Hello, I'm writing a system to maintain keys within an SSH agent, and all of these keys will only remain in the agent for a short amount of time. This is done to limit access to that key for a short period, as well as to avoid the agent from being cluttered up with a large number of unique SSH keys. This system decrypts the SSH keys on the disk and then loads them in to the agent. I would like to be able to get the key's TTL so I can decide if it's worth decrypting the key again and loading it in to the agent, or if I should just use the key already in the agent. So in short, is there a way to get the TTL for a key in the agent? Thanks! -Tim
On 10/12/12 18:50, Tim Heckman wrote:> Hello, > > I'm writing a system to maintain keys within an SSH agent, and all of these > keys will only remain in the agent for a short amount of time. This is done > to limit access to that key for a short period, as well as to avoid the > agent from being cluttered up with a large number of unique SSH keys. > > This system decrypts the SSH keys on the disk and then loads them in to the > agent. I would like to be able to get the key's TTL so I can decide if it's > worth decrypting the key again and loading it in to the agent, or if I > should just use the key already in the agent. > > So in short, is there a way to get the TTL for a key in the agent? > > Thanks!Hello Tim, I think there's no message to query the TTL (ie. no). I'm not sure why you need to decide that in advance, though. Can't you just use it if it's in the agent or else load it?
On Mon, 10 Dec 2012, Tim Heckman wrote:> Hello, > > I'm writing a system to maintain keys within an SSH agent, and all of these > keys will only remain in the agent for a short amount of time. This is done > to limit access to that key for a short period, as well as to avoid the > agent from being cluttered up with a large number of unique SSH keys. > > This system decrypts the SSH keys on the disk and then loads them in to the > agent. I would like to be able to get the key's TTL so I can decide if it's > worth decrypting the key again and loading it in to the agent, or if I > should just use the key already in the agent. > > So in short, is there a way to get the TTL for a key in the agent?No - the agent protocol (detailed in PROTOCOL.agent) doesn't offer any way to export this information. -d