SSH cert extensions and authz key options
Michael Ströder
michael at stroeder.com
Fri Jan 26 01:28:56 AEDT 2018
Damien Miller wrote:
> On Wed, 24 Jan 2018, Michael Ströder wrote:
>
>>>> Are SSH cert extensions and authz key options treated case-insensitive?
>>>> [1] does not say anything about this.
>>>
>>> Cert extensions are case sensitive
>>>
>>> authorized_keys options aren't.
>>
>> Sorry for nitpicking some more:
>>
>> Man page ssh-keygen(1) -O says lower-case "permit-x11-forwarding" [1]
>
> That's a typo. I'll commit a fix. It should be "permit-X11-forwarding"
I'm not a C programmer so I can't oversee the real impact but even
within ssh-keygen.c (7.6p1) there's mixed use of lower-case x11 and
upper-case X11:
$ grep -n permit-x11-forwarding ssh-keygen.c
1902: else if (strcasecmp(opt, "permit-x11-forwarding") == 0)
$ grep -n permit-X11-forwarding ssh-keygen.c
1582: add_flag_option(c, "permit-X11-forwarding");
1969: (strcmp(name, "permit-X11-forwarding") == 0 ||
Ciao, Michael.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3829 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20180125/50dc9a73/attachment.p7s>
More information about the openssh-unix-dev
mailing list