2524 – config file option to limit the lifetime of added keys

Bug 2524 - config file option to limit the lifetime of added keys

Summary: config file option to limit the lifetime of added keys

Status:	CLOSED WONTFIX

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	ssh-agent (show other bugs)
Version:	7.1p1
Hardware:	ix86 Mac OS X

Importance:	P5 enhancement
Assignee:	Assigned to nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2016-01-12 20:39 AEDT by Martin Häcker
Modified:	2016-08-02 10:41 AEST (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Martin Häcker 2016-01-12 20:39:57 AEDT

When using ssh-agent I really want all keys that are added to it to have a lifetime of just x seconds (60 in my case) to prevent me from accidentally adding a key for the lifetime of ssh-agent and thus risk compromising it when I login to a compromised machine without knowing so.

Of course I already only enable forwarding when I need to, but it would be a really nice second line of defense when I also have to add the key in question to ssh-agent when I need to.

There is already 'ssh-agent -t 60 ~/.ssh/some_key' and there is also 'ssh-agent -t 60' - but as far as I can figure out there is no value that I can set in my ~/.ssh/config that will ensure that this is set.

And that's what I want.

Comment 1 Damien Miller 2016-02-11 17:02:56 AEDT

ssh-agent doesn't read ~/.ssh/config and I don't think we want it to. I think the existing command-line option is sufficient, sorry.

Comment 2 Damien Miller 2016-08-02 10:41:38 AEST

Close all resolved bugs after 7.3p1 release