[Bug 3311] Certificate validity "forever" is not documented in PROTOCOL.certkeys

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu May 13 15:58:20 AEST 2021


--- Comment #2 from Mariano Cano <mariano.cano at gmail.com> ---
The special case is that you can create an SSH certificate without
expiration date if you set the valid before to 0.

See the flag -V in `man ssh-keygen`:


I haven't tried to debug the code, but in /auth.c there's code to skip
the expiration check if opts->valid_before is 0.


And that "forever" mode, as `man ssh-keygen` says, it is not documented
on the PROTOCOL.certkeys

You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list