Update key lifetime each time a key is used?

[stefanmohl]

I would like giving my keys a lifetime by adding something along the lines of:

SSH_ADD_DEFAULT_OPTIONS = "-t 1800"

but that would mean that I need to input my passphrase quite often. Preferably, that timeout should be updated each time I run ssh so that the key only gets invalidated whenever I haven't actively logged in anywhere for longer than the timeout. Is there any way of achieving this?

[maddes-b]

Have you verified that OpenSSH's ssh-add provides this feature to prolong the key's lifetime? And if so how does it work? Then it may be added to ssh-ident.

[stefanmohl]

As far as I know, ssh-agent does not provide this feature. I was more hoping along the lines of somehow being able to provide it through ssh-ident. I'll check with the OpenSSH mailing list to see if they have any ideas around such a function.

[maddes-b]

ssh-ident can only support the features that ssh-agent/ssh-add provides. You should create a feature request at OpenSSH.