I have a private SSH key I use for authentication that is stored in ~/.ssh/id_rsa. When I ssh into a server, I am prompted for the password to unlock the key:
I like this. I also like that I can ssh again and again and it doesn't prompt me for my password.
What I don't like is that I am not required to enter my key password days or even weeks later. I can lock my screen or put it to sleep and I still don't have to enter my key password. The only time it seems to expire the password is when I logout (which I do rarely).
How do I get the key password to expire after a while, forcing me to enter my password again to authenticate? Making it so that perhaps after 1 hour, the key is automatically forgotten.
Best Answer
Rather than tweaking ssh-agent (which now requires silly amounts of hacking), I strongly recommend simply changing the settings on your default (login) keychain. I use the very helpful 'lock on sleep' as well as 'lock after 4 hours' because I don't want prompts unless I'm actually afk.
Open Keychain Access and right-click the login keychain to change settings:
Or if you prefer a commandline:
This will result in at least one extra prompt for unlocking the keychain itself (requiring your login password) as well as the prompt for whichever key you're trying to use... but it beats disabling System Integrity Protection IMO.