SSH cert extensions and authz key options

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



HI!

I'm looking at sshd(8), section AUTHORIZED_KEYS FILE FORMAT and
description for CLI arg -O in ssh-keygen(1).

It seems to me that there could be a 1:1 mapping between SSH cert
extensions and authz key options by just adding prefix "permit-" to the
key option.

But the man pages differ regarding case of "permit-x11-forwarding" and
"X11-forwarding". [1] also says "permit-X11-forwarding". So it might
only be typo in ssh-keygen(1).

Questions:

Is there a guaranteed 1:1 mapping between SSH cert extensions and authz
key options?

Are SSH cert extensions and authz key options treated case-insensitive?
[1] does not say anything about this.

Background:
I want to let admins specify SSH key options / cert extension in user
entries in the directory and use the same values for issuing short-term
SSH certs (prefixed with "permit-") and distribute authorized keys (for
platforms without SSH cert support).

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux