ssh-agent check for new fresh certificate (and key)? worthwhile doing?

Adam Eijdenberg adam at continusec.com
Thu Feb 2 21:23:48 AEDT 2017


On Thu, Feb 2, 2017 at 2:48 PM, Damien Miller <djm at mindrot.org> wrote:
>> > On Thu, 2 Feb 2017, Adam Eijdenberg wrote:
>> > > I guess a case could be made for ssh-add to always set a timeout when
>> > > adding a certificate with an expiry time, but I think for now I'm
>> > > happy enough to do that on our end.
> It's a fine idea for a feature - even just filing it on bugzilla would be
> good.

Bug filed with first cut at patch for ssh-add here:
https://bugzilla.mindrot.org/show_bug.cgi?id=2675

Although after this thread and an offline chat with Peter, it became
clear that for our use-case we may not actually need to write the key
or certificate to disk at all*, and can just feed them straight to
ssh-agent (which was very easy to do with the Golang libraries).
Really appreciate all the great suggestions and support in this forum.

* Modulo Windows users. Sigh.


More information about the openssh-unix-dev mailing list