[Bug 252200] [NEW] ssh-agent does not expire key

Skion launchpad.net at spam.ennes.net
Sat Jul 26 22:53:36 BST 2008

Public bug reported:

When I add an SSH key to ssh-agent the lifetime (-t) parameter seems to
be ignored:

$ ssh-add -t 1 /home/pieter/.ssh/id_work
$ ssh-add -l
1024 76:a9:b1:c4:af:ef:b5:b9:6e:39:05:91:c9:a2:b7:89  (DSA)
$ ssh [work]

Now I wait, and after 1 second, 1 minute, 1 hour I can still login.
However, deleting the key manually:

$ ssh-add -D
All identities removed.

does expire the key correctly:
$ ssh [work]
Permission denied (publickey).

This is risky when you lose a laptop, since the thief has infinite time
to login to your hosts. The key should expire after the set expiry

$ lsb_release -rd
Description:	Ubuntu 8.04.1
Release:	8.04

$ apt-cache policy openssh-client
  Installed: 1:4.7p1-8ubuntu1.2
  Candidate: 1:4.7p1-8ubuntu1.2
  Version table:
 *** 1:4.7p1-8ubuntu1.2 0
        500 http://nl.archive.ubuntu.com hardy-updates/main Packages
        500 http://security.ubuntu.com hardy-security/main Packages
        100 /var/lib/dpkg/status
     1:4.7p1-8ubuntu1 0
        500 http://nl.archive.ubuntu.com hardy/main Packages

** Affects: openssh (Ubuntu)
     Importance: Undecided
         Status: New

ssh-agent does not expire key
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.

More information about the Ubuntu-server-bugs mailing list