On Thu, Feb 2, 2017 at 2:48 PM, Damien Miller <djm@xxxxxxxxxxx> wrote: >> > On Thu, 2 Feb 2017, Adam Eijdenberg wrote: >> > > I guess a case could be made for ssh-add to always set a timeout when >> > > adding a certificate with an expiry time, but I think for now I'm >> > > happy enough to do that on our end. > It's a fine idea for a feature - even just filing it on bugzilla would be > good. Bug filed with first cut at patch for ssh-add here: https://bugzilla.mindrot.org/show_bug.cgi?id=2675 Although after this thread and an offline chat with Peter, it became clear that for our use-case we may not actually need to write the key or certificate to disk at all*, and can just feed them straight to ssh-agent (which was very easy to do with the Golang libraries). Really appreciate all the great suggestions and support in this forum. * Modulo Windows users. Sigh. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev