Displaying 2 results from an estimated 2 matches for "couldflar".
Did you mean:
couldflared
2023 Mar 07
1
Feature request: a good way to supply short-lived certificates to openssh
....domain"
ProxyCommand cloudflared access ssh --hostname myhost.domain
IdentityFile ~/.cloudflared/blahblah
CertificateFile ~/.cloudflared/blahblah.pub
cloudflared is this thing (open source!):
https://github.com/cloudflare/cloudflared
There are two pieces of magic here. One is the "couldflared access ssh-gen" command. It's annoyingly slow (which could be fixed, presumably), and it refreshes the certificates in ~/.cloudflared, using (I presume -- haven't checked) OAuth2 behind the scenes. The other is the ProxyCommand, which, as I've configured it, is just a proxy.
T...
2023 Mar 07
2
Feature request: a good way to supply short-lived certificates to openssh
On 07/03/23, Darren Tucker (dtucker at dtucker.net) wrote:
> On Tue, 7 Mar 2023 at 05:26, Andy Lutomirski <luto at kernel.org> wrote:
> [...]
> > ssh_config contains a Match ... exec [command to refresh the certificate].
> > This sort of works, except that it runs the command far too frequently.
> > For example, ssh -O exit [name] refreshes the certificate, and it