Extracting client certificate information

John Keeping john at keeping.me.uk
Mon Aug 19 03:07:08 EST 2013

When using client certificate authentication, is there any way to
extract the key ID from the certificate in a force command on the

I would like to be able to configure Gitolite [1] with a certificate
authority key and then use the key ID as the Gitolite user ID when a
client connects.  Currently I can achieve the same effect by embedding
the username in a "force-command" certificate extension, but it seems
like it would be simpler if I could just configure the command once on
the server and use the key ID in it.

Am I missing some way of doing this, or is that a feature that you would
consider supporting?

[1] http://gitolite.com/gitolite/

More information about the openssh-unix-dev mailing list