What options can be put into a SSH authorized_keys file?

Question

I found this article on options that can be put before a key in the authorized_keys file. I was wondering though, are there more? Options listed in the article are

from="domain"
command="commandtorun"
no-port-forwarding
no-X11-forwarding
no-agent-forwarding
no-pty

Update It appears that the original article is now inaccessible. Because of that I've now changed the link to point to the archive.org version.

ah, good find @starfry. I've updated the link to point to the archive.org snapshot. — mozillalives, Feb 09 '17 at 15:58

score 46 · Accepted Answer · edited Mar 07 '19 at 14:57

46

All options are detailed in the sshd(8) man page; search for AUTHORIZED_KEYS FILE FORMAT.

At the moment, those options are:

cert-authority
command="command"
environment="NAME=value"
expiry-time="timespec"
from="pattern-list"
no-agent-forwarding
no-port-forwarding
no-pty
no-user-rc
no-X11-forwarding
permitlisten="[host]:port"
permitopen="host:port"
principals="principals"
restrict
tunnel="n"

edited Mar 07 '19 at 14:57

mmoya

284
2
8

answered May 18 '10 at 14:17

MikeyB

38,725
10
102
186

2

ah... that's the man page I was looking for. Thanks – mozillalives May 18 '10 at 14:22

score 3 · Answer 2 · answered May 18 '10 at 14:20

Check 'man sshd' on your local unix-ish box for more info. My osx box has the following:

command="command"
environment="NAME=value"
from="pattern-list"
no-agent-forwarding
no-port-forwarding
no-pty
no-user-rc
no-X11-forwarding
permitopen="host:port"
tunnel="n"

What options can be put into a SSH authorized_keys file?

2 Answers2

Linked