On 18/09/18, Darren Tucker (dtucker@xxxxxxxxxxx) wrote: > On 18 September 2018 at 05:34, Rory Campbell-Lange > <rory@xxxxxxxxxxxxxxxxxx> wrote: > [...] > > Local: > > > > $ ssh-add -l > > 2048 SHA256:32C...qYBs /home/user/.ssh/id_user (RSA) > > 2048 SHA256:32C...qYBs /home/user/.ssh/id_user (RSA-CERT) > > 2048 SHA256:SZG...5hUQ newkey (RSA) > > 2048 SHA256:7IS...JRi8 shortlifekey (RSA) > > > > wait 5 minutes... > > > > 2048 SHA256:32Cv...qYBs /home/user/.ssh/id_user (RSA) > > 2048 SHA256:32Cv...qYBs /home/user/.ssh/id_user (RSA-CERT) > > 2048 SHA256:SZGf...5hUQ newkey (RSA) > > Note that as Peter pointed out, that timeout is implemented in the > agent. Be aware that there is nothing stopping someone modifying > their agent to keep a copy of the key, which may or may not matter in > your use case. However, if we add a temporary key and associated time-limited certificate, I assume modifying the agent is less of a risk? Rory _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev