SSH cert idea #81

New issue

Open

opened 2026-02-03 21:56:58 +01:00 by Soph · 1 comment

Soph commented 2026-02-03 21:56:58 +01:00

Owner

Copy link

Local ssh keys are only valid for x hours.

When expired ssh key is found, must renew with CA (on yubikey).

Host keys are valid for 90 days. Warnings should be configured at some point. Maybe getting them in grafana would be enough idk.

For signing and age, 1 key, expiry 90 days.

Local ssh keys are only valid for x hours. When expired ssh key is found, must renew with CA (on yubikey). Host keys are valid for 90 days. Warnings should be configured at some point. Maybe getting them in grafana would be enough idk. For signing and age, 1 key, expiry 90 days.

Soph commented 2026-02-03 23:26:58 +01:00

Author

Owner

Copy link

Or just, sign things in the first place and then look at this as a future idea. I don't know yet

Or just, sign things in the first place and then look at this as a future idea. I don't know yet

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

robotnix

merge-in-public

No results found.

Labels

Clear labels   

bug

Something is not working

  

duplicate

This issue or pull request already exists

  

enhancement

New feature

  

help wanted

Need some help

  

invalid

Something is wrong

  

question

More information is needed

  

security

  

wontfix

This won't be fixed

No labels

bug

duplicate

enhancement

help wanted

invalid

question

security

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

Soph/nixos#81

No description provided.