From b5153dc5f3dae7e3a765768c4f9da50a119f36f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Michel?= Date: Tue, 30 Jul 2024 09:41:47 +0000 Subject: [PATCH] enable PKCE by default --- cmd/ssh3.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cmd/ssh3.go b/cmd/ssh3.go index 2e2ce3f..77cfc12 100644 --- a/cmd/ssh3.go +++ b/cmd/ssh3.go @@ -322,7 +322,7 @@ func ClientMain() int { oidcConfigFileName := flag.String("oidc-config", "", "OpenID Connect json config file containing the \"client_id\" and \"client_secret\" fields needed for most identity providers") verbose := flag.Bool("v", false, "if set, enable verbose mode") displayVersion := flag.Bool("version", false, "if set, displays the software version on standard output and exit") - doPKCE := flag.Bool("do-pkce", false, "if set perform PKCE challenge-response with oidc") + noPKCE := flag.Bool("no-pkce", false, "if set perform PKCE challenge-response with oidc") forwardSSHAgent := flag.Bool("forward-agent", false, "if set, forwards ssh agent to be used with sshv2 connections on the remote host") forwardUDP := flag.String("forward-udp", "", "if set, take a localport/remoteip@remoteport forwarding localhost@localport towards remoteip@remoteport") forwardTCP := flag.String("forward-tcp", "", "if set, take a localport/remoteip@remoteport forwarding localhost@localport towards remoteip@remoteport") @@ -531,7 +531,7 @@ func ClientMain() int { for _, issuerConfig := range oidcConfig { if *issuerUrl == issuerConfig.IssuerUrl { log.Debug().Msgf("found issuer %s matching the issuer specified in the command-line", issuerConfig.IssuerUrl) - cliAuthMethods = append(cliAuthMethods, ssh3.NewOidcAuthMethod(*doPKCE, issuerConfig)) + cliAuthMethods = append(cliAuthMethods, ssh3.NewOidcAuthMethod(!*noPKCE, issuerConfig)) } else { log.Debug().Msgf("issuer %s does not match issuer URL %s specified in the command-line", issuerConfig.IssuerUrl, *issuerUrl) }