From 653bf871973bf9991553e76a79f7c7ff2bec13c5 Mon Sep 17 00:00:00 2001
From: Jeshua Lin <jeslinmx@users.noreply.github.com>
Date: Tue, 4 Apr 2023 13:25:27 +0800
Subject: [PATCH] Fix ssh-config short-lived-cert for subpath-ed hostnames

Fixes https://github.com/cloudflare/cloudflared/issues/923
---
 cmd/cloudflared/access/cmd.go | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/cmd/cloudflared/access/cmd.go b/cmd/cloudflared/access/cmd.go
index 6fec29f9..51f9b634 100644
--- a/cmd/cloudflared/access/cmd.go
+++ b/cmd/cloudflared/access/cmd.go
@@ -40,8 +40,8 @@ Add to your {{.Home}}/.ssh/config:
 {{- if .ShortLivedCerts}}
 Match host {{.Hostname}} exec "{{.Cloudflared}} access ssh-gen --hostname %h"
   ProxyCommand {{.Cloudflared}} access ssh --hostname %h
-  IdentityFile ~/.cloudflared/%h-cf_key
-  CertificateFile ~/.cloudflared/%h-cf_key-cert.pub
+  IdentityFile ~/.cloudflared/{{.SSHCertFilePath}}-cf_key
+  CertificateFile ~/.cloudflared/{{.SSHCertFilePath}}-cf_key-cert.pub
 {{- else}}
 Host {{.Hostname}}
   ProxyCommand {{.Cloudflared}} access ssh --hostname %h
@@ -365,10 +365,11 @@ func sshConfig(c *cli.Context) error {
 		ShortLivedCerts bool
 		Hostname        string
 		Cloudflared     string
+		SSHCertFilePath string
 	}
 
 	t := template.Must(template.New("sshConfig").Parse(sshConfigTemplate))
-	return t.Execute(os.Stdout, config{Home: os.Getenv("HOME"), ShortLivedCerts: genCertBool, Hostname: hostname, Cloudflared: cloudflaredPath()})
+	return t.Execute(os.Stdout, config{Home: os.Getenv("HOME"), ShortLivedCerts: genCertBool, Hostname: hostname, Cloudflared: cloudflaredPath(), SSHCertFilePath: token.GenerateSSHCertFilePathFromURL(url.Parse(ensureURLScheme(hostname)), sshgen.keyName)})
 }
 
 // sshGen generates a short lived certificate for provided hostname