Great content Phillip. What is default life time of ssh cert that cloud zero issue to each user and is that value configurable? Also I imagine that ssh session keep running even if cert lifetime expired already, correct?
Thanks! As to your question - the value is 3 minutes and it’s not configurable. Certificate is only needed to authenticate. Once you are connected you no longer need it.
1. All the clients needs to have Cloudflare WARP software installed. 2. On the server side you can install Cloudlflare WARP software on single server (gateway) and all servers behind it don't need to have any software installed (apart from the ca.pub file + TrustedUserCAKeys /etc/ssh/ca.pub). 3. Then you just define targets and put those servers IP and say that to server A you should get through tunnel B etc. But long story short, to use Cloudflare Zero Trust you need to either install CloudflareD or WARP on ever server or at least on the gateway.
Thanks so so much! Your videos are so helpful! I had another big light bulb moment 💡
Thank you for being thorough and providing easy clear explanation
You're very welcome!
Thank you for this very informative video! :)
Glad it was helpful!
Thank you so much. This is exactly what I needed.
Thanks!
Great content Phillip. What is default life time of ssh cert that cloud zero issue to each user and is that value configurable? Also I imagine that ssh session keep running even if cert lifetime expired already, correct?
Thanks! As to your question - the value is 3 minutes and it’s not configurable. Certificate is only needed to authenticate. Once you are connected you no longer need it.
Can you grant server access to other servers?
1. All the clients needs to have Cloudflare WARP software installed.
2. On the server side you can install Cloudlflare WARP software on single server (gateway) and all servers behind it don't need to have any software installed (apart from the ca.pub file + TrustedUserCAKeys /etc/ssh/ca.pub).
3. Then you just define targets and put those servers IP and say that to server A you should get through tunnel B etc.
But long story short, to use Cloudflare Zero Trust you need to either install CloudflareD or WARP on ever server or at least on the gateway.