Great! BTW In my opinion understanding how things work is even more important than just knowing how to do them. Hence my videos are a bit long (and wife says boring LOL) but you never know when this knowledge becomes handy.
Great content Phillip. What is default life time of ssh cert that cloud zero issue to each user and is that value configurable? Also I imagine that ssh session keep running even if cert lifetime expired already, correct?
Thanks! As to your question - the value is 3 minutes and it’s not configurable. Certificate is only needed to authenticate. Once you are connected you no longer need it.
1. All the clients needs to have Cloudflare WARP software installed. 2. On the server side you can install Cloudlflare WARP software on single server (gateway) and all servers behind it don't need to have any software installed (apart from the ca.pub file + TrustedUserCAKeys /etc/ssh/ca.pub). 3. Then you just define targets and put those servers IP and say that to server A you should get through tunnel B etc. But long story short, to use Cloudflare Zero Trust you need to either install CloudflareD or WARP on ever server or at least on the gateway.
Great, that was extremely thorough! Thanks!
Very welcome!
Thank you for being thorough and providing easy clear explanation
You're very welcome!
Thanks so so much! Your videos are so helpful! I had another big light bulb moment 💡
Great! BTW In my opinion understanding how things work is even more important than just knowing how to do them. Hence my videos are a bit long (and wife says boring LOL) but you never know when this knowledge becomes handy.
Thank you so much. This is exactly what I needed.
Thanks!
Thank you for this very informative video! :)
Glad it was helpful!
Great content Phillip. What is default life time of ssh cert that cloud zero issue to each user and is that value configurable? Also I imagine that ssh session keep running even if cert lifetime expired already, correct?
Thanks! As to your question - the value is 3 minutes and it’s not configurable. Certificate is only needed to authenticate. Once you are connected you no longer need it.
Can you grant server access to other servers?
1. All the clients needs to have Cloudflare WARP software installed.
2. On the server side you can install Cloudlflare WARP software on single server (gateway) and all servers behind it don't need to have any software installed (apart from the ca.pub file + TrustedUserCAKeys /etc/ssh/ca.pub).
3. Then you just define targets and put those servers IP and say that to server A you should get through tunnel B etc.
But long story short, to use Cloudflare Zero Trust you need to either install CloudflareD or WARP on ever server or at least on the gateway.