add keys and certificate to forwarded agent on remote host
Rory Campbell-Lange
rory at campbell-lange.net
Tue Sep 18 23:51:10 AEST 2018
On 18/09/18, Darren Tucker (dtucker at dtucker.net) wrote:
> On 18 September 2018 at 05:34, Rory Campbell-Lange
> <rory at campbell-lange.net> wrote:
> [...]
> > Local:
> >
> > $ ssh-add -l
> > 2048 SHA256:32C...qYBs /home/user/.ssh/id_user (RSA)
> > 2048 SHA256:32C...qYBs /home/user/.ssh/id_user (RSA-CERT)
> > 2048 SHA256:SZG...5hUQ newkey (RSA)
> > 2048 SHA256:7IS...JRi8 shortlifekey (RSA)
> >
> > wait 5 minutes...
> >
> > 2048 SHA256:32Cv...qYBs /home/user/.ssh/id_user (RSA)
> > 2048 SHA256:32Cv...qYBs /home/user/.ssh/id_user (RSA-CERT)
> > 2048 SHA256:SZGf...5hUQ newkey (RSA)
>
> Note that as Peter pointed out, that timeout is implemented in the
> agent. Be aware that there is nothing stopping someone modifying
> their agent to keep a copy of the key, which may or may not matter in
> your use case.
However, if we add a temporary key and associated time-limited
certificate, I assume modifying the agent is less of a risk?
Rory
More information about the openssh-unix-dev
mailing list