Re: add keys and certificate to forwarded agent on remote host

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 

On 18 September 2018 at 05:34, Rory Campbell-Lange
<rory@xxxxxxxxxxxxxxxxxx> wrote:
[...]
> Local:
>
>         $ ssh-add -l
>         2048 SHA256:32C...qYBs /home/user/.ssh/id_user (RSA)
>         2048 SHA256:32C...qYBs /home/user/.ssh/id_user (RSA-CERT)
>         2048 SHA256:SZG...5hUQ newkey (RSA)
>         2048 SHA256:7IS...JRi8 shortlifekey (RSA)
>
>         wait 5 minutes...
>
>         2048 SHA256:32Cv...qYBs /home/user/.ssh/id_user (RSA)
>         2048 SHA256:32Cv...qYBs /home/user/.ssh/id_user (RSA-CERT)
>         2048 SHA256:SZGf...5hUQ newkey (RSA)

Note that as Peter pointed out, that timeout is implemented in the
agent.  Be aware that there is nothing stopping someone modifying
their agent to keep a copy of the key, which may or may not matter in
your use case.

-- 
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux