Issue #574: Better ssh config for short-lived cert
This PR is made using suggestion from #574. The pros for this config is that it will work both Windows and Linux (tested), as well as in VSCode, which normally can't be done with the current generated ssh config (refers to #734)
This commit is contained in:
parent
3449ea35f2
commit
bf8809a62e
|
@ -37,16 +37,13 @@ const (
|
||||||
sshConfigTemplate = `
|
sshConfigTemplate = `
|
||||||
Add to your {{.Home}}/.ssh/config:
|
Add to your {{.Home}}/.ssh/config:
|
||||||
|
|
||||||
Host {{.Hostname}}
|
|
||||||
{{- if .ShortLivedCerts}}
|
{{- if .ShortLivedCerts}}
|
||||||
ProxyCommand bash -c '{{.Cloudflared}} access ssh-gen --hostname %h; ssh -tt %r@cfpipe-{{.Hostname}} >&2 <&1'
|
Match host {{.Hostname}} exec "{{.Cloudflared}} access ssh-gen --hostname %h"
|
||||||
|
|
||||||
Host cfpipe-{{.Hostname}}
|
|
||||||
HostName {{.Hostname}}
|
|
||||||
ProxyCommand {{.Cloudflared}} access ssh --hostname %h
|
ProxyCommand {{.Cloudflared}} access ssh --hostname %h
|
||||||
IdentityFile ~/.cloudflared/{{.Hostname}}-cf_key
|
IdentityFile ~/.cloudflared/%h-cf_key
|
||||||
CertificateFile ~/.cloudflared/{{.Hostname}}-cf_key-cert.pub
|
CertificateFile ~/.cloudflared/%h-cf_key-cert.pub
|
||||||
{{- else}}
|
{{- else}}
|
||||||
|
Host {{.Hostname}}
|
||||||
ProxyCommand {{.Cloudflared}} access ssh --hostname %h
|
ProxyCommand {{.Cloudflared}} access ssh --hostname %h
|
||||||
{{end}}
|
{{end}}
|
||||||
`
|
`
|
||||||
|
|
Loading…
Reference in New Issue