search for: d194243c61b349021935c97f751a931e

...xpired or near expired > before refreshing it. I've done this in the past with expiring > certificates. I was intrigued by Darren's note about a command to check certificate expiry. I've put together a quick POC in go to list expiring certificates: https://gist.github.com/rorycl/d194243c61b349021935c97f751a931e Output is something like: 0 key ssh-ed25519 : is not a certificate 1 key ssh-ed25519-cert-v01 at openssh.com comment: acmeinc_briony_from:2023-03-07T08:18_to:2023-03-07T11:18UTC validity: 2023-03-07 08:37:23 GMT to 2023-03-07 11:37:23 GMT expiring in 60m? true I&...

On Tue, 7 Mar 2023 at 05:26, Andy Lutomirski <luto at kernel.org> wrote: [...] > ssh_config contains a Match ... exec [command to refresh the certificate]. This sort of works, > except that it runs the command far too frequently. For example, ssh -O exit [name] refreshes > the certificate, and it should not do so. You can have the command check if the cert is expired or near

...ore refreshing it. I've done this in the past with expiring >> certificates. > > I was intrigued by Darren's note about a command to check certificate > expiry. I've put together a quick POC in go to list expiring > certificates: > https://gist.github.com/rorycl/d194243c61b349021935c97f751a931e > > Output is something like: > > 0 key ssh-ed25519 : is not a certificate > 1 key ssh-ed25519-cert-v01 at openssh.com > comment: acmeinc_briony_from:2023-03-07T08:18_to:2023-03-07T11:18UTC > validity: 2023-03-07 08:37:23 GMT to 2023-03-07 11:37:23 GMT...