Chris's Wiki :: blog/sysadmin/SSHBroadKeyRevocation Commentshttps://utcc.utoronto.ca/~cks/space/blog/sysadmin/SSHBroadKeyRevocation?atomcommentsDWiki2018-11-04T10:15:19ZRecent comments in Chris's Wiki :: blog/sysadmin/SSHBroadKeyRevocation.From 78.58.206.110 on /blog/sysadmin/SSHBroadKeyRevocationtag:CSpace:blog/sysadmin/SSHBroadKeyRevocation:ae6b764f3a02ffa84478b0f4817deb45c3c16872From 78.58.206.110<div class="wikitext"><p>Grant: It is now technically possible to put a lifetime on authorized_keys entries (as of v7.8) – although of course that only works as long as the user cannot just edit the file to extend.</p>
</div>2018-11-04T10:15:19ZBy Grant Taylor on /blog/sysadmin/SSHBroadKeyRevocationtag:CSpace:blog/sysadmin/SSHBroadKeyRevocation:06c31122bea166e30d3462941a091118cca576aaGrant Taylorhttps://dotfiles.tnetconsulting.net/home.html<div class="wikitext"><p>One of the things that I like the most about SSH certificates (as opposed to keys) is that it's possible to put a lifetime on them.</p>
<p>Thus a certificate is not good indefinitely like an authorized_key is.</p>
<p>OpenSSH certificates can naturally cull themselves.</p>
</div>2018-11-02T23:10:19Z