ssh-keygen -V doesn't respect DST
Michael Ströder
michael at stroeder.com
Tue Mar 29 00:59:42 AEDT 2022
On 3/28/22 15:48, Michael Ströder wrote:
> On 3/28/22 11:23, Jan Schermer wrote:
>> we just entered DST here in Czech Republic, and my CA started
>> generating certificates with a +1h offset:
>>
>> ssh-keygen -U -s some-ca-key.pub -V 20220328110400:20220328112400 [..]
>
> Reading ssh-keygen(1) I have no clue whether time strings specified with
> -V are supposed to be local time or UTC.
> [..]
>> Any plans to fix this? Apparently I am not the only person who
>> encountered it
>> https://github.com/cloudtools/ssh-ca/blob/master/ssh_ca/utils.py#L72
Looking closer at the above Python code it seems to implement some
strange DST assumptions. IMHO the author of cloudtools/ssh-ca should fix
this (e.g. by using a decent Python module for time-zone handling).
Ciao, Michael.
More information about the openssh-unix-dev
mailing list