openssh_key.key_params.cert.CertCriticalOption

class openssh_key.key_params.cert.CertCriticalOption(value)

Bases: openssh_key.key_params.cert.CertOption

An option that the validator must process for the certificate to be valid.

__init__()

Attributes

FORCE_COMMAND

A command to be executed on the remote machine when the session begins, overriding any that the user has specified as the command argument to ssh or the RemoteCommand option in ssh_config.

SOURCE_ADDRESS

Comma-separated list of source addresses, in CIDR format, for which this certificate is valid for authentication.

VERIFY_REQUIRED

If present, the private key should require user verification (equivalent to executing ssh-keygen with -O verify-required).
FORCE_COMMAND = CertOptionNameAndValidPrincipalTypes(name='force-command', valid_principal_types=[<CertPrincipalType.USER: 1>])

A command to be executed on the remote machine when the session begins, overriding any that the user has specified as the command argument to ssh or the RemoteCommand option in ssh_config.

SOURCE_ADDRESS = CertOptionNameAndValidPrincipalTypes(name='source-address', valid_principal_types=[<CertPrincipalType.USER: 1>])

Comma-separated list of source addresses, in CIDR format, for which this certificate is valid for authentication.

VERIFY_REQUIRED = CertOptionNameAndValidPrincipalTypes(name='verify-required', valid_principal_types=[<CertPrincipalType.USER: 1>])

If present, the private key should require user verification (equivalent to executing ssh-keygen with -O verify-required). Not all FIDO authenticators support this option. OpenSSH presently supports only PIN verification.