From cf31e44b5fc8cf7ee4abab780ee446b44bb901a8 Mon Sep 17 00:00:00 2001 From: Steven Martin Date: Thu, 12 Dec 2024 09:37:32 -0500 Subject: [PATCH] docs: update tsh client for trusted clusters --- docs/pages/connect-your-client/tsh.mdx | 64 ++------------------------ 1 file changed, 4 insertions(+), 60 deletions(-) diff --git a/docs/pages/connect-your-client/tsh.mdx b/docs/pages/connect-your-client/tsh.mdx index 721671a22f1a0..ac4da6e75d17b 100644 --- a/docs/pages/connect-your-client/tsh.mdx +++ b/docs/pages/connect-your-client/tsh.mdx @@ -697,10 +697,11 @@ Teleport supports creating clusters of servers located behind firewalls tunnels from behind-firewall environments into a Teleport Proxy Service you have access to. To learn more about setting up a trust relationship between clusters behind firewalls, see -[Configure Trusted Clusters](../admin-guides/management/admin/trustedclusters.mdx). +[Configure Trusted Clusters](../admin-guides/management/admin/trustedclusters.mdx). - - + + Trusted clusters are only available for self-hosted Teleport clusters. + Assuming the Teleport Proxy Server called `work` is configured with a few trusted clusters, you can use the `tsh clusters` command to see a list of all the trusted clusters on the server: @@ -714,32 +715,10 @@ $ tsh --proxy=work clusters # production offline ``` - - - -Assuming the Teleport Cloud tenant called `mytenant.teleport.sh` is configured with a few trusted -clusters, a user may use the `tsh clusters` command to see a list of all Trusted Clusters on the server: - -```code -$ tsh --proxy=mytenant.teleport.sh clusters - -# Cluster Name Status -# ------------ ------ -# staging online -# production offline -``` - - - - - [CLI Docs - tsh clusters](../reference/cli/tsh.mdx#tsh-clusters) Now you can use the `--cluster` flag with any `tsh` command. For example, to list SSH nodes that are members of the `production` cluster, simply run: - - - ```code $ tsh --proxy=work ls --cluster=production @@ -749,27 +728,8 @@ $ tsh --proxy=work ls --cluster=production # db-2 xxxxxxxxx 10.0.20.41:3022 kernel:4.2 ``` - - - -```code -$ tsh --proxy=mytenant.teleport.sh ls --cluster=production - -# Node Name Node ID Address Labels -# --------- ------- ------- ------ -# db-1 xxxxxxxxx 10.0.20.31:3022 kernel:4.4 -# db-2 xxxxxxxxx 10.0.20.41:3022 kernel:4.2 -``` - - - - - Similarly, if you want to SSH into `db-1` inside the `production` cluster: - - - ```code $ tsh --proxy=work ssh --cluster=production db-1 ``` @@ -779,22 +739,6 @@ firewall without open ports. This works because the `production` cluster establishes a reverse SSH tunnel back into the Proxy Service called `work`, and this tunnel is used to establish inbound SSH connections. - - - -```code -$ tsh --proxy=mytenant.teleport.sh ssh --cluster=production db-1 -``` - -This is possible even if Nodes in the `production` cluster are located behind a -firewall without open ports. This works because the `production` cluster -establishes a reverse SSH tunnel back into your Teleport Cloud tenant's Proxy -Service, and this tunnel is used to establish inbound SSH connections. - - - - - ## X11 forwarding In order to run graphical programs within an SSH session, such as an IDE like