Re: ssh-agent check for new fresh certificate (and key)? worthwhile doing?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Thu, Feb 2, 2017 at 2:48 PM, Damien Miller <djm@xxxxxxxxxxx> wrote:
>> > On Thu, 2 Feb 2017, Adam Eijdenberg wrote:
>> > > I guess a case could be made for ssh-add to always set a timeout when
>> > > adding a certificate with an expiry time, but I think for now I'm
>> > > happy enough to do that on our end.
> It's a fine idea for a feature - even just filing it on bugzilla would be
> good.

Bug filed with first cut at patch for ssh-add here:
https://bugzilla.mindrot.org/show_bug.cgi?id=2675

Although after this thread and an offline chat with Peter, it became
clear that for our use-case we may not actually need to write the key
or certificate to disk at all*, and can just feed them straight to
ssh-agent (which was very easy to do with the Golang libraries).
Really appreciate all the great suggestions and support in this forum.

* Modulo Windows users. Sigh.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux