HI! I'm looking at sshd(8), section AUTHORIZED_KEYS FILE FORMAT and description for CLI arg -O in ssh-keygen(1). It seems to me that there could be a 1:1 mapping between SSH cert extensions and authz key options by just adding prefix "permit-" to the key option. But the man pages differ regarding case of "permit-x11-forwarding" and "X11-forwarding". [1] also says "permit-X11-forwarding". So it might only be typo in ssh-keygen(1). Questions: Is there a guaranteed 1:1 mapping between SSH cert extensions and authz key options? Are SSH cert extensions and authz key options treated case-insensitive? [1] does not say anything about this. Background: I want to let admins specify SSH key options / cert extension in user entries in the directory and use the same values for issuing short-term SSH certs (prefixed with "permit-") and distribute authorized keys (for platforms without SSH cert support). Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev