[question] secrets expiration time?

[christian-korneck]

thanks for this awesome project!

newbie question: How long does a pair of secrets work? (I.e. for how long would I be able to use a pair of secrets generated on the public tunshell relay or on my own?) Is it somehow possible to use them indefinitely?

[TimeToogo]

Hi @christian-korneck,

Currently each session is only valid for one day after creation, principally because I did not want old tunshell sessions being inadvertently activated and potentially leaving hosts exposed.

It is not configurable at the moment but PR's are always welcome. Here is the relevant validation: https://github.com/TimeToogo/tunshell/blob/master/tunshell-server/src/relay/server/session_validation.rs

You can also regenerate the secrets on demand using the relay server API:

1. Find the nearest relay server hostname:

   curl https://nearest.relay.tunshell.com/api/info
   # {"domain_name": "au.relay.tunshell.com"}

2. Generate session keys:

   curl -XPOST https://au.relay.tunshell.com/api/sessions
   # {"peer1_key": "...", "peer2_key": "..."}

Curiously, what is your use-case for session keys which do not expire?

[christian-korneck]

@TimeToogo thanks a lot for your response, it has all the infos I was looking for.

My use case is that I was wondering if I can store the keys as static secrets in a CI system (github actions) and use them forever (like ssh keys). But based on your answer I figure it would probably be better to call the API to generate a key pair on one side and send the relevant part to the other side using a webhook or so.