On 18 September 2018 at 05:34, Rory Campbell-Lange <rory@xxxxxxxxxxxxxxxxxx> wrote: [...] > Local: > > $ ssh-add -l > 2048 SHA256:32C...qYBs /home/user/.ssh/id_user (RSA) > 2048 SHA256:32C...qYBs /home/user/.ssh/id_user (RSA-CERT) > 2048 SHA256:SZG...5hUQ newkey (RSA) > 2048 SHA256:7IS...JRi8 shortlifekey (RSA) > > wait 5 minutes... > > 2048 SHA256:32Cv...qYBs /home/user/.ssh/id_user (RSA) > 2048 SHA256:32Cv...qYBs /home/user/.ssh/id_user (RSA-CERT) > 2048 SHA256:SZGf...5hUQ newkey (RSA) Note that as Peter pointed out, that timeout is implemented in the agent. Be aware that there is nothing stopping someone modifying their agent to keep a copy of the key, which may or may not matter in your use case. -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev