From aea2a7c9f3d6392d87c216461a482788f04b4ab4 Mon Sep 17 00:00:00 2001 From: Mariano Cano Date: Mon, 12 Apr 2021 18:37:10 -0700 Subject: [PATCH] Update sshd_config.tpl to a Match all block. Fixes #479 --- authority/ssh_test.go | 2 +- authority/testdata/templates/sshd_config.tpl | 7 ++++--- templates/values.go | 7 ++++--- 3 files changed, 9 insertions(+), 7 deletions(-) diff --git a/authority/ssh_test.go b/authority/ssh_test.go index b5cce1fd..1662260c 100644 --- a/authority/ssh_test.go +++ b/authority/ssh_test.go @@ -450,7 +450,7 @@ func TestAuthority_GetSSHConfig(t *testing.T) { {Name: "config.tpl", Type: templates.File, Comment: "#", Path: "ssh/config", Content: []byte("Match exec \"step ssh check-host %h\"\n\tUserKnownHostsFile /home/user/.step/ssh/known_hosts\n\tProxyCommand step ssh proxycommand %r %h %p\n")}, } hostOutputWithUserData := []templates.Output{ - {Name: "sshd_config.tpl", Type: templates.File, Comment: "#", Path: "/etc/ssh/sshd_config", Content: []byte("TrustedUserCAKeys /etc/ssh/ca.pub\nHostCertificate /etc/ssh/ssh_host_ecdsa_key-cert.pub\nHostKey /etc/ssh/ssh_host_ecdsa_key")}, + {Name: "sshd_config.tpl", Type: templates.File, Comment: "#", Path: "/etc/ssh/sshd_config", Content: []byte("Match all\n\tTrustedUserCAKeys /etc/ssh/ca.pub\n\tHostCertificate /etc/ssh/ssh_host_ecdsa_key-cert.pub\n\tHostKey /etc/ssh/ssh_host_ecdsa_key")}, } tmplConfigErr := &templates.Templates{ diff --git a/authority/testdata/templates/sshd_config.tpl b/authority/testdata/templates/sshd_config.tpl index 5ce01fc4..c8e4b884 100644 --- a/authority/testdata/templates/sshd_config.tpl +++ b/authority/testdata/templates/sshd_config.tpl @@ -1,3 +1,4 @@ -TrustedUserCAKeys /etc/ssh/ca.pub -HostCertificate /etc/ssh/{{.User.Certificate}} -HostKey /etc/ssh/{{.User.Key}} \ No newline at end of file +Match all + TrustedUserCAKeys /etc/ssh/ca.pub + HostCertificate /etc/ssh/{{.User.Certificate}} + HostKey /etc/ssh/{{.User.Key}} \ No newline at end of file diff --git a/templates/values.go b/templates/values.go index fd4ee4c2..972b1d55 100644 --- a/templates/values.go +++ b/templates/values.go @@ -99,9 +99,10 @@ var DefaultSSHTemplateData = map[string]string{ `, // sshd_config.tpl adds the configuration to support certificates - "sshd_config.tpl": `TrustedUserCAKeys /etc/ssh/ca.pub -HostCertificate /etc/ssh/{{.User.Certificate}} -HostKey /etc/ssh/{{.User.Key}}`, + "sshd_config.tpl": `Match all + TrustedUserCAKeys /etc/ssh/ca.pub + HostCertificate /etc/ssh/{{.User.Certificate}} + HostKey /etc/ssh/{{.User.Key}}`, // ca.tpl contains the public key used to authorized clients "ca.tpl": `{{.Step.SSH.UserKey.Type}} {{.Step.SSH.UserKey.Marshal | toString | b64enc}}