Open stefanmohl opened 2 years ago
Have you verified that OpenSSH's ssh-add
provides this feature to prolong the key's lifetime? And if so how does it work? Then it may be added to ssh-ident
.
As far as I know, ssh-agent does not provide this feature. I was more hoping along the lines of somehow being able to provide it through ssh-ident. I'll check with the OpenSSH mailing list to see if they have any ideas around such a function.
ssh-ident
can only support the features that ssh-agent
/ssh-add
provides. You should create a feature request at OpenSSH.
I would like giving my keys a lifetime by adding something along the lines of:
SSH_ADD_DEFAULT_OPTIONS = "-t 1800"
but that would mean that I need to input my passphrase quite often. Preferably, that timeout should be updated each time I run ssh so that the key only gets invalidated whenever I haven't actively logged in anywhere for longer than the timeout. Is there any way of achieving this?