Linux command
boundary 命令
文本
复制后可按需替换文件名、目录或参数。
常用示例
Authenticate to Boundary
boundary authenticate
Connect to a target
boundary connect -target-id [ttcp_1234567890]
Connect using SSH helper
boundary connect ssh -target-id [ttcp_1234567890]
List available targets
boundary targets list -recursive
List active sessions
boundary sessions list -recursive
Read target details
boundary targets read -id [ttcp_1234567890]
Cancel a session
boundary sessions cancel -id [s_1234567890]
Start a local proxy
boundary connect -target-id [ttcp_1234567890] -listen-port [2222]
说明
boundary is the CLI for HashiCorp Boundary, a tool for secure remote access to infrastructure. It provides identity-based access to hosts and services without exposing networks or managing credentials directly. The connect command establishes sessions to targets. Protocol-specific helpers (ssh, postgres, rdp, http, kube) automatically configure client tools with proper credentials. For SSH, it spawns an ssh process with injected credentials; for databases, it provides connection strings. Authentication methods include password, OIDC, and LDAP. Credentials are stored in the system keyring or specified location. Use authenticate to log in and logout to clear credentials. Boundary uses a hierarchical scope model with global, organization, and project scopes. Use -recursive to list resources across all accessible scopes. Sessions maintain the connection state between client and target. Active sessions can be listed and canceled. Session recordings enable audit and compliance when configured.
参数
- -target-id _id_
- Target ID to connect to.
- -target-name _name_
- Target name (requires scope).
- -target-scope-id _id_
- Scope containing target.
- -target-scope-name _name_
- Scope name containing target.
- -listen-port _port_
- Local port for proxy connection.
- -addr _address_
- Boundary controller address.
- -token _token_
- Authentication token.
- -token-name _name_
- Token name for storage.
- -scope-id _id_
- Scope ID for operations.
- -recursive
- List resources recursively across scopes.
- -format _format_
- Output format: table, json.
- -keyring-type _type_
- Keyring type for credential storage.
FAQ
What is the boundary command used for?
boundary is the CLI for HashiCorp Boundary, a tool for secure remote access to infrastructure. It provides identity-based access to hosts and services without exposing networks or managing credentials directly. The connect command establishes sessions to targets. Protocol-specific helpers (ssh, postgres, rdp, http, kube) automatically configure client tools with proper credentials. For SSH, it spawns an ssh process with injected credentials; for databases, it provides connection strings. Authentication methods include password, OIDC, and LDAP. Credentials are stored in the system keyring or specified location. Use authenticate to log in and logout to clear credentials. Boundary uses a hierarchical scope model with global, organization, and project scopes. Use -recursive to list resources across all accessible scopes. Sessions maintain the connection state between client and target. Active sessions can be listed and canceled. Session recordings enable audit and compliance when configured.
How do I run a basic boundary example?
Run `boundary authenticate` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does -target-id _id_ do in boundary?
Target ID to connect to.