https://bugzilla.mindrot.org/show_bug.cgi?id=3311
--- Comment #3 from Damien Miller <[email protected]> --- "forever" in ssh-keygen sets valid_after=0 and valid_before=0xffffffffffffffff, so that's not the case you're talking about here unless you're considering wall clock times before 1970 or many billions of years in the future: https://github.com/openssh/openssh-portable/blob/d3cc4d650ce3e59f3e370b101778b0e8f1c02c4d/ssh-keygen.c#L1954 The other case has nothing to do with certificates (note that the 'opts' variable here is not a key, but another type). It is to support the authorized_keys "expiry-time" keyword: https://github.com/openssh/openssh-portable/blob/d3cc4d650ce3e59f3e370b101778b0e8f1c02c4d/sshd.8#L527 -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
