OpenSSH Certificate Extensions

Nickolas Klue nickolas.klue at thoughtspot.com
Tue May 21 10:55:16 AEST 2019


Hello:

I am working to implement certificate-based authentication for some
internal applications. It would be very helpful to be able to pass
information server-side by specifying some custom options via the
Extensions of the signed certificate, allowing the authenticity of the
options to be verified readily. However, I have not been able to find too
much for specifying behaviors, etc. server-side in relation to custom
certificate extensions in the documentation.

Is there any extant documentation that goes into more depth than
PROTOCOL.certkeys that anyone would be able to point me towards before I
start digging into source? My digging for documentation has not been very
fruitful as of yet.

Thank you very much to anyone that is able to shine some light on this
topic or outright tell me that I am wrong for contemplating it and why.

-- 
Nickolas Klue
Systems Reliability Engineer
(253) 720-0992


More information about the openssh-unix-dev mailing list