From 02ed784a9b719526ea53677224cbe379b09176dc Mon Sep 17 00:00:00 2001 From: Mariano Cano Date: Wed, 15 Apr 2020 11:17:24 -0700 Subject: [PATCH] Do not enable by default ForwardAgent. --- authority/ssh_test.go | 2 +- authority/testdata/templates/config.tpl | 1 - pki/templates.go | 1 - 3 files changed, 1 insertion(+), 3 deletions(-) diff --git a/authority/ssh_test.go b/authority/ssh_test.go index 6d05e1a9..e32d9d87 100644 --- a/authority/ssh_test.go +++ b/authority/ssh_test.go @@ -412,7 +412,7 @@ func TestAuthority_GetSSHConfig(t *testing.T) { } userOutputWithUserData := []templates.Output{ {Name: "include.tpl", Type: templates.File, Comment: "#", Path: "ssh/include", Content: []byte("Host *\n\tInclude /home/user/.step/ssh/config")}, - {Name: "config.tpl", Type: templates.File, Comment: "#", Path: "ssh/config", Content: []byte("Match exec \"step ssh check-host %h\"\n\tForwardAgent yes\n\tUserKnownHostsFile /home/user/.step/ssh/known_hosts\n\tProxyCommand step ssh proxycommand %r %h %p\n")}, + {Name: "config.tpl", Type: templates.File, Comment: "#", Path: "ssh/config", Content: []byte("Match exec \"step ssh check-host %h\"\n\tUserKnownHostsFile /home/user/.step/ssh/known_hosts\n\tProxyCommand step ssh proxycommand %r %h %p\n")}, } hostOutputWithUserData := []templates.Output{ {Name: "sshd_config.tpl", Type: templates.File, Comment: "#", Path: "/etc/ssh/sshd_config", Content: []byte("TrustedUserCAKeys /etc/ssh/ca.pub\nHostCertificate /etc/ssh/ssh_host_ecdsa_key-cert.pub\nHostKey /etc/ssh/ssh_host_ecdsa_key")}, diff --git a/authority/testdata/templates/config.tpl b/authority/testdata/templates/config.tpl index 63269a4c..73aa4d1d 100644 --- a/authority/testdata/templates/config.tpl +++ b/authority/testdata/templates/config.tpl @@ -1,5 +1,4 @@ Match exec "step ssh check-host %h" - ForwardAgent yes {{- if .User.User }} User {{.User.User}} {{- end }} diff --git a/pki/templates.go b/pki/templates.go index 3b2ba56f..44d4a7b0 100644 --- a/pki/templates.go +++ b/pki/templates.go @@ -42,7 +42,6 @@ var SSHTemplateData = map[string]string{ // // Note: on windows ProxyCommand requires the full path "config.tpl": `Match exec "step ssh check-host %h" - ForwardAgent yes {{- if .User.User }} User {{.User.User}} {{- end }}