Categories
DailyOps

How to define key expiration time in OpenSSH authentication agent

Define key expiration time in OpenSSH authentication agent.

Do not worry as you will be not disconnected from any active SSH session after the identity is removed from an agent. Just note, that by default the key will be kept indefinitely.

Use -t parameter to define key lifetime during the start of SSH agent.

The following command will store each identity for eight hours (28800 seconds).

$ eval $(ssh-agent -s -t 28800)

You can use seconds by default or specify time qualifier like s/S for seconds, m/M for minutes, h/H for hours, d/D for days, and w/W for weeks.

So, for example, the following command will store each identity for a single week.

$ eval $(ssh-agent -s -t 1w)

It’s nothing new, but I always try to keep this in mind, so I need to share it here.