SSH certificate and serverside ForceCommand
Rory Campbell-Lange
rory at campbell-lange.net
Wed Jun 24 23:52:58 AEST 2020
On 23/06/20, Alejandro Dabin (aledabin at gmail.com) wrote:
> As a side note, more information about the certificate (issue and
> expiration time) could be useful for auditing. It would be useful too if
> the server could log it (aside from CA, certificate serial, etc), but
> couldn't find any option either.
The identifier can be overloaded to have arbitrary information shown in
the audit log. I can't recall if you need to set LogLevel to something
above INFO.
Eg:
https://github.com/rorycl/sshagentca/blob/65f726c8480877366cfe13235247a67f0702393d/agentcert.go#L35
Rory
More information about the openssh-unix-dev
mailing list