OR
ssh-agent -t 30 bash
ssh-add
ssh-agent ksh
ssh-add -t 30
Time Format Examples
sshd server command-line arguments and configuration file options that specify time may be expressed using a sequence of the form:where, time is a positive integer value and qualifier is one of the following:
time[qualifier]
| Time | Format | Example |
|---|---|---|
| none (default) | seconds | ssh-agent -t 30 ssh-add -t 30 |
| s or S | seconds | ssh-agent -t 30s ssh-add -t 30S |
| m or M | minutes | ssh-agent -t 30m ssh-add -t 30M |
| h or H | hours | ssh-agent -t 30h ssh-add -t 30H |
| d or D | days | ssh-agent -t 1d ssh-add -t 1D |
| w or W | weeks | ssh-agent -t 2w ssh-add -t 2W |
$ ssh-agent bash
$ ssh-add -t 90m
$ ssh vivek@server1.cyberciti.bizOR
$ ssh-agent bash
$ ssh-add -t 1h30m
$ ssh vivek@server1.cyberciti.biz
The maximum lifetime is set to 90 minutes i.e. after 90 minutes you will not able to login to the server. So if someone stole your laptop or tried to access unprotected console session they will not able to use your private keys.
Say Hello To keychain
I strongly recommend that you use keychain as a manager for ssh-agent, typically run from ~/.bash_profile as follows:$ /usr/bin/keychain --clear $HOME/.ssh/id_rsaThe above will delete all of ssh-agent's keys. Typically this is used in .bash_profile. The theory behind this is that keychain should assume that you are an intruder until proven otherwise. However, while this option increases security, it still allows your cron jobs to use your ssh keys when you're logged out.
No comments:
Post a Comment