Bug#307246: /usr/bin/ssh-add: ssh-add should update timeout

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#307246: /usr/bin/ssh-add: ssh-add should update timeout
From: Marc Lehmann <debian-reportbug@plan9.de>
Date: Mon, 02 May 2005 05:24:33 +0200
Message-id: <[🔎] E1DSRXt-0000q2-Mb.pgcc-forever-2005-05-02-05-24-33@cerebro.laendle>
Reply-to: Marc Lehmann <debian-reportbug@plan9.de>, 307246@bugs.debian.org

Package: ssh
Version: 1:3.8.1p1-8.sarge.4
Severity: wishlist
File: /usr/bin/ssh-add


MY WISH: :)

ssh-add documents -t as:

   Set a maximum lifetime when adding identities to an agent.

unfortunately, this is very true, the effective timeout is somewhere
between 0 and the specified number of seconds, which makes this switch
hard to use.

it would be nice if -t would update the timeout if the key already exists.

WHEN DOES IT FAIL:

I'd like to do the equivalent of this:

   ssh-add -t 10 ...
   ssh ...

I.e. add a key for a small number of seconds to limit the time window it
could possibly be abused.

Unfortunately, if the key already exists, the timeout does not get
updated. If one runs a number of ssh-adds in quick succession, the key
will time out 10 seconds after it was first added, not 10 seconds after
ssh-add was last called.

As it is now, I have to do sth. like ssh-add -t7200 as the whole process
can take up to two hours (it is uusally much faster, but I need to be
sure), which is a much larger window than multiple 10 second windows.

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (700, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.11-rc2
Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

Versions of packages ssh depends on:
ii  adduser                     3.63         Add and remove users and groups
ii  debconf                     1.4.48       Debian configuration management sy
ii  dpkg                        1.10.27      Package maintenance system for Deb
hi  libc6                       2.3.2.ds1-20 GNU C Library: Shared libraries an
ii  libpam-modules              0.76-22      Pluggable Authentication Modules f
ii  libpam-runtime              0.76-22      Runtime support for the PAM librar
ii  libpam0g                    0.76-22      Pluggable Authentication Modules l
hi  libssl0.9.7                 0.9.7e-2     SSL shared libraries
ii  libwrap0                    7.6.dbs-8    Wietse Venema's TCP wrappers libra
ii  zlib1g                      1:1.2.2-3    compression library - runtime

-- debconf information:
* ssh/use_old_init_script: true
* ssh/privsep_tell:
* ssh/forward_warning:
* ssh/SUID_client: false
  ssh/privsep_ask: true
* ssh/protocol2_only: true
  ssh/new_config: true
  ssh/insecure_telnetd:
  ssh/encrypted_host_key_but_no_keygen:
* ssh/run_sshd: true
  ssh/insecure_rshd:
  ssh/ssh2_keys_merged:

Reply to:

Next by Date: Bug#251474: Debian bug #251474: fixed upstream
Next by thread: Bug#251474: Debian bug #251474: fixed upstream
Index(es):
- Date
- Thread