[Bug 3479] New: ssh-keygen does not honor DST daylight savings time when signing certifying a public key

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Oct 4 08:51:47 AEDT 2022


https://bugzilla.mindrot.org/show_bug.cgi?id=3479

            Bug ID: 3479
           Summary: ssh-keygen does not honor DST daylight savings time
                    when signing certifying a public key
           Product: Portable OpenSSH
           Version: 7.4p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: security
          Priority: P5
         Component: ssh-agent
          Assignee: unassigned-bugs at mindrot.org
          Reporter: mathews.dennis at gmail.com

openssh: OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
openssl: OpenSSL 1.0.2k-fips  26 Jan 2017
uname: Linux XXXXXXXXXXXXXXX 3.10.0-1160.76.1.el7.x86_64 #1 SMP Tue Jul
26 14:15:37 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
timedatectl:
      Local time: Tue 2022-10-04 08:46:05 AEDT
  Universal time: Mon 2022-10-03 21:46:05 UTC
        RTC time: Mon 2022-10-03 21:46:05
       Time zone: Australia/Sydney (AEDT, +1100)
     NTP enabled: yes
NTP synchronized: yes
 RTC in local TZ: no
      DST active: yes
 Last DST change: DST began at
                  Sun 2022-10-02 01:59:59 AEST
                  Sun 2022-10-02 03:00:00 AEDT
 Next DST change: DST ends (the clock jumps one hour backwards) at
                  Sun 2023-04-02 02:59:59 AEDT
                  Sun 2023-04-02 02:00:00 AEST

Command issued: ssh-keygen -s <ca-key> -I <identity> -V
20221004082852:20221007082852 -z 20221004082852 <public_key>

Produces a certificate dated 1 hour after the given start time:

        Type: ssh-rsa-cert-v01 at openssh.com user certificate
        Public key: RSA-CERT
SHA256:0qJdcqPd4aiRITA1WU+D/ooQlr2OET7SeT/0mPaHVvQ
        Signing CA: RSA
SHA256:FUcJb/dPn4W2noeXRpGG4/paAMrWsFtkxoGCJptL4Yc
        Key ID: "XXXXXXXXXXXXXXX"
        Serial: 20221004082852
        Valid: from 2022-10-04T09:28:52 to 2022-10-07T09:28:52

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list