| version 1.4, 2010/04/16 01:47:25 |
version 1.7, 2010/08/04 05:40:39 |
|
|
| |
|
| serial is an optional certificate serial number set by the CA to |
serial is an optional certificate serial number set by the CA to |
| provide an abbreviated way to refer to certificates from that CA. |
provide an abbreviated way to refer to certificates from that CA. |
| If a CA does not with to number its certificates it must set this |
If a CA does not wish to number its certificates it must set this |
| field to zero. |
field to zero. |
| |
|
| type specifies whether this certificate is for identification of a user |
type specifies whether this certificate is for identification of a user |
|
|
| |
|
| extensions is a set of zero or more optional extensions. These extensions |
extensions is a set of zero or more optional extensions. These extensions |
| are not critical, and an implementation that encounters one that it does |
are not critical, and an implementation that encounters one that it does |
| not recognise may safely ignore it. No extensions are defined at present. |
not recognise may safely ignore it. |
| |
|
| The reserved field is currently unused and is ignored in this version of |
The reserved field is currently unused and is ignored in this version of |
| the protocol. |
the protocol. |
|
|
| string name |
string name |
| string data |
string data |
| |
|
| |
Options must be lexically ordered by "name" if they appear in the |
| |
sequence. |
| |
|
| The name field identifies the option and the data field encodes |
The name field identifies the option and the data field encodes |
| option-specific information (see below). All options are |
option-specific information (see below). All options are |
| "critical", if an implementation does not recognise a option |
"critical", if an implementation does not recognise a option |
|
|
| ssh command-line) whenever this key is |
ssh command-line) whenever this key is |
| used for authentication. |
used for authentication. |
| |
|
| |
source-address string Comma-separated list of source addresses |
| |
from which this certificate is accepted |
| |
for authentication. Addresses are |
| |
specified in CIDR format (nn.nn.nn.nn/nn |
| |
or hhhh::hhhh/nn). |
| |
If this option is not present then |
| |
certificates may be presented from any |
| |
source address. |
| |
|
| |
Extensions |
| |
---------- |
| |
|
| |
The extensions section of the certificate specifies zero or more |
| |
non-critical certificate extensions. The encoding and ordering of |
| |
extensions in this field is identical to that of the critical options. |
| |
If an implementation does not recognise an extension, then it should |
| |
ignore it. |
| |
|
| |
The supported extensions and the contents and structure of their data |
| |
fields are: |
| |
|
| |
Name Format Description |
| |
----------------------------------------------------------------------------- |
| permit-X11-forwarding empty Flag indicating that X11 forwarding |
permit-X11-forwarding empty Flag indicating that X11 forwarding |
| should be permitted. X11 forwarding will |
should be permitted. X11 forwarding will |
| be refused if this option is absent. |
be refused if this option is absent. |
|
|
| ~/.ssh/rc should be permitted. Execution |
~/.ssh/rc should be permitted. Execution |
| of this script will not be permitted if |
of this script will not be permitted if |
| this option is not present. |
this option is not present. |
| |
|
| source-address string Comma-separated list of source addresses |
|
| from which this certificate is accepted |
|
| for authentication. Addresses are |
|
| specified in CIDR format (nn.nn.nn.nn/nn |
|
| or hhhh::hhhh/nn). |
|
| If this option is not present then |
|
| certificates may be presented from any |
|
| source address. |
|
| |
|
| $OpenBSD$ |
$OpenBSD$ |
![[BACK]](/icons/back.gif){kind=icon}
Return to PROTOCOL.certkeys CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh