From 1b5313cc28bb4563d5536f4e188c8a59448e5b18 Mon Sep 17 00:00:00 2001 From: n0k0m3 <10925298+n0k0m3@users.noreply.github.com> Date: Wed, 2 Nov 2022 06:44:34 -0400 Subject: [PATCH] Issue #574: Better ssh config for short-lived cert (#763) This PR is made using suggestion from #574. The pros for this config is that it will work both Windows and Linux (tested), as well as in VSCode, which normally can't be done with the current generated ssh config (refers to #734) --- cmd/cloudflared/access/cmd.go | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/cmd/cloudflared/access/cmd.go b/cmd/cloudflared/access/cmd.go index 85f59d8f..c0088ff6 100644 --- a/cmd/cloudflared/access/cmd.go +++ b/cmd/cloudflared/access/cmd.go @@ -37,16 +37,13 @@ const ( sshConfigTemplate = ` Add to your {{.Home}}/.ssh/config: -Host {{.Hostname}} {{- if .ShortLivedCerts}} - ProxyCommand bash -c '{{.Cloudflared}} access ssh-gen --hostname %h; ssh -tt %r@cfpipe-{{.Hostname}} >&2 <&1' - -Host cfpipe-{{.Hostname}} - HostName {{.Hostname}} +Match host {{.Hostname}} exec "{{.Cloudflared}} access ssh-gen --hostname %h" ProxyCommand {{.Cloudflared}} access ssh --hostname %h - IdentityFile ~/.cloudflared/{{.Hostname}}-cf_key - CertificateFile ~/.cloudflared/{{.Hostname}}-cf_key-cert.pub + IdentityFile ~/.cloudflared/%h-cf_key + CertificateFile ~/.cloudflared/%h-cf_key-cert.pub {{- else}} +Host {{.Hostname}} ProxyCommand {{.Cloudflared}} access ssh --hostname %h {{end}} `