[Bug 2675] New: When adding certificates to ssh-agent, use expiry date as upper bound for lifetime
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Thu Feb 2 21:13:58 AEDT 2017
https://bugzilla.mindrot.org/show_bug.cgi?id=2675
Bug ID: 2675
Summary: When adding certificates to ssh-agent, use expiry date
as upper bound for lifetime
Product: Portable OpenSSH
Version: 7.4p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh-add
Assignee: unassigned-bugs at mindrot.org
Reporter: adam at continusec.com
Created attachment 2935
--> https://bugzilla.mindrot.org/attachment.cgi?id=2935&action=edit
First cut of patch
For users that regularly receive new short-lived certificates, it is
useful to be able to add these to ssh-agent without the list of
identities continually growing.
Since ssh-add already supports a lifetime parameter, suggest changing
behaviour of ssh-add such that we always use the expiry date in the
certificate as an upper bound for the lifetime.
Sample usage:
$ ssh-add ~/.ssh/id_androgogic_shortlived_rsa
Set lifetime to 74594 to match certificate expiry time.
Identity added: /Users/aeijdenberg/.ssh/id_androgogic_shortlived_rsa
(/Users/aeijdenberg/.ssh/id_androgogic_shortlived_rsa)
Lifetime set to 74594 seconds
Certificate added:
/Users/aeijdenberg/.ssh/id_androgogic_shortlived_rsa-cert.pub
(adam/androbot (for adam.eijdenberg at androgogic.com))
Lifetime set to 74594 seconds
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list