Do ssh keys expire? -- was -- Re: Looking for a working example of sshd_config setup fille

[Robert Moskowitz]

SSH keys are "Raw Keys".  That is there is little meta data associated 
with them (e.g. your SSH key ID).  They exist by themselves.

These sorts of keys never "expire".  It is up to the owner as to when 
they decide to replace them.

SSH CAN be configured to use X.509 certificates as the storage object 
for your SSH key and key ID.  X.509 has MANDATORY validity dates and 
where the function of key expiring comes from.  to a large extent.

If you want to create an X.509 PKI for fun or whatever, see my Internet 
Draft:

https://datatracker.ietf.org/doc/draft-moskowitz-ec-pki/

Oh, and it is easy to move your SSH keys from one system to another.  
Just copy your ~/.ssh directory.

On 8/19/25 4:34 AM, David Fletcher wrote:
> On Sat, 2025-08-16 at 07:05 -0400, bruce wrote:
>> Hi,
>>
>> Setting up ssh, and wanted to view what others may have as a
>> working/secure sshd_config (ssh_config as well) files.
> I just want to ask a question because I've been watching this thread,
> mostly I just use ssh without really understanding it. I'm running
> ubuntu 20.04 server (yes I will upgrade some time) and desktops/laptops
> running Mint 22 and Debian 13. I've never had a problem connecting with
> my ssh keys either from inside my house or from another country. I just
> copy my key files into ~/.ssh and do chmod -R 700 ~/.ssh
>
> Might need to manually ssh into a newly set up system to get the
> known_hosts file updated before rsync will work between hosts but then
> it all "Just Works".
>
> Question - Will I at some time need to create new keys? My id_rsa and
> id_rsa.pub files are dated 2007-12-29.
>