ssh-keygen: signing syntax - help needed with options

ssh debian ssh-keys

You have actually already achieved what you want to do: disable all permissions, which means your list of "extensions" is empty. See what happens if you do not use -O at all, i.e ssh-keygen -s /path/to/ca-ssh.pem -D opensc-pkcs11.so -n barfoo -I foo -z 12345 /path/to/pub -What extensions are enabled then?

-All the options you are using are "no-xxxx" which means you are disabling extensions and thus emptying the list of extensions. -Instead of disabling/removing them one by one, you could use -O clear only. From the man-page:

clear ---- Clear all enabled permissions. This is useful for clearing the default set of permissions so permissions may be added individually.

Related

Certbot renew dry run fails with error: Input the webroot for sub.mydomain.com:. Skipping
Can ping and RDP VPN's servers but cannot http/sftp
Is there a way to re-build a physical machine (into golden image) without dedicated hardware?
Nginx: Basic_auth is set up and working, but all protected pages return 404
how to avoid grep output empty file
Slurm cluster in Google Cloud - how do I attach a Filestore instance
PostgreSQL: WAL files on server are not deleted
Always turn on SSH agent forwarding in ansible?
Does docker restart use the latest image or the one the container was created with?
Post Rocket route is forwarded (Rust) [duplicate]
How does Flutter web pick&upload any file type
Problem filling an array with my JSON file information