On Fri, 15 Jul 2022 22:33:49 -0600, Grant Taylor wrote: > > I've never used it before, mainly because I wasn't aware of its > > existence until I re-read the ssh-keygen man page, but it seems to > > be simple timestamps passed to valid-before/valid-after. > > I'm not sure that's applicable to /keys/ verses /certificates/. > > Excerpt from the ssh-keygen man page: > > -V validity_interval > > Specify a validity interval when signing a /certificate/. A validity > interval may consist of a single time, indicating that the > /certificate/ is valid beginning now and expiring at that time, or may > consist of two times separated by a colon to indicate an explicit time > interval. > > Maybe there's something else, but it seems like the validity period is > for SSH /certificates/ and not SSH /keys/.
valid-before/valid-after are documented elsewhere in the man page, but it is not clear whether they are discussing certificates or keys at that point, it could be read either way. Time to check out certificates. -- Neil Bothwick Set phasers to extreme itching!
pgpxUpGohv8sU.pgp
Description: OpenPGP digital signature
