version 1.4, 2010/04/16 01:47:25 |
version 1.7, 2010/08/04 05:40:39 |
|
|
|
|
serial is an optional certificate serial number set by the CA to |
serial is an optional certificate serial number set by the CA to |
provide an abbreviated way to refer to certificates from that CA. |
provide an abbreviated way to refer to certificates from that CA. |
If a CA does not with to number its certificates it must set this |
If a CA does not wish to number its certificates it must set this |
field to zero. |
field to zero. |
|
|
type specifies whether this certificate is for identification of a user |
type specifies whether this certificate is for identification of a user |
|
|
|
|
extensions is a set of zero or more optional extensions. These extensions |
extensions is a set of zero or more optional extensions. These extensions |
are not critical, and an implementation that encounters one that it does |
are not critical, and an implementation that encounters one that it does |
not recognise may safely ignore it. No extensions are defined at present. |
not recognise may safely ignore it. |
|
|
The reserved field is currently unused and is ignored in this version of |
The reserved field is currently unused and is ignored in this version of |
the protocol. |
the protocol. |
|
|
string name |
string name |
string data |
string data |
|
|
|
Options must be lexically ordered by "name" if they appear in the |
|
sequence. |
|
|
The name field identifies the option and the data field encodes |
The name field identifies the option and the data field encodes |
option-specific information (see below). All options are |
option-specific information (see below). All options are |
"critical", if an implementation does not recognise a option |
"critical", if an implementation does not recognise a option |
|
|
ssh command-line) whenever this key is |
ssh command-line) whenever this key is |
used for authentication. |
used for authentication. |
|
|
|
source-address string Comma-separated list of source addresses |
|
from which this certificate is accepted |
|
for authentication. Addresses are |
|
specified in CIDR format (nn.nn.nn.nn/nn |
|
or hhhh::hhhh/nn). |
|
If this option is not present then |
|
certificates may be presented from any |
|
source address. |
|
|
|
Extensions |
|
---------- |
|
|
|
The extensions section of the certificate specifies zero or more |
|
non-critical certificate extensions. The encoding and ordering of |
|
extensions in this field is identical to that of the critical options. |
|
If an implementation does not recognise an extension, then it should |
|
ignore it. |
|
|
|
The supported extensions and the contents and structure of their data |
|
fields are: |
|
|
|
Name Format Description |
|
----------------------------------------------------------------------------- |
permit-X11-forwarding empty Flag indicating that X11 forwarding |
permit-X11-forwarding empty Flag indicating that X11 forwarding |
should be permitted. X11 forwarding will |
should be permitted. X11 forwarding will |
be refused if this option is absent. |
be refused if this option is absent. |
|
|
~/.ssh/rc should be permitted. Execution |
~/.ssh/rc should be permitted. Execution |
of this script will not be permitted if |
of this script will not be permitted if |
this option is not present. |
this option is not present. |
|
|
source-address string Comma-separated list of source addresses |
|
from which this certificate is accepted |
|
for authentication. Addresses are |
|
specified in CIDR format (nn.nn.nn.nn/nn |
|
or hhhh::hhhh/nn). |
|
If this option is not present then |
|
certificates may be presented from any |
|
source address. |
|
|
|
$OpenBSD$ |
$OpenBSD$ |