commit e5d8c1cbb81c3f62631d4efd2c6a58a8fd97c5c1
parent cbc170049d08e28942a2afaf119a292df75df4a4
Author: pyratebeard <root@pyratebeard.net>
Date: Thu, 9 Mar 2023 21:29:50 +0000
ttl_soup
Diffstat:
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/entry/ttl_soup.md b/entry/ttl_soup.md
@@ -35,5 +35,6 @@ max-cache-ttl-ssh:24:2:set maximum SSH key lifetime to N seconds:3:3:N:7200::288
This means that now my ssh key passphrase is cached for the duration of the work day.
-Now before some of you start shouting that this is not a good idea, I have a script that runs when I lock my screen which kills gpg-agent. This means that if I leave my desk the cached passphrases are dropped. When I return and either open a new terminal or run a command which uses my gpg or ssh keys I will be prompted to re-enter the passphrase. I had decided to set the TTL to 8 hours so that while I am working for long continuous periods I don't need to worry about having to re-enter my passphrase, I am pretty lazy after all.
+Now, before some of you start shouting that it is not a good idea to leave the cached credentials for that long do not fear. I have a script that runs when I lock my screen which kills gpg-agent. This means that if I leave my desk the cached passphrases are dropped. When I return and either open a new terminal or run a command which uses my gpg or ssh keys I will be prompted to re-enter the passphrase. I had decided to set the TTL to 8 hours so that while I am working for long continuous periods I don't need to worry about having to re-enter my passphrase, I am pretty lazy after all.
+Interestingly I found a [closed bug report](https://dev.gnupg.org/T1053){target="_blank" rel="noreferrer"} on the GnuPG bug tracker, which mentions this exact issue, "The TTL specified in sshcontrol for SSH keys is ignored". The report was closed in 2009 so I am surprised I am experiencing the issue. I will dig a bit deeper to see if I have missed something but if anybody knows anything about this please let me know (contact information can be found on my [homepage](https://pyratebeard.net){target="_blank" rel="noreferrer"}.