SSH certificate and serverside ForceCommand
Brian Candler
b.candler at pobox.com
Wed Jun 24 02:38:57 AEST 2020
On 23/06/2020 16:11, Alejandro Dabin wrote:
> As a side note, more information about the certificate (issue and
> expiration time) could be useful for auditing. It would be useful too if
> the server could log it (aside from CA, certificate serial, etc), but
> couldn't find any option either.
AuthorizedPrincipalsCommand can use a number of tokens which are expanded:
%% A literal `%'.
%F The fingerprint of the CA key.
%f The fingerprint of the key or certificate.
%h The home directory of the user.
%i The key ID in the certificate.
%K The base64-encoded CA key.
%k The base64-encoded key or certificate for authentication.
%s The serial number of the certificate.
%T The type of the CA key.
%t The key or certificate type.
%U The numeric user ID of the target user.
%u The username.
More information about the openssh-unix-dev
mailing list