> On 29 Jan 2017, at 10:39, Marko Bauhardt <[email protected]> wrote: > > Now one year later. My ssh subkey is expired. But i’m still able to login > into my ssh-server. > My assumption was that i can use this subkey only if this key is valid. Is > the expired key working because i’m using the ssh-agent instead of the > gpg-agent?
It is still working because the remote ssh server has no concept of key expiry. When you converted your auth subkey to ssh format you stripped all the expiry info from it. (There is the related problem of your client offering the expired key to the server, but this is relatively harmless). If you want your ssh key to stop working when the auth subkey expires, you need to make sure to run monkeysphere on a regular basis (cron) on the remote server, to refresh the authorized_keys and thereby overwrite any ssh keys associated with expired pgp keys. Ssh keys themselves do not expire. See: http://web.monkeysphere.info/doc/ssh-user-authentication/ Andrew.
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
