https://bugzilla.mindrot.org/show_bug.cgi?id=3311
--- Comment #2 from Mariano Cano <[email protected]> --- The special case is that you can create an SSH certificate without expiration date if you set the valid before to 0. See the flag -V in `man ssh-keygen`: https://github.com/openssh/openssh-portable/blob/d3cc4d650ce3e59f3e370b101778b0e8f1c02c4d/ssh-keygen.1#L613-L643 I haven't tried to debug the code, but in /auth.c there's code to skip the expiration check if opts->valid_before is 0. https://github.com/openssh/openssh-portable/blob/2dc328023f60212cd29504fc05d849133ae47355/auth.c#L963-L969 And that "forever" mode, as `man ssh-keygen` says, it is not documented on the PROTOCOL.certkeys -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
