[Bug 2598] ssh-agent very occasionally won't remove keys or certs despite now() >= lifetime

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Wed Jul 20 01:20:06 AEST 2016


https://bugzilla.mindrot.org/show_bug.cgi?id=2598

--- Comment #12 from Peter Moody <mindrot at hda3.com> ---
The key didn't expire this morning with vanilla 6.9p1. attaching the
agent.log now. I'll try your new patch against HEAD.

$ env SSH_AUTH_SOCK=/tmp/ssh.sock ssh-add -l
2048 SHA256:6kWrXTlSBCyHqfiPJHm5teVHIP0wH+RDWrVFk3FB4DE [Valid until
Tue 19 Jul 2016 13:17 UTC, Version 2] (RSA-CERT)
2048 SHA256:6kWrXTlSBCyHqfiPJHm5teVHIP0wH+RDWrVFk3FB4DE [Valid until
Tue 19 Jul 2016 13:17 UTC, Version 2] (RSA)

$ env SSH_AUTH_SOCK=/tmp/ssh.sock ssh-add -l
2048 SHA256:6kWrXTlSBCyHqfiPJHm5teVHIP0wH+RDWrVFk3FB4DE [Valid until
Tue 19 Jul 2016 13:17 UTC, Version 2] (RSA-CERT)
2048 SHA256:6kWrXTlSBCyHqfiPJHm5teVHIP0wH+RDWrVFk3FB4DE [Valid until
Tue 19 Jul 2016 13:17 UTC, Version 2] (RSA)

$ date -u
Tue Jul 19 14:20:00 UTC 2016

# about 30 minutes later
$ env SSH_AUTH_SOCK=/tmp/ssh.sock usshcertstatus
ussh cert good for -1h-56m

> what's "usshcertatus" ?

we call the ssh cert stuff, "ussh" (uber-ssh). usshcertstatus prints
ssh-keygen -L -f type information for any certs signed by our CA. sort
of like prodcertstatus for prodaccess.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list