From 605d39e4e8c79afaffea57f21f775ab17be2f432 Mon Sep 17 00:00:00 2001 From: Mariano Cano Date: Mon, 4 Nov 2019 18:07:52 -0800 Subject: [PATCH] Add proxycommand and new lines to templates. --- ca/client.go | 3 +-- go.sum | 1 + pki/templates.go | 9 ++++++--- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/ca/client.go b/ca/client.go index 160bfe52..509ebb7c 100644 --- a/ca/client.go +++ b/ca/client.go @@ -21,11 +21,10 @@ import ( "strconv" "strings" - "github.com/smallstep/certificates/authority/provisioner" - "github.com/pkg/errors" "github.com/smallstep/certificates/api" "github.com/smallstep/certificates/authority" + "github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/cli/config" "github.com/smallstep/cli/crypto/x509util" "gopkg.in/square/go-jose.v2/jwt" diff --git a/go.sum b/go.sum index 845b3ade..50422506 100644 --- a/go.sum +++ b/go.sum @@ -91,6 +91,7 @@ github.com/smallstep/certificates v0.14.0-rc.1.0.20191023014154-4669bef8c700/go. github.com/smallstep/certinfo v0.0.0-20191008000228-b0e530932339/go.mod h1:n4YHPL9hJIyB+N4F2rPBy3mpPxMxTGJP5Pdsyaoc2Ns= github.com/smallstep/cli v0.12.1-0.20191016010425-15911d8625df h1:SSZWKGpaVmKQgTkfaQMnYLS/gYhRVVjvzdE1F9GiffU= github.com/smallstep/cli v0.12.1-0.20191016010425-15911d8625df/go.mod h1:zGPm8vWCqzvDqkdC1laFJNdIOjNSB8V4qDp68Ny538o= +github.com/smallstep/cli v0.13.3 h1:S29UydCtDVy0QQBtGdatq064tnks1/0DYxxnEtNiQpc= github.com/smallstep/cli v0.14.0-rc.1.0.20191024214139-914a67ed80c2 h1:Q0B9XBAn3KzjZKH3ojxLQolUnHSXuomfFjm+/KbIdpY= github.com/smallstep/cli v0.14.0-rc.1.0.20191024214139-914a67ed80c2/go.mod h1:GoA1cE4YrZRRvVbFlPKJUsMuWHnFBX+R88j1pmpbGgk= github.com/smallstep/nosql v0.1.1-0.20191009043502-4b26d8029e61 h1:XM3mkHNBc6bEQhrZNEma+iz63xrmRFfCocmAEObeg/s= diff --git a/pki/templates.go b/pki/templates.go index 0fc125d1..633b762c 100644 --- a/pki/templates.go +++ b/pki/templates.go @@ -35,13 +35,15 @@ var sshTemplateData = map[string]string{ // and references the step known_hosts file "config.tpl": `Match exec "step ssh check-host %h" ForwardAgent yes - UserKnownHostsFile {{.User.StepPath}}/ssh/known_hosts`, + UserKnownHostsFile {{.User.StepPath}}/ssh/known_hosts + ProxyCommand step ssh proxycommand %r %h %p`, // known_hosts.tpl authorizes the ssh hosts key "known_hosts.tpl": `@cert-authority * {{.Step.SSH.HostKey.Type}} {{.Step.SSH.HostKey.Marshal | toString | b64enc}} {{- range .Step.SSH.HostFederatedKeys}} @cert-authority * {{.Type}} {{.Marshal | toString | b64enc}} -{{- end}}`, +{{- end}} +`, // sshd_config.tpl adds the configuration to support certificates "sshd_config.tpl": `TrustedUserCAKeys /etc/ssh/ca.pub @@ -52,7 +54,8 @@ HostKey /etc/ssh/{{.User.Key}}`, "ca.tpl": `{{.Step.SSH.UserKey.Type}} {{.Step.SSH.UserKey.Marshal | toString | b64enc}} {{- range .Step.SSH.UserFederatedKeys}} {{.Type}} {{.Marshal | toString | b64enc}} -{{- end}}`, +{{- end}} +`, } // getTemplates returns all the templates enabled