49:35 ip-172-31-28-18 ziti-controller[24216]: {"_context":"ch{oJvkSiY.M}-\u003eu{classic}-\u003ei{n43X}","error":"link [l/63mPAwzUzhrFeDg3SxKlgN] state is Failed, not pending, cannot mark connected","file":"github.com/openziti/fabric@v0.23.29/controller/handler_ctrl/link_connected.go:58","func":"github.com/openziti/fabric/controller/handler_ctrl.(*linkConnectedHandler).HandleLink","level":"error","linkId":"63mPAwzUzhrFeDg3SxKlgN","msg":"unexpected error marking link connected","time":"2023-06-08T04:49:35.195Z"}
Jun 08 04:49:35 ip-172-31-28-18 ziti-controller[24216]: {"_context":"ch{Rrtl76zhT3}-\u003eu{classic}-\u003ei{V7z1}","file":"github.com/openziti/fabric@v0.23.29/controller/handler_ctrl/link_connected.go:56","func":"github.com/openziti/fabric/controller/handler_ctrl.(*linkConnectedHandler).HandleLink","level":"info","linkId":"5bIPJRDy4yWW65TTVlhJ0L","msg":"link connected","time":"2023-06-08T04:49:35.195Z"}
Jun 08 04:49:35 ip-172-31-28-18 ziti-controller[24216]: {"_context":"ch{oJvkSiY.M}-\u003eu{classic}-\u003ei{n43X}","file":"github.com/openziti/fabric@v0.23.29/controller/handler_ctrl/fault.go:81","func":"github.com/openziti/fabric/controller/handler_ctrl.(*faultHandler).handleFault","level":"info","linkId":"63mPAwzUzhrFeDg3SxKlgN","msg":"link fault","time":"2023-06-08T04:49:35.196Z"}
Jun 08 04:49:35 ip-172-31-28-18 ziti-controller[24216]: {"file":"github.com/openziti/fabric@v0.23.29/controller/network/network.go:886","func":"github.com/openziti/fabric/controller/network.(*Network).handleLinkChanged","level":"info","linkId":"63mPAwzUzhrFeDg3SxKlgN","msg":"changed link","time":"2023-06-08T04:49:35.196Z"}
Jun 08 04:50:35 ip-172-31-28-18 ziti-controller[24216]: {"file":"github.com/openziti/fabric@v0.23.29/controller/network/assembly.go:133","func":"github.com/openziti/fabric/controller/network.(*Network).clean","level":"info","linkId":"63mPAwzUzhrFeDg3SxKlgN","msg":"removing failed link","time":"2023-06-08T04:50:35.196Z"}
Jun 08 05:14:23 ip-172-31-28-18 ziti-controller[24216]: {"_context":"ch{Rrtl76zhT3}-\u003eu{classic}-\u003ei{V7z1}","file":"github.com/openziti/edge@v0.24.309/controller/handler_edge_ctrl/create_terminator.go:129","func":"github.com/openziti/edge/controller/handler_edge_ctrl.(*createTerminatorHandler).CreateTerminator","level":"info","msg":"created terminator","routerId":"Rrtl76zhT3","service":"t2tssh","serviceId":"7cpa1k1gZF9seHS7rAMrit","terminator":"6bFAGrlbuuYvM7ww11gnAP","time":"2023-06-08T05:14:23.325Z","token":"c2ad1d6f-98d3-4c13-b697-230d3c3f4826"}
29

Hi Nick,
In order to ssh into your egress tunnel, you will need to put ssh public key from ingress tunnel into authorized_keys on the egress tunnel.

This is not part of open ziti setup, so we didn’t cover that in the document.

Here is some simple step to get you going:

  1. on the ingress tunnel, ssh-keygen (this will generated a private key and public key under directory ~/.ssh)
  2. get the content of ~/.ssh/id_rsa.pub
  3. on the egress tunnel,

cat >>~/.ssh/authorized_keys

then paste the content of the step 2

Then you can try ssh t2tssh.ziti command again from ingress tunnel.