SSH cert extensions and authz key options
Michael Ströder
michael at stroeder.com
Fri Jan 12 21:39:58 AEDT 2018
HI!
I'm looking at sshd(8), section AUTHORIZED_KEYS FILE FORMAT and
description for CLI arg -O in ssh-keygen(1).
It seems to me that there could be a 1:1 mapping between SSH cert
extensions and authz key options by just adding prefix "permit-" to the
key option.
But the man pages differ regarding case of "permit-x11-forwarding" and
"X11-forwarding". [1] also says "permit-X11-forwarding". So it might
only be typo in ssh-keygen(1).
Questions:
Is there a guaranteed 1:1 mapping between SSH cert extensions and authz
key options?
Are SSH cert extensions and authz key options treated case-insensitive?
[1] does not say anything about this.
Background:
I want to let admins specify SSH key options / cert extension in user
entries in the directory and use the same values for issuing short-term
SSH certs (prefixed with "permit-") and distribute authorized keys (for
platforms without SSH cert support).
Ciao, Michael.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3829 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20180112/b5b2e288/attachment.p7s>
More information about the openssh-unix-dev
mailing list