[Bug 3854] New: Add option "destination-address=address_list" to ssh-keygen

[bugzilla-daemon at mindrot.org]

https://bugzilla.mindrot.org/show_bug.cgi?id=3854

            Bug ID: 3854
           Summary: Add option "destination-address=address_list" to
                    ssh-keygen
           Product: Portable OpenSSH
           Version: 10.0p2
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: ced at infomaniak.com

Hi,

When creating a certificate with the command ssh-keygen, we see that we
can pass the "-O" options that will be integrated within the certicate.

I’d like to have a new options which could be called
destination-address

destination-address=address_list
    Restrict the destination addresses to which the certificate is
considered valid. The address_list is a comma-separated list of one or
more address/netmask pairs in CIDR format.


Since now, we wouldn’t have the need of such options, as these options
were used in authorized_keys as as the authorized_keys was de facto
installed on a specific machine.

That way, when creating a certificat I could restrict to which server
the ssh-key can connect.

Regards,
cED

-- 
You are receiving this mail because:
You are watching the assignee of the bug.