type
status
date
slug
summary
tags
category
icon
password
Add CA on Mac
Ref:
- Generate CA on Cloudflared Dashboard
- In Zero Trust, go to Access > Service auth > SSH.
- In the Application dropdown, choose the Access application that represents your SSH server.
- Select Generate certificate. A row will appear with a public key scoped to your application.
- Save the key or keep it somewhere convenient for configuring your server. You can return to copy this public key any time in the Service Auth dashboard.
Generate a short-lived certificate public key
- Save your public key
- Copy the public key generated from the dashboard in Step 3.
- Use the following command to change directories to the SSH configuration directory on the remote target machine:
- Once there, you can use the following command to both generate the file and open a text editor to input/paste the public key.
- In the
ca.pubfile, paste the public key without any modifications.
ca.pub
ecdsa-sha2-nistp256 <redacted> open-ssh-ca@cloudflareaccess.orgThe
ca.pub file can hold multiple keys, listed one per line. Empty lines and comments starting with # are also allowed.- configuration
- While staying within the
/etc/sshdirectory on the remote machine, open thesshd_configfile. - Go to the row named
PubkeyAuthentication. In most default configurations, the row will appear commented out as follows: - Remove the
#symbol to uncomment the line: - Add a new line below
PubkeyAuthentication:
Modify your SSHD config
The following procedure makes two changes to the
sshd_config file on the remote target machine. The first change requires that you uncomment a field already set in most default configurations; the second change adds a new field.
