AUTH-2018: Adds support for authorized keys and short lived certs

2025-07-27 17:29:58 +00:00 · 2019-08-22 11:36:21 -05:00
parent df25ed9bde
commit baec3e289e
16 changed files with 549 additions and 33 deletions
--- a/cmd/cloudflared/tunnel/cmd.go
+++ b/cmd/cloudflared/tunnel/cmd.go
@@ -338,7 +338,7 @@ func StartServer(c *cli.Context, version string, shutdownC, graceShutdownC chan
 		logger.Infof("ssh-server set")

 		sshServerAddress := "127.0.0.1:" + c.String("local-ssh-port")
-		server, err := sshserver.New(logger, sshServerAddress, shutdownC)
+		server, err := sshserver.New(logger, sshServerAddress, shutdownC, c.Bool("short-lived-certs"))
 		if err != nil {
 			logger.WithError(err).Error("Cannot create new SSH Server")
 			return errors.Wrap(err, "Cannot create new SSH Server")
@@ -915,5 +915,11 @@ func tunnelFlags(shouldHide bool) []cli.Flag {
 			EnvVars: []string{"LOCAL_SSH_PORT"},
 			Hidden:  true,
 		}),
+		altsrc.NewBoolFlag(&cli.BoolFlag{
+			Name:    "short-lived-certs",
+			Usage:   "Enable short lived cert authentication for SSH server",
+			EnvVars: []string{"SHORT_LIVED_CERTS"},
+			Hidden:  true,
+		}),
 	}
 }