AFAIK, there is no configuration in sshd_config
or ssh_config
to specify the time out for ssh-agent
. From openssh
source code, file ssh-agent.c
:
/* removes expired keys and returns number of seconds until the next expiry */
static time_t
reaper(void)
{
time_t deadline = 0, now = monotime();
Identity *id, *nxt;
int version;
Idtab *tab;
for (version = 1; version < 3; version++) {
tab = idtab_lookup(version);
for (id = TAILQ_FIRST(&tab->idlist); id; id = nxt) {
nxt = TAILQ_NEXT(id, next);
if (id->death == 0)
continue;
if (now >= id->death) {
debug("expiring key '%s'", id->comment);
TAILQ_REMOVE(&tab->idlist, id, next);
free_identity(id);
tab->nentries--;
} else
deadline = (deadline == 0) ? id->death :
MIN(deadline, id->death);
}
}
if (deadline == 0 || deadline <= now)
return 0;
else
return (deadline - now);
}
And in process_add_identity
function:
process_add_identity(SocketEntry *e, int version)
{
....
if (lifetime && !death)
death = monotime() + lifetime;
....
}
lifetime
is a global variable and only change value when parsing argument:
/* Default lifetime in seconds (0 == forever) */
static long lifetime = 0;
int
main(int ac, char **av)
{
....
case 't':
if ((lifetime = convtime(optarg)) == -1) {
fprintf(stderr, "Invalid lifetime\n");
usage();
}
....
}
If you use Ubuntu, you can set default options for ssh-agent
in /etc/X11/Xsession.d/90x11-common_ssh-agent
:
STARTSSH=
SSHAGENT=/usr/bin/ssh-agent
SSHAGENTARGS="-t 1h"
if has_option use-ssh-agent; then
if [ -x "$SSHAGENT" ] && [ -z "$SSH_AUTH_SOCK" ] \
&& [ -z "$SSH2_AUTH_SOCK" ]; then
STARTSSH=yes
if [ -f /usr/bin/ssh-add1 ] && cmp -s $SSHAGENT /usr/bin/ssh-agent2; then
# use ssh-agent2's ssh-agent1 compatibility mode
SSHAGENTARGS=-1
fi
fi
fi
if [ -n "$STARTSSH" ]; then
STARTUP="$SSHAGENT $SSHAGENTARGS ${TMPDIR:+env TMPDIR=$TMPDIR} $STARTUP"
fi
It looks like you may not have actually added the key to the agent..
If your local workstation is Linux then there's likely an agent running as part of your session you can examine it's contents with ssh-add -l
If the key hasn't been added to the agent you can also add it with ssh-add
After that when you ssh
to mysite.be you should be able to see the key fingerprint listed when you run ssh-add -l
Best Answer
No, there is no interface in ssh-agent communication protocol to provide this information. It is used only when adding the key (
constraint
array), but this is not returned when you list the keys, as the PROTOCOL.agent page describes (there is only key blob and comment for each key).Requiring this would probably require to change the protocol, which is a run for a long distance.