openssh_key.key_params.cert.CertExtension¶

class openssh_key.key_params.cert.CertExtension(value)¶

An option that the validator may process if recognised.

Attributes

`NO_TOUCH_REQUIRED`	If present, the private key does not require the user to touch it (equivalent to executing `ssh-keygen` with `-O no-touch-required`).
`PERMIT_X11_FORWARDING`	If present, allows the user to enable X11 forwarding by specifying the `-X` option to `ssh` or the `ForwardX11` option in `ssh_config`.
`PERMIT_AGENT_FORWARDING`	If present, allows the user to enable agent forwarding by specifying the `-A` option to `ssh` or the `ForwardAgent` option in `ssh_config`.
`PERMIT_PORT_FORWARDING`	If present, allows the user to enable local or remote port forwarding by specifying the `-D`, `-L`, or `-R` options to `ssh` or the `DynamicForward`, `LocalForward`, or `RemoteForward` options in `ssh_config`.
`PERMIT_PTY`	If present, allows the user to request a pseudo-TTY by specifying the `-t` option to `ssh` or the `RequestTTY` option in `ssh_config`.
`PERMIT_USER_RC`	If present, runs the user's `~/.ssh/rc`, if it exists, once the user is authenticated; equivalent to setting the `PermitUserRC` option in `sshd_config`.

NO_TOUCH_REQUIRED = CertOptionNameAndValidPrincipalTypes(name='no-touch-required', valid_principal_types=[<CertPrincipalType.USER: 1>])¶: If present, the private key does not require the user to touch it (equivalent to executing ssh-keygen with -O no-touch-required).

PERMIT_AGENT_FORWARDING = CertOptionNameAndValidPrincipalTypes(name='permit-agent-forwarding', valid_principal_types=[<CertPrincipalType.USER: 1>])¶: If present, allows the user to enable agent forwarding by specifying the -A option to ssh or the ForwardAgent option in ssh_config.

PERMIT_PORT_FORWARDING = CertOptionNameAndValidPrincipalTypes(name='permit-port-forwarding', valid_principal_types=[<CertPrincipalType.USER: 1>])¶: If present, allows the user to enable local or remote port forwarding by specifying the -D, -L, or -R options to ssh or the DynamicForward, LocalForward, or RemoteForward options in ssh_config.

PERMIT_PTY = CertOptionNameAndValidPrincipalTypes(name='permit-pty', valid_principal_types=[<CertPrincipalType.USER: 1>])¶: If present, allows the user to request a pseudo-TTY by specifying the -t option to ssh or the RequestTTY option in ssh_config.

PERMIT_USER_RC = CertOptionNameAndValidPrincipalTypes(name='permit-user-rc', valid_principal_types=[<CertPrincipalType.USER: 1>])¶: If present, runs the user’s ~/.ssh/rc, if it exists, once the user is authenticated; equivalent to setting the PermitUserRC option in sshd_config.

PERMIT_X11_FORWARDING = CertOptionNameAndValidPrincipalTypes(name='permit-x11-forwarding', valid_principal_types=[<CertPrincipalType.USER: 1>])¶: If present, allows the user to enable X11 forwarding by specifying the -X option to ssh or the ForwardX11 option in ssh_config.

openssh_key_parser