On Mon, Mar 6, 2023, at 2:09 PM, Darren Tucker wrote: > On Tue, 7 Mar 2023 at 05:26, Andy Lutomirski <luto@xxxxxxxxxx> wrote: > [...] >> ssh_config contains a Match ... exec [command to refresh the certificate]. This sort of works, >> except that it runs the command far too frequently. For example, ssh -O exit [name] refreshes >> the certificate, and it should not do so. > > You can have the command check if the cert is expired or near expired > before refreshing it. I've done this in the past with expiring > certificates. True, but that doesn't help with the -O exit use case. And it's really quite silly for any configuration using ControlMaster -- I don't want my certificates renewed when I'm joining an existing ControlMaster question. So I still think that openssh doesn't have a great mechanism more this, and I think my feature request still makes sense. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
