search for: _transform_

HI! I'm looking at sshd(8), section AUTHORIZED_KEYS FILE FORMAT and description for CLI arg -O in ssh-keygen(1). It seems to me that there could be a 1:1 mapping between SSH cert extensions and authz key options by just adding prefix "permit-" to the key option. But the man pages differ regarding case of "permit-x11-forwarding" and "X11-forwarding". [1] also

...t;x11-forwarding" may appear in authorized_keys, but doesn't make any > sense unless preceeded by a "restrict" keyword. Maybe I was not clear enough what I want to achieve. I'd like to have a limited set of permissions (not exclusions!) in my user management database and _transform_ this set of permission to certificate extensions and authorized_keys options. >> Is there a guaranteed 1:1 mapping between SSH cert extensions and authz >> key options? > > No. E.g. there is no "restrict" option for certs because permissions > are explicit in certif...