On Thu, 2 Feb 2017, Adam Eijdenberg wrote: > > I don't think ssh-agent exposes a "how long until this key expires" > > api, but you can at least use this method to see if the cert/key are > > *on* the agent and you can assume that if they're on the agent, then > > they're valid. > > I guess a case could be made for ssh-add to always set a timeout when > adding a certificate with an expiry time, but I think for now I'm > happy enough to do that on our end. That sounds like a fine idea. -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev