https://bugzilla.mindrot.org/show_bug.cgi?id=2598
--- Comment #7 from Peter Moody <mind...@hda3.com> --- Thanks, Darren. I'm running the patched ssh-agent now. fwiw, I apparently *can* repro this on my machine (I'd only gotten reports of this from other people before). this is on my system-provided agent. $ usshcertstatus ussh cert good for -50h-16m waiting for the cert/key to expire on the patched version now $ env SSH_AUTH_SOCK=/tmp/ssh.sock usshcertstatus ussh cert good for 19h56m > - when it happens, if you run ssh-add -l twice are the keys present in both? yes $ ssh-add -l 2048 SHA256:xXX0cRWdec7IA43C0cSF+Y9JrKul2JBzgXk28NMLfEU [Valid until Sat 16 Jul 2016 15:01 UTC, Version 2] (RSA-CERT) 2048 SHA256:xXX0cRWdec7IA43C0cSF+Y9JrKul2JBzgXk28NMLfEU [Valid until Sat 16 Jul 2016 15:01 UTC, Version 2] (RSA) $ ssh-add -l 2048 SHA256:xXX0cRWdec7IA43C0cSF+Y9JrKul2JBzgXk28NMLfEU [Valid until Sat 16 Jul 2016 15:01 UTC, Version 2] (RSA-CERT) 2048 SHA256:xXX0cRWdec7IA43C0cSF+Y9JrKul2JBzgXk28NMLfEU [Valid until Sat 16 Jul 2016 15:01 UTC, Version 2] (RSA) $ ssh-add -l 2048 SHA256:xXX0cRWdec7IA43C0cSF+Y9JrKul2JBzgXk28NMLfEU [Valid until Sat 16 Jul 2016 15:01 UTC, Version 2] (RSA-CERT) 2048 SHA256:xXX0cRWdec7IA43C0cSF+Y9JrKul2JBzgXk28NMLfEU [Valid until Sat 16 Jul 2016 15:01 UTC, Version 2] (RSA) $ ssh-add -l 2048 SHA256:xXX0cRWdec7IA43C0cSF+Y9JrKul2JBzgXk28NMLfEU [Valid until Sat 16 Jul 2016 15:01 UTC, Version 2] (RSA-CERT) 2048 SHA256:xXX0cRWdec7IA43C0cSF+Y9JrKul2JBzgXk28NMLfEU [Valid until Sat 16 Jul 2016 15:01 UTC, Version 2] (RSA) $ usshcertstatus ussh cert good for -50h-21m > - is there anything else going on with clocks, eg ntpd? if so, are there > any clock steps logged? I don't see any likely ntp errors in the logs. The only slight weirdness with my setup here is that I believe my laptop was asleep for most of the weekend. it looks like this key/cert pair should've been removed on 16 July at ~08.25 my latop diagnostic logs go from 16 July at 4.57 to 16 July 9.44. time(NULL) couldn't wrapping around, could it .. ? Anyway, I'll let you know the results from the instrumented ssh-agent. Thanks! -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs