sshd_config(5) does not appear to mention a keyword to set the maximum lifetime for identities. Which keyword does that and what is the syntax?
According to the man page ssh-agent(1) the maximum lifetime for the agent to keep identities can be set as an option when running ssh-agent ssh-add, or via sshd_config. I presume I am missing the obvious in sshd_config(5). http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5 Neither 'lifetime' nor agent are mentioned. 'identity' is mentioned only once and in the context of the keyword KerberosAuthentication. The keyword PubkeyAuthentication appears to apply only to whether public key authentication is allowed, not the lifespan of the identities. Regards -Lars http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1 ssh-agent(1) ... -t life Set a default value for the maximum lifetime of identities added to the agent. The lifetime may be specified in seconds or in a time format specified in sshd_config(5). A lifetime specified for an identity with ssh-add(1) overrides this value. Without this option the default maximum lifetime is forever... http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-add&sektion=1 ssh-add(1) ... -t life Set a maximum lifetime when adding identities to an agent. The lifetime may be specified in seconds or in a time format specified in sshd_config(5)...
