maddes-b
commented
2 years ago Have you verified that OpenSSH's ssh-add provides this feature to prolong the key's lifetime? And if so how does it work? Then it may be added to ssh-ident.
Open stefanmohl opened 2 years ago
maddes-b
commented
2 years ago Have you verified that OpenSSH's ssh-add provides this feature to prolong the key's lifetime? And if so how does it work? Then it may be added to ssh-ident.
stefanmohl
commented
2 years ago As far as I know, ssh-agent does not provide this feature. I was more hoping along the lines of somehow being able to provide it through ssh-ident. I'll check with the OpenSSH mailing list to see if they have any ideas around such a function.
maddes-b
commented
2 years ago ssh-ident can only support the features that ssh-agent/ssh-add provides. You should create a feature request at OpenSSH.
I would like giving my keys a lifetime by adding something along the lines of:
SSH_ADD_DEFAULT_OPTIONS = "-t 1800"but that would mean that I need to input my passphrase quite often. Preferably, that timeout should be updated each time I run ssh so that the key only gets invalidated whenever I haven't actively logged in anywhere for longer than the timeout. Is there any way of achieving this?