Home / ubuntu / Questions / 14404
Accepted
SpashHit
Asked: 2010-11-23 05:16:05 +0800 CST

make my ssh key expire automatically

  • 772

I sometimes use ssh to connect to a remote machine. Once I enter the passphrase once, I can use ssh again without the passphrase, but even if I come back a long time later, it still doesn't ask me, because the key is cached. I can do ssh-add -D to remove the key from the cache, but I want that to happen automatically after, say, 1 hour. How can I do that?

ssh

3 Answers

  1. Best Answer

    The program that caches your ssh keys is the ssh-agent program, if you look at the man page you can see this relivent option:

    -t life  Set a default value for the maximum lifetime of identities added
         to the agent.  The lifetime may be specified in seconds or in a
         time format specified in sshd_config(5).  A lifetime specified
         for an identity with ssh-add(1) overrides this value.  Without
         this option the default maximum lifetime is forever.

    You can edit the ssh-agent program in your startup programs. Go to System > Preferences > Startup Programs, look for the SSH Key Agent and append -t 3600 to the comman. This will expire your keys in one hour.

    alt text

    You will need to restart your session (log out and back in) for it to take effect. You can also do a similar thing for your gpg key which also can be set in an agent program which can be launched the same way (but isn't installed by default) just in case you get sick of typing in your gpg pass-phrase for package building or emailing.

    • 11

  2. Unfortunately the selected answer doesn't seem valid (anymore): the GNOME Keyring doesn't honor the lifetime option due to bug 525574. A workaround is for example to disable GNOME Keyring for SSH keys, but then you'd have to manually ssh-add -t 60m the key upon use (or script that).

    • 1

  3. You can add a cron job for that.

    • 0