|
|
|
@ -35,13 +35,15 @@ var sshTemplateData = map[string]string{
|
|
|
|
|
// and references the step known_hosts file
|
|
|
|
|
"config.tpl": `Match exec "step ssh check-host %h"
|
|
|
|
|
ForwardAgent yes
|
|
|
|
|
UserKnownHostsFile {{.User.StepPath}}/ssh/known_hosts`,
|
|
|
|
|
UserKnownHostsFile {{.User.StepPath}}/ssh/known_hosts
|
|
|
|
|
ProxyCommand step ssh proxycommand %r %h %p`,
|
|
|
|
|
|
|
|
|
|
// known_hosts.tpl authorizes the ssh hosts key
|
|
|
|
|
"known_hosts.tpl": `@cert-authority * {{.Step.SSH.HostKey.Type}} {{.Step.SSH.HostKey.Marshal | toString | b64enc}}
|
|
|
|
|
{{- range .Step.SSH.HostFederatedKeys}}
|
|
|
|
|
@cert-authority * {{.Type}} {{.Marshal | toString | b64enc}}
|
|
|
|
|
{{- end}}`,
|
|
|
|
|
{{- end}}
|
|
|
|
|
`,
|
|
|
|
|
|
|
|
|
|
// sshd_config.tpl adds the configuration to support certificates
|
|
|
|
|
"sshd_config.tpl": `TrustedUserCAKeys /etc/ssh/ca.pub
|
|
|
|
@ -52,7 +54,8 @@ HostKey /etc/ssh/{{.User.Key}}`,
|
|
|
|
|
"ca.tpl": `{{.Step.SSH.UserKey.Type}} {{.Step.SSH.UserKey.Marshal | toString | b64enc}}
|
|
|
|
|
{{- range .Step.SSH.UserFederatedKeys}}
|
|
|
|
|
{{.Type}} {{.Marshal | toString | b64enc}}
|
|
|
|
|
{{- end}}`,
|
|
|
|
|
{{- end}}
|
|
|
|
|
`,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// getTemplates returns all the templates enabled
|
|
|
|
|