I need to generate an SSH key in my Sun OS machine which should expire in 2 years. I usually generate the keys using ssh-keygen -t dsa but the keys generated like this would be non-expiring. I checked for the man pages for ssh-keygen but could not find an option for expiring the key.
SSH-KEYGEN(1) BSD General Commands Manual SSH-KEYGEN(1) NAME top ssh ... with a plus character or the string “forever” to indicate that the certificate has no expiry date. For example: “+52w1d” (valid from now to 52 weeks and one day from now), “-4w:+4w” (valid from four weeks ago to four weeks from now), “20100101123000 ...
Simple answer, no. SSH keys are simple cryptographic keys, if you want to add a validity period to it, you end up in PKI territory. There is an answer on the Ubuntu Stack Exchange site, asking how to make SSH keys expire automatically, but this is to do with using the ssh-agent tool.. Alternatively, you can use a third party app installed on your server to automatically expire SSH keys based ...
Include an (optional) expiry date for the key under “Expires at” section. (Introduced in GitLab 12.9.) Click the Add key button. SSH keys that have “expired” using this procedure are valid in GitLab workflows. As the GitLab-configured expiration date is not included in the SSH key itself, you can still export public SSH …
A lifetime specified for an identity with ssh-add(1) overrides this value. Without this option the default maximum lifetime is forever. You can edit the ssh-agent program in your startup programs. Go to System > Preferences > Startup Programs, look for the SSH Key Agent and append -t 3600 to the comman. This will expire your keys in one hour.
From my understanding, .p12 is a very flexible file format in that a p12 created by openssl can look very different from a p12 created by java keytool, but most often the contents look like this: You need to extract the certificate, not the private key. Keys themselves don't have expiration dates, you want to extract the certificate from the p12 and look at the notAfter or validTo field.
ssh-keygen -t rsa -b 4096 ssh-keygen -t dsa ssh-keygen -t ecdsa -b 521 ssh-keygen -t ed25519 Specifying the File Name. Normally, the tool prompts for the file in which to store the key. However, it can also be specified on the command line using the -f
DESCRIPTION. ssh-keygen generates, manages and converts authentication keys for ssh(1). ssh-keygen can create keys for use by SSH protocol version 2.. The type of key to be generated is specified with the -t option. If invoked without any arguments, ssh-keygen will generate an RSA key. ssh-keygen is also used to generate groups for use in Diffie-Hellman group exchange (DH-GEX).
As you can see in the ssh-agent protocol specification, there is no field that would expose the timeout to the client. If you want to use expiry time, but do not want to care about adding them, there is option AddKeysToAgent , which will allow to add the keys to the agent when it is used for the first time.
There is only one pretty child in the world, and every mother has it.