Set expiry date for ssh public keys

linux
security
openssh

#1

We did compliance activity and they given suggestion to regenerate pub key every 90 days and deploy on servers to authenticate. problem is every 90days i have to tell user to generate ssh key and send to me public key.
Is it possible to set ssh public key expiration for 90 Days in authorized_keys file , without touching anything on the Server? I am using Redhat 7.4.


#2

You need to setup certificate authority and you can specify key to expire. You need to modify sshd server config to accept such certificate and more. This is discussed in a book called SSH mastery (https://www.cyberciti.biz/reviews/book-review-ssh-mastery/). I strongly suggest that you get that book and read it. Also read this page https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/sec-using_openssh_certificate_authentication