Do not enable by default ForwardAgent.

maraino · maraino · commit 02ed784a9b71 · 2020-04-15T11:17:24.000-07:00
diff --git a/authority/ssh_test.go b/authority/ssh_test.go
@@ -412,7 +412,7 @@ func TestAuthority_GetSSHConfig(t *testing.T) {
 	}
 	userOutputWithUserData := []templates.Output{
 		{Name: "include.tpl", Type: templates.File, Comment: "#", Path: "ssh/include", Content: []byte("Host *\n\tInclude /home/user/.step/ssh/config")},
-		{Name: "config.tpl", Type: templates.File, Comment: "#", Path: "ssh/config", Content: []byte("Match exec \"step ssh check-host %h\"\n\tForwardAgent yes\n\tUserKnownHostsFile /home/user/.step/ssh/known_hosts\n\tProxyCommand step ssh proxycommand %r %h %p\n")},
+		{Name: "config.tpl", Type: templates.File, Comment: "#", Path: "ssh/config", Content: []byte("Match exec \"step ssh check-host %h\"\n\tUserKnownHostsFile /home/user/.step/ssh/known_hosts\n\tProxyCommand step ssh proxycommand %r %h %p\n")},
 	}
 	hostOutputWithUserData := []templates.Output{
 		{Name: "sshd_config.tpl", Type: templates.File, Comment: "#", Path: "/etc/ssh/sshd_config", Content: []byte("TrustedUserCAKeys /etc/ssh/ca.pub\nHostCertificate /etc/ssh/ssh_host_ecdsa_key-cert.pub\nHostKey /etc/ssh/ssh_host_ecdsa_key")},
diff --git a/authority/testdata/templates/config.tpl b/authority/testdata/templates/config.tpl
@@ -1,5 +1,4 @@
 Match exec "step ssh check-host %h"
-	ForwardAgent yes
 {{- if .User.User }}
 	User {{.User.User}}
 {{- end }}
diff --git a/pki/templates.go b/pki/templates.go
@@ -42,7 +42,6 @@ var SSHTemplateData = map[string]string{
 	//
 	// Note: on windows ProxyCommand requires the full path
 	"config.tpl": `Match exec "step ssh check-host %h"
-	ForwardAgent yes
 {{- if .User.User }}
 	User {{.User.User}}
 {{- end }}

Original file line number	Diff line number	Diff line change
`@@ -412,7 +412,7 @@ func TestAuthority_GetSSHConfig(t *testing.T) {`
`412`	`412`	`}`
`413`	`413`	`userOutputWithUserData := []templates.Output{`
`414`	`414`	`{Name: "include.tpl", Type: templates.File, Comment: "#", Path: "ssh/include", Content: []byte("Host *\n\tInclude /home/user/.step/ssh/config")},`
`415`		`- {Name: "config.tpl", Type: templates.File, Comment: "#", Path: "ssh/config", Content: []byte("Match exec \"step ssh check-host %h\"\n\tForwardAgent yes\n\tUserKnownHostsFile /home/user/.step/ssh/known_hosts\n\tProxyCommand step ssh proxycommand %r %h %p\n")},`
	`415`	`+ {Name: "config.tpl", Type: templates.File, Comment: "#", Path: "ssh/config", Content: []byte("Match exec \"step ssh check-host %h\"\n\tUserKnownHostsFile /home/user/.step/ssh/known_hosts\n\tProxyCommand step ssh proxycommand %r %h %p\n")},`
`416`	`416`	`}`
`417`	`417`	`hostOutputWithUserData := []templates.Output{`
`418`	`418`	`{Name: "sshd_config.tpl", Type: templates.File, Comment: "#", Path: "/etc/ssh/sshd_config", Content: []byte("TrustedUserCAKeys /etc/ssh/ca.pub\nHostCertificate /etc/ssh/ssh_host_ecdsa_key-cert.pub\nHostKey /etc/ssh/ssh_host_ecdsa_key")},`
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,4 @@`
`1`	`1`	`Match exec "step ssh check-host %h"`
`2`		`- ForwardAgent yes`
`3`	`2`	`{{- if .User.User }}`
`4`	`3`	`User {{.User.User}}`
`5`	`4`	`{{- end }}`