openssh: OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017 openssl: OpenSSL 1.0.2k-fips 26 Jan 2017 uname: Linux XXXXXXXXXXXXXXX 3.10.0-1160.76.1.el7.x86_64 #1 SMP Tue Jul 26 14:15:37 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux timedatectl: Local time: Tue 2022-10-04 08:46:05 AEDT Universal time: Mon 2022-10-03 21:46:05 UTC RTC time: Mon 2022-10-03 21:46:05 Time zone: Australia/Sydney (AEDT, +1100) NTP enabled: yes NTP synchronized: yes RTC in local TZ: no DST active: yes Last DST change: DST began at Sun 2022-10-02 01:59:59 AEST Sun 2022-10-02 03:00:00 AEDT Next DST change: DST ends (the clock jumps one hour backwards) at Sun 2023-04-02 02:59:59 AEDT Sun 2023-04-02 02:00:00 AEST Command issued: ssh-keygen -s <ca-key> -I <identity> -V 20221004082852:20221007082852 -z 20221004082852 <public_key> Produces a certificate dated 1 hour after the given start time: Type: ssh-rsa-cert-v01@openssh.com user certificate Public key: RSA-CERT SHA256:0qJdcqPd4aiRITA1WU+D/ooQlr2OET7SeT/0mPaHVvQ Signing CA: RSA SHA256:FUcJb/dPn4W2noeXRpGG4/paAMrWsFtkxoGCJptL4Yc Key ID: "XXXXXXXXXXXXXXX" Serial: 20221004082852 Valid: from 2022-10-04T09:28:52 to 2022-10-07T09:28:52
OpenSSH 9.1 (just released) offers the ability to sign certificates in UTC to avoid ambiguities like this.
OpenSSH 9.3 has been released. Close resolved bugs