Retrieve TTL of key from the agent

Tim Heckman tim+ssh at
Tue Dec 11 10:10:24 EST 2012

On Monday, December 10, 2012 at 2:50 PM, Ángel González wrote:

> Hello Tim,
> I think there's no message to query the TTL (ie. no).
> I'm not sure why you need to decide that in advance, though. Can't you just
> use it if it's in the agent or else load it?

On Monday, December 10, 2012 at 4:29 PM, Damien Miller wrote:

> No - the agent protocol (detailed in PROTOCOL.agent) doesn't offer any way
> to export this information.
> -d  
What I'm working on is to allow users access to a system for a short period of time without them actually having read/write access to where the keys are stored. There will also be a slight delay between my system checking the status of the agent and the user attempting to connect. As such, there is a window (albeit short) where the key could be gone but the user doesn't know about it.

I was trying to be slick and not have to decrypt the SSH key on each request if the key already exists in the agent. However, I think the best option would be to just add the key each time.

Thank you very much for getting back to me Ángel and Damien. Hope you two have a great holidays and an awesome 2013. :)


More information about the openssh-unix-dev mailing list