Add Match all to sshd host template

2021-02-01 11:54:39 -08:00
3 changed files with 5 additions and 3 deletions
--- a/authority/ssh_test.go
+++ b/authority/ssh_test.go
@ -450,7 +450,7 @@ func TestAuthority_GetSSHConfig(t *testing.T) {
 		{Name: "config.tpl", Type: templates.File, Comment: "#", Path: "ssh/config", Content: []byte("Match exec \"step ssh check-host %h\"\n\tUserKnownHostsFile /home/user/.step/ssh/known_hosts\n\tProxyCommand step ssh proxycommand %r %h %p\n")},
 	}
 	hostOutputWithUserData := []templates.Output{
-		{Name: "sshd_config.tpl", Type: templates.File, Comment: "#", Path: "/etc/ssh/sshd_config", Content: []byte("TrustedUserCAKeys /etc/ssh/ca.pub\nHostCertificate /etc/ssh/ssh_host_ecdsa_key-cert.pub\nHostKey /etc/ssh/ssh_host_ecdsa_key")},
+		{Name: "sshd_config.tpl", Type: templates.File, Comment: "#", Path: "/etc/ssh/sshd_config", Content: []byte("Match all\nTrustedUserCAKeys /etc/ssh/ca.pub\nHostCertificate /etc/ssh/ssh_host_ecdsa_key-cert.pub\nHostKey /etc/ssh/ssh_host_ecdsa_key")},
 	}

 	tmplConfigErr := &templates.Templates{
--- a/authority/testdata/templates/sshd_config.tpl
+++ b/authority/testdata/templates/sshd_config.tpl
@ -1,3 +1,4 @@
+Match all
 TrustedUserCAKeys /etc/ssh/ca.pub
 HostCertificate /etc/ssh/{{.User.Certificate}}
-HostKey /etc/ssh/{{.User.Key}}
+HostKey /etc/ssh/{{.User.Key}}
--- a/templates/values.go
+++ b/templates/values.go
@ -99,7 +99,8 @@ var DefaultSSHTemplateData = map[string]string{
 `,

 	// sshd_config.tpl adds the configuration to support certificates
-	"sshd_config.tpl": `TrustedUserCAKeys /etc/ssh/ca.pub
+	"sshd_config.tpl": `Match all
+TrustedUserCAKeys /etc/ssh/ca.pub
 HostCertificate /etc/ssh/{{.User.Certificate}}
 HostKey /etc/ssh/{{.User.Key}}`,