> On 29 Jan 2017, at 15:18, Andrew Gallagher <[email protected]> wrote: > > > On 29 Jan 2017, at 10:39, Marko Bauhardt <[email protected] > <mailto:[email protected]>> wrote: > >> Now one year later. My ssh subkey is expired. But i’m still able to login >> into my ssh-server. >> My assumption was that i can use this subkey only if this key is valid. Is >> the expired key working because i’m using the ssh-agent instead of the >> gpg-agent? > > It is still working because the remote ssh server has no concept of key > expiry. When you converted your auth subkey to ssh format you stripped all > the expiry info from it. (There is the related problem of your client > offering the expired key to the server, but this is relatively harmless). > > If you want your ssh key to stop working when the auth subkey expires, you > need to make sure to run monkeysphere on a regular basis (cron) on the remote > server, to refresh the authorized_keys and thereby overwrite any ssh keys > associated with expired pgp keys. Ssh keys themselves do not expire. > > See: http://web.monkeysphere.info/doc/ssh-user-authentication/ > <http://web.monkeysphere.info/doc/ssh-user-authentication/>
Thank you Andrew. Make sense Marko
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
