AUTH-2105: Adds support for local forwarding. Refactor auditlogger creation.

AUTH-2088: Adds dynamic destination routing

cmd/cloudflared/access/carrier.go

@@ -34,6 +34,12 @@ func ssh(c *cli.Context) error {
 		headers.Add("CF-Access-Client-Secret", c.String(sshTokenSecretFlag))
 	}
 
+	destination := c.String(sshDestinationFlag)
+	if destination == "" {
+		return cli.ShowCommandHelp(c, "ssh")
+	}
+	headers.Add("CF-Access-SSH-Destination", destination)
+
 	options := &carrier.StartOptions{
 		OriginURL: originURL,
 		Headers:   headers,

cmd/cloudflared/access/cmd.go

@@ -24,6 +24,7 @@ import (
 
 const (
 	sshHostnameFlag    = "hostname"
+	sshDestinationFlag = "destination"
 	sshURLFlag         = "url"
 	sshHeaderFlag      = "header"
 	sshTokenIDFlag     = "service-token-id"
@@ -127,6 +128,10 @@ func Commands() []*cli.Command {
 							Name:  sshHostnameFlag,
 							Usage: "specify the hostname of your application.",
 						},
+						&cli.StringFlag{
+							Name:  sshDestinationFlag,
+							Usage: "specify the destination address of your SSH server.",
+						},
 						&cli.StringFlag{
 							Name:  sshURLFlag,
 							Usage: "specify the host:port to forward data to Cloudflare edge.",

cmd/cloudflared/tunnel/cmd.go

@@ -45,7 +45,7 @@ import (
 const (
 	sentryDSN = "https://56a9c9fa5c364ab28f34b14f35ea0f1b:3e8827f6f9f740738eb11138f7bebb68@sentry.io/189878"
 
-	sshLogFileDirectory = "/var/log/cloudflared/"
+	sshLogFileDirectory = "/usr/local/var/log/cloudflared/"
 
 	// sshPortFlag is the port on localhost the cloudflared ssh server will run on
 	sshPortFlag = "local-ssh-port"
@@ -383,7 +383,7 @@ func StartServer(c *cli.Context, version string, shutdownC, graceShutdownC chan
 				return errors.Wrap(err, msg)
 			}
 
-			if err := os.MkdirAll(sshLogFileDirectory, 0600); err != nil {
+			if err := os.MkdirAll(sshLogFileDirectory, 0700); err != nil {
 				msg := fmt.Sprintf("Cannot create SSH log file directory %s", sshLogFileDirectory)
 				logger.WithError(err).Errorf(msg)
 				return errors.Wrap(err, msg)