diff options
| author | Niall Sheridan <nsheridan@gmail.com> | 2017-01-10 22:51:28 +0000 |
|---|---|---|
| committer | Niall Sheridan <nsheridan@gmail.com> | 2017-01-14 01:15:09 +0000 |
| commit | 5d7e2397226cd4c88a18658d8fc89ca0da58cc49 (patch) | |
| tree | 61fa7ddd20793b8bea1c40db63461d4edd737851 /README.md | |
| parent | 57224ffa79aac59155a0f6a4ad47f224cac736fd (diff) | |
Add critical options support
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -219,7 +219,7 @@ Supported options: - `signing_key`: string. Path to the signing ssh private key you created earlier. See the [note](#a-note-on-files) on files above. - `additional_principals`: array of string. By default certificates will have one principal set - the username portion of the requester's email address. If `additional_principals` is set, these will be added to the certificate e.g. if your production machines use shared user accounts. - `max_age`: string. If set the server will not issue certificates with an expiration value longer than this, regardless of what the client requests. Must be a valid Go [`time.Duration`](https://golang.org/pkg/time/#ParseDuration) string. -- `permissions`: array of string. Actions the certificate can perform. See the [`-O` option to `ssh-keygen(1)`](http://man.openbsd.org/OpenBSD-current/man1/ssh-keygen.1) for a complete list. +- `permissions`: array of string. Specify the actions the certificate can perform. See the [`-O` option to `ssh-keygen(1)`](http://man.openbsd.org/OpenBSD-current/man1/ssh-keygen.1) for a complete list. e.g. `permissions = ["permit-pty", "permit-port-forwarding", force-command=/bin/ls", "source-address=192.168.0.0/24"]` ## aws AWS configuration is only needed for accessing signing keys stored on S3, and isn't totally necessary even then. |