Displaying 3 results from an estimated 3 matches for "d194243c61b349021935c97f751a931".
Did you mean:
d194243c61b349021935c97f751a931e
2023 Mar 07
2
Feature request: a good way to supply short-lived certificates to openssh
...xpired or near expired
> before refreshing it. I've done this in the past with expiring
> certificates.
I was intrigued by Darren's note about a command to check certificate expiry. I've put together a quick POC in go to list expiring certificates: https://gist.github.com/rorycl/d194243c61b349021935c97f751a931e
Output is something like:
0 key ssh-ed25519 : is not a certificate
1 key ssh-ed25519-cert-v01 at openssh.com
comment: acmeinc_briony_from:2023-03-07T08:18_to:2023-03-07T11:18UTC
validity: 2023-03-07 08:37:23 GMT to 2023-03-07 11:37:23 GMT
expiring in 60m? true
I...
2023 Mar 06
3
Feature request: a good way to supply short-lived certificates to openssh
On Tue, 7 Mar 2023 at 05:26, Andy Lutomirski <luto at kernel.org> wrote:
[...]
> ssh_config contains a Match ... exec [command to refresh the certificate]. This sort of works,
> except that it runs the command far too frequently. For example, ssh -O exit [name] refreshes
> the certificate, and it should not do so.
You can have the command check if the cert is expired or near
2023 Mar 07
1
Feature request: a good way to supply short-lived certificates to openssh
...ore refreshing it. I've done this in the past with expiring
>> certificates.
>
> I was intrigued by Darren's note about a command to check certificate
> expiry. I've put together a quick POC in go to list expiring
> certificates:
> https://gist.github.com/rorycl/d194243c61b349021935c97f751a931e
>
> Output is something like:
>
> 0 key ssh-ed25519 : is not a certificate
> 1 key ssh-ed25519-cert-v01 at openssh.com
> comment: acmeinc_briony_from:2023-03-07T08:18_to:2023-03-07T11:18UTC
> validity: 2023-03-07 08:37:23 GMT to 2023-03-07 11:37:23 GMT...