curben
/
blog
mirror of https://gitlab.com/curben/blog
1
0
Fork 0
Code Issues Releases Wiki Activity

post(ssh-cert): consistent example domain 

and simpler title
This commit is contained in:
Ming Di Leom 2023-02-18 09:39:17 +00:00
parent 3775e75d90
commit 7b19b136c7
No known key found for this signature in database
GPG Key ID: 32D3E28E96A695E8
1 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
source/_posts/ssh-certificate-cloudflare-tunnel.md
View File

@ -1,8 +1,8 @@
--- ---
title: SSH authentication using short-lived certificate through Cloudflare Tunnel title: SSH certificate using Cloudflare Tunnel
excerpt: A quick quide to SSH certificate without using an identity provider. excerpt: A quick quide to SSH certificate without using an identity provider.
date: 2023-02-13 date: 2023-02-13
updated: 2023-02-16 updated: 2023-02-18
tags: tags:
- cloudflare - cloudflare
--- ---
@ -92,7 +92,7 @@ Navigate to **Access** -> **Tunnels**
**Route tunnel** tab, **Route tunnel** tab,
- Public hostname: test.example.com - Public hostname: test.yourdomain.com
- This is the application domain in the [Add an application](#Add-an-application) step. - This is the application domain in the [Add an application](#Add-an-application) step.
- Service - Service
- SSH type: URL = localhost:22 - SSH type: URL = localhost:22
@ -152,7 +152,7 @@ Install `cloudflared` on the host that you're going to SSH from.
Example output: Example output:
```plain ~/.ssh/config ```plain ~/.ssh/config
Match host test.example.com exec "/usr/local/bin/cloudflared access ssh-gen --hostname %h" Match host test.yourdomain.com exec "/usr/local/bin/cloudflared access ssh-gen --hostname %h"
ProxyCommand /usr/local/bin/cloudflared access ssh --hostname %h ProxyCommand /usr/local/bin/cloudflared access ssh --hostname %h
IdentityFile ~/.cloudflared/%h-cf_key IdentityFile ~/.cloudflared/%h-cf_key
CertificateFile ~/.cloudflared/%h-cf_key-cert.pub CertificateFile ~/.cloudflared/%h-cf_key-cert.pub
@ -161,21 +161,21 @@ Match host test.example.com exec "/usr/local/bin/cloudflared access ssh-gen --ho
or or
```plain ~/.ssh/config ```plain ~/.ssh/config
Host test.example.com Host test.yourdomain.com
ProxyCommand bash -c '/usr/local/bin/cloudflared access ssh-gen --hostname %h; ssh -tt %r@cfpipe-test.example.com >&2 <&1' ProxyCommand bash -c '/usr/local/bin/cloudflared access ssh-gen --hostname %h; ssh -tt %r@cfpipe-test.yourdomain.com >&2 <&1'
Host cfpipe-test.example.com Host cfpipe-test.yourdomain.com
HostName test.example.com HostName test.yourdomain.com
ProxyCommand /usr/local/bin/cloudflared access ssh --hostname %h ProxyCommand /usr/local/bin/cloudflared access ssh --hostname %h
IdentityFile ~/.cloudflared/test.example.com-cf_key IdentityFile ~/.cloudflared/test.yourdomain.com-cf_key
CertificateFile ~/.cloudflared/test.example.com-cf_key-cert.pub CertificateFile ~/.cloudflared/test.yourdomain.com-cf_key-cert.pub
``` ```
Save the output to `$HOME/.ssh/config`. Save the output to `$HOME/.ssh/config`.
Now, the moment of truth. Now, the moment of truth.
`ssh loremipsum@test.example.com` (replace the username with the one you created in [Create a test user](#Create-a-test-user) step.) `ssh loremipsum@test.yourdomain.com` (replace the username with the one you created in [Create a test user](#Create-a-test-user) step.)
The terminal should launch a website to _team-name_.cloudflareaccess.com. Enter the email you configured in [Add an application](#Add-an-application) step and then enter the received 6-digit PIN. The terminal should launch a website to _team-name_.cloudflareaccess.com. Enter the email you configured in [Add an application](#Add-an-application) step and then enter the received 6-digit PIN.
@ -195,4 +195,4 @@ To delete user(s), head to **Users**, tick the relevant users, **Update status**
## Inspect user certificate ## Inspect user certificate
`ssh-keygen -L -f ~/.cloudflared/test.example.com-cf_key-cert.pub` `ssh-keygen -L -f ~/.cloudflared/test.yourdomain.com-cf_key-cert.pub`