Ping a Specific Port

Question

Monica For CEO

Asked: 2013-10-06 10:45:40 +0800 CST2013-10-06 10:45:40 +0800 CST 2013-10-06 10:45:40 +0800 CST

Verify that an SSH command has not been embedded in a certificate?

772

From man 8 sshd with regards to the Authorized Keys File Format and the command="command" option:

Note that this command may be superseded by either an sshd_config(5) ForceCommand directive or a command embedded in a certificate.

Using ssh-keygen -O force-command="command" allows a command to be embedded in a certificate. But how does one verify that a command has not been embedded in a certificate? Along these same lines of preventing unexpected commands from being executed, does ForceCommand always override a command embedded in a certificate?

Can a malicious user bypass a ssh authorized_keys forced command? asks a more general question about security but currently the answers there do not mention commands embedded in certificates.

1 Answers

Voted

user9517 · Answer 1 · 2013-10-06T12:38:08+08:00

user9517

2013-10-06T12:38:08+08:002013-10-06T12:38:08+08:00

The ssh-keygen man page says

-O option

        Specify a certificate option when signing a key.

The -O force-command=command option relates to certificates not keys.

You will need to generate a certificate by signing a key, then you should be able to decode the certificate and see the embedded command.

1

Verify that an SSH command has not been embedded in a certificate?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?