Bug 2524

Summary: config file option to limit the lifetime of added keys
Product: Portable OpenSSH Reporter: Martin Häcker <spamfaenger>
Component: ssh-agentAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED WONTFIX    
Severity: enhancement CC: djm, rhbugs
Priority: P5    
Version: 7.1p1   
Hardware: ix86   
OS: Mac OS X   

Description Martin Häcker 2016-01-12 20:39:57 AEDT 
When using ssh-agent I really want all keys that are added to it to have a lifetime of just x seconds (60 in my case) to prevent me from accidentally adding a key for the lifetime of ssh-agent and thus risk compromising it when I login to a compromised machine without knowing so.

Of course I already only enable forwarding when I need to, but it would be a really nice second line of defense when I also have to add the key in question to ssh-agent when I need to.

There is already 'ssh-agent -t 60 ~/.ssh/some_key' and there is also 'ssh-agent -t 60' - but as far as I can figure out there is no value that I can set in my ~/.ssh/config that will ensure that this is set.

And that's what I want.
Comment 1 Damien Miller 2016-02-11 17:02:56 AEDT 
ssh-agent doesn't read ~/.ssh/config and I don't think we want it to. I think the existing command-line option is sufficient, sorry.
Comment 2 Damien Miller 2016-08-02 10:41:38 AEST 
Close all resolved bugs after 7.3p1 release