MCPcopy
hub / github.com/cloudflare/cloudflared / ssh

Function ssh

cmd/cloudflared/access/carrier.go:64–147  ·  view source on GitHub ↗

ssh will start a WS proxy server for server mode or copy from stdin/stdout for client mode useful for proxying other protocols (like ssh) over websockets (which you can put Access in front of)

(c *cli.Context)

Source from the content-addressed store, hash-verified

62// useful for proxying other protocols (like ssh) over websockets
63// (which you can put Access in front of)
64func ssh(c *cli.Context) error {
65 // If not running as a forwarder, disable terminal logs as it collides with the stdin/stdout of the parent process
66 outputTerminal := logger.DisableTerminalLog
67 if c.IsSet(sshURLFlag) {
68 outputTerminal = logger.EnableTerminalLog
69 }
70 log := logger.CreateSSHLoggerFromContext(c, outputTerminal)
71
72 // get the hostname from the cmdline and error out if its not provided
73 rawHostName := c.String(sshHostnameFlag)
74 url, err := parseURL(rawHostName)
75 if err != nil {
76 log.Err(err).Send()
77 return cli.ShowCommandHelp(c, "ssh")
78 }
79
80 // get the headers from the cmdline and add them
81 headers := parseRequestHeaders(c.StringSlice(sshHeaderFlag))
82 if c.IsSet(sshTokenIDFlag) {
83 headers.Set(cfAccessClientIDHeader, c.String(sshTokenIDFlag))
84 }
85 if c.IsSet(sshTokenSecretFlag) {
86 headers.Set(cfAccessClientSecretHeader, c.String(sshTokenSecretFlag))
87 }
88 headers.Set("User-Agent", userAgent)
89
90 carrier.SetBastionDest(headers, c.String(sshDestinationFlag))
91
92 options := &carrier.StartOptions{
93 OriginURL: url.String(),
94 Headers: headers,
95 Host: url.Host,
96 IsFedramp: c.Bool(fedrampFlag),
97 }
98
99 if connectTo := c.String(sshConnectTo); connectTo != "" {
100 parts := strings.Split(connectTo, ":")
101 switch len(parts) {
102 case 1:
103 options.OriginURL = fmt.Sprintf("https://%s", parts[0])
104 case 2:
105 options.OriginURL = fmt.Sprintf("https://%s:%s", parts[0], parts[1])
106 case 3:
107 options.OriginURL = fmt.Sprintf("https://%s:%s", parts[2], parts[1])
108 options.TLSClientConfig = &tls.Config{
109 InsecureSkipVerify: true, // #nosec G402
110 ServerName: parts[0],
111 }
112 log.Warn().Msgf("Using insecure SSL connection because SNI overridden to %s", parts[0])
113 default:
114 return fmt.Errorf("invalid connection override: %s", connectTo)
115 }
116 }
117
118 // we could add a cmd line variable for this bool if we want the SOCK5 server to be on the client side
119 wsConn := carrier.NewWSConnection(log)
120
121 if c.NArg() > 0 || c.IsSet(sshURLFlag) {

Callers

nothing calls this directly

Calls 15

SetBastionDestFunction · 0.92
NewWSConnectionFunction · 0.92
ValidateUrlFunction · 0.92
StartForwarderFunction · 0.92
NewDebugStreamFunction · 0.92
StartClientFunction · 0.92
parseURLFunction · 0.85
parseRequestHeadersFunction · 0.85
StringSliceMethod · 0.80
BoolMethod · 0.80
ErrorfMethod · 0.80

Tested by

no test coverage detected