From bf8809a62e6806962d0b2443efa6e7807a9bb605 Mon Sep 17 00:00:00 2001 From: n0k0m3 <10925298+n0k0m3@users.noreply.github.com> Date: Thu, 22 Sep 2022 14:35:32 -0400 Subject: [PATCH] Issue #574: Better ssh config for short-lived cert This PR is made using suggestion from #574. The pros for this config is that it will work both Windows and Linux (tested), as well as in VSCode, which normally can't be done with the current generated ssh config (refers to #734) --- cmd/cloudflared/access/cmd.go | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/cmd/cloudflared/access/cmd.go b/cmd/cloudflared/access/cmd.go index 85f59d8f..c0088ff6 100644 --- a/cmd/cloudflared/access/cmd.go +++ b/cmd/cloudflared/access/cmd.go @@ -37,16 +37,13 @@ const ( sshConfigTemplate = ` Add to your {{.Home}}/.ssh/config: -Host {{.Hostname}} {{- if .ShortLivedCerts}} - ProxyCommand bash -c '{{.Cloudflared}} access ssh-gen --hostname %h; ssh -tt %r@cfpipe-{{.Hostname}} >&2 <&1' - -Host cfpipe-{{.Hostname}} - HostName {{.Hostname}} +Match host {{.Hostname}} exec "{{.Cloudflared}} access ssh-gen --hostname %h" ProxyCommand {{.Cloudflared}} access ssh --hostname %h - IdentityFile ~/.cloudflared/{{.Hostname}}-cf_key - CertificateFile ~/.cloudflared/{{.Hostname}}-cf_key-cert.pub + IdentityFile ~/.cloudflared/%h-cf_key + CertificateFile ~/.cloudflared/%h-cf_key-cert.pub {{- else}} +Host {{.Hostname}} ProxyCommand {{.Cloudflared}} access ssh --hostname %h {{end}} `