Displaying 2 results from an estimated 2 matches for "_transform_".
2018 Jan 12
2
SSH cert extensions and authz key options
HI!
I'm looking at sshd(8), section AUTHORIZED_KEYS FILE FORMAT and
description for CLI arg -O in ssh-keygen(1).
It seems to me that there could be a 1:1 mapping between SSH cert
extensions and authz key options by just adding prefix "permit-" to the
key option.
But the man pages differ regarding case of "permit-x11-forwarding" and
"X11-forwarding". [1] also
2018 Jan 24
3
SSH cert extensions and authz key options
...t;x11-forwarding" may appear in authorized_keys, but doesn't make any
> sense unless preceeded by a "restrict" keyword.
Maybe I was not clear enough what I want to achieve.
I'd like to have a limited set of permissions (not exclusions!) in my
user management database and _transform_ this set of permission to
certificate extensions and authorized_keys options.
>> Is there a guaranteed 1:1 mapping between SSH cert extensions and authz
>> key options?
>
> No. E.g. there is no "restrict" option for certs because permissions
> are explicit in certif...