ssh-ident icon indicating copy to clipboard operation
ssh-ident copied to clipboard
verified publisher icon ccontavalli

Update key lifetime each time a key is used?

Open stefanmohl opened this issue 3 years ago • 3 comments

I would like giving my keys a lifetime by adding something along the lines of:

SSH_ADD_DEFAULT_OPTIONS = "-t 1800"

but that would mean that I need to input my passphrase quite often. Preferably, that timeout should be updated each time I run ssh so that the key only gets invalidated whenever I haven't actively logged in anywhere for longer than the timeout. Is there any way of achieving this?

stefanmohl avatar Apr 26 '22 21:04 stefanmohl

Have you verified that OpenSSH's ssh-add provides this feature to prolong the key's lifetime? And if so how does it work? Then it may be added to ssh-ident.

maddes-b avatar May 06 '22 09:05 maddes-b

As far as I know, ssh-agent does not provide this feature. I was more hoping along the lines of somehow being able to provide it through ssh-ident. I'll check with the OpenSSH mailing list to see if they have any ideas around such a function.

stefanmohl avatar May 06 '22 10:05 stefanmohl

ssh-ident can only support the features that ssh-agent/ssh-add provides. You should create a feature request at OpenSSH.

maddes-b avatar May 06 '22 11:05 maddes-b