AUTH-2037: Adds support for ssh port forwarding

2025-07-27 17:29:58 +00:00 · 2019-09-04 11:14:27 -05:00
parent 945bf76897
commit c2a71c5a51
3 changed files with 45 additions and 16 deletions
--- a/cmd/cloudflared/tunnel/cmd.go
+++ b/cmd/cloudflared/tunnel/cmd.go
@@ -73,6 +73,9 @@ const (

 	// s3URLFlag is the S3 URL of SSH log uploader (e.g. don't use AWS s3 and use google storage bucket instead)
 	s3URLFlag = "s3-url-host"
+
+	// disablePortForwarding disables both remote and local ssh port forwarding
+	enablePortForwardingFlag = "enable-port-forwarding"
 )

 var (
@@ -387,7 +390,7 @@ func StartServer(c *cli.Context, version string, shutdownC, graceShutdownC chan
 		}

 		sshServerAddress := "127.0.0.1:" + c.String(sshPortFlag)
-		server, err := sshserver.New(logManager, logger, version, sshServerAddress, shutdownC, c.Duration(sshIdleTimeoutFlag), c.Duration(sshMaxTimeoutFlag))
+		server, err := sshserver.New(logManager, logger, version, sshServerAddress, shutdownC, c.Duration(sshIdleTimeoutFlag), c.Duration(sshMaxTimeoutFlag), c.Bool(enablePortForwardingFlag))
 		if err != nil {
 			logger.WithError(err).Error("Cannot create new SSH Server")
 			return errors.Wrap(err, "Cannot create new SSH Server")
@@ -1020,5 +1023,11 @@ func tunnelFlags(shouldHide bool) []cli.Flag {
 			EnvVars: []string{"S3_URL"},
 			Hidden:  true,
 		}),
+		altsrc.NewBoolFlag(&cli.BoolFlag{
+			Name:    enablePortForwardingFlag,
+			Usage:   "Enables remote and local SSH port forwarding",
+			EnvVars: []string{"ENABLE_PORT_FORWARDING"},
+			Hidden:  true,
+		}),
 	}
 }