Issue #574: Better ssh config for short-lived cert (#763)

This PR is made using suggestion from #574. The pros for this config is that it will work both Windows and Linux (tested), as well as in VSCode, which normally can't be done with the current generated ssh config (refers to #734)
This commit is contained in:
n0k0m3 2022-11-02 06:44:34 -04:00 committed by GitHub
parent dde83d5a7c
commit 1b5313cc28
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 7 deletions

View File

@ -37,16 +37,13 @@ const (
sshConfigTemplate = ` sshConfigTemplate = `
Add to your {{.Home}}/.ssh/config: Add to your {{.Home}}/.ssh/config:
Host {{.Hostname}}
{{- if .ShortLivedCerts}} {{- if .ShortLivedCerts}}
ProxyCommand bash -c '{{.Cloudflared}} access ssh-gen --hostname %h; ssh -tt %r@cfpipe-{{.Hostname}} >&2 <&1' Match host {{.Hostname}} exec "{{.Cloudflared}} access ssh-gen --hostname %h"
Host cfpipe-{{.Hostname}}
HostName {{.Hostname}}
ProxyCommand {{.Cloudflared}} access ssh --hostname %h ProxyCommand {{.Cloudflared}} access ssh --hostname %h
IdentityFile ~/.cloudflared/{{.Hostname}}-cf_key IdentityFile ~/.cloudflared/%h-cf_key
CertificateFile ~/.cloudflared/{{.Hostname}}-cf_key-cert.pub CertificateFile ~/.cloudflared/%h-cf_key-cert.pub
{{- else}} {{- else}}
Host {{.Hostname}}
ProxyCommand {{.Cloudflared}} access ssh --hostname %h ProxyCommand {{.Cloudflared}} access ssh --hostname %h
{{end}} {{end}}
` `