openssh server certificate critical option "teleport-roles" is not supported

[bcg62]

As of 2.2.0, certificates are being issued with an additional extension teleport-roles

$ ssh-keygen -L -f ~/.tsh/keys/*/*cert | grep Extensions -A 4
        Extensions:
                permit-agent-forwarding
                permit-port-forwarding
                permit-pty
                teleport-roles UNKNOWN OPTION (len 59)

This breaks OpenSSH_6.6.1p1 server:

sshd[9640]: error: Certificate critical option "teleport-roles" is not supported

NOTES: the certificate in question is placed into a local ssh-agent after executing tsh login

[bcg62]

http://lists.mindrot.org/pipermail/openssh-bugs/2015-April/014531.html

[gravitational-jenkins]

True. We need an ability to turn this off via perhaps adding compatibility mode flag. This feature is only used in trusted clusters.

…

Sent from my iPhone

On Jun 19, 2017, at 7:07 PM, Brendan Germain ***@***.***> wrote: http://lists.mindrot.org/pipermail/openssh-bugs/2015-April/014531.html — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread. -- You received this message because you are subscribed to the Google Groups "Tech Operations" group. To unsubscribe from this group and stop receiving emails from it, send an email to ***@***.*** To post to this group, send email to ***@***.***