Add proxycommand and new lines to templates.

5 years ago · b8817ad648
parent c7e4cc96a4
commit b8817ad648
3 changed files with 8 additions and 5 deletions
--- a/ca/client.go
+++ b/ca/client.go
@ -21,11 +21,10 @@ import (
 	"strconv"
 	"strings"

-	"github.com/smallstep/certificates/authority/provisioner"
-
 	"github.com/pkg/errors"
 	"github.com/smallstep/certificates/api"
 	"github.com/smallstep/certificates/authority"
+	"github.com/smallstep/certificates/authority/provisioner"
 	"github.com/smallstep/cli/config"
 	"github.com/smallstep/cli/crypto/x509util"
 	"gopkg.in/square/go-jose.v2/jwt"
--- a/go.sum
+++ b/go.sum
@ -91,6 +91,7 @@ github.com/smallstep/certificates v0.14.0-rc.1.0.20191023014154-4669bef8c700/go.
 github.com/smallstep/certinfo v0.0.0-20191008000228-b0e530932339/go.mod h1:n4YHPL9hJIyB+N4F2rPBy3mpPxMxTGJP5Pdsyaoc2Ns=
 github.com/smallstep/cli v0.12.1-0.20191016010425-15911d8625df h1:SSZWKGpaVmKQgTkfaQMnYLS/gYhRVVjvzdE1F9GiffU=
 github.com/smallstep/cli v0.12.1-0.20191016010425-15911d8625df/go.mod h1:zGPm8vWCqzvDqkdC1laFJNdIOjNSB8V4qDp68Ny538o=
+github.com/smallstep/cli v0.13.3 h1:S29UydCtDVy0QQBtGdatq064tnks1/0DYxxnEtNiQpc=
 github.com/smallstep/cli v0.14.0-rc.1.0.20191024214139-914a67ed80c2 h1:Q0B9XBAn3KzjZKH3ojxLQolUnHSXuomfFjm+/KbIdpY=
 github.com/smallstep/cli v0.14.0-rc.1.0.20191024214139-914a67ed80c2/go.mod h1:GoA1cE4YrZRRvVbFlPKJUsMuWHnFBX+R88j1pmpbGgk=
 github.com/smallstep/nosql v0.1.1-0.20191009043502-4b26d8029e61 h1:XM3mkHNBc6bEQhrZNEma+iz63xrmRFfCocmAEObeg/s=
--- a/pki/templates.go
+++ b/pki/templates.go
@ -35,13 +35,15 @@ var sshTemplateData = map[string]string{
 	// and references the step known_hosts file
 	"config.tpl": `Match exec "step ssh check-host %h"
 	ForwardAgent yes
-	UserKnownHostsFile {{.User.StepPath}}/ssh/known_hosts`,
+	UserKnownHostsFile {{.User.StepPath}}/ssh/known_hosts
+	ProxyCommand step ssh proxycommand %r %h %p`,

 	// known_hosts.tpl authorizes the ssh hosts key
 	"known_hosts.tpl": `@cert-authority * {{.Step.SSH.HostKey.Type}} {{.Step.SSH.HostKey.Marshal | toString | b64enc}}
 {{- range .Step.SSH.HostFederatedKeys}}
@cert-authority * {{.Type}} {{.Marshal | toString | b64enc}}
-{{- end}}`,
+{{- end}}
+`,

 	// sshd_config.tpl adds the configuration to support certificates
 	"sshd_config.tpl": `TrustedUserCAKeys /etc/ssh/ca.pub
@ -52,7 +54,8 @@ HostKey /etc/ssh/{{.User.Key}}`,
 	"ca.tpl": `{{.Step.SSH.UserKey.Type}} {{.Step.SSH.UserKey.Marshal | toString | b64enc}}
 {{- range .Step.SSH.UserFederatedKeys}}
 {{.Type}} {{.Marshal | toString | b64enc}}
-{{- end}}`,
+{{- end}}
+`,
 }

 // getTemplates returns all the templates enabled