Fix ssh-config short-lived-cert for subpath-ed hostnames

Fixes https://github.com/cloudflare/cloudflared/issues/923
This commit is contained in:
Jeshua Lin 2023-04-04 13:25:27 +08:00 committed by GitHub
parent 39ed5dc182
commit 653bf87197
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 3 deletions

View File

@ -40,8 +40,8 @@ Add to your {{.Home}}/.ssh/config:
{{- if .ShortLivedCerts}}
Match host {{.Hostname}} exec "{{.Cloudflared}} access ssh-gen --hostname %h"
ProxyCommand {{.Cloudflared}} access ssh --hostname %h
IdentityFile ~/.cloudflared/%h-cf_key
CertificateFile ~/.cloudflared/%h-cf_key-cert.pub
IdentityFile ~/.cloudflared/{{.SSHCertFilePath}}-cf_key
CertificateFile ~/.cloudflared/{{.SSHCertFilePath}}-cf_key-cert.pub
{{- else}}
Host {{.Hostname}}
ProxyCommand {{.Cloudflared}} access ssh --hostname %h
@ -365,10 +365,11 @@ func sshConfig(c *cli.Context) error {
ShortLivedCerts bool
Hostname string
Cloudflared string
SSHCertFilePath string
}
t := template.Must(template.New("sshConfig").Parse(sshConfigTemplate))
return t.Execute(os.Stdout, config{Home: os.Getenv("HOME"), ShortLivedCerts: genCertBool, Hostname: hostname, Cloudflared: cloudflaredPath()})
return t.Execute(os.Stdout, config{Home: os.Getenv("HOME"), ShortLivedCerts: genCertBool, Hostname: hostname, Cloudflared: cloudflaredPath(), SSHCertFilePath: token.GenerateSSHCertFilePathFromURL(url.Parse(ensureURLScheme(hostname)), sshgen.keyName)})
}
// sshGen generates a short lived certificate for provided hostname