How to set the SSH user certificate duration

[jodygilbert]

I'm using an Azure OIDC provisioner to manage SSH certificates for users and I've noticed the certificates are valid for 16 hours.
I'd like to reduce this to 1 or 2 hours, but I cannot work out how. I tried setting the default SSH certificate duration and max SSH certificate duration on the provisioner, but the certificate duration is always 16 hours.

Not sure if that would be configured in step or Azure?

Any suggestions greatly appreciated

[tashian]

That's odd.
Changing the default and max user SSH cert duration should work.
Under the OIDC provisioner's claims property, the defaults are:

      "minHostSSHCertDuration": "5m",
      "maxHostSSHCertDuration": "1680h",
      "defaultHostSSHCertDuration": "720h",
      "minUserSSHCertDuration": "5m",
      "maxUserSSHCertDuration": "24h",
      "defaultUserSSHCertDuration": "16h",

Note that there can be a claims block on the authority, and on each individual provisioner, and the provisioner's claims block will override the authority's claims block.

If you're still having trouble, could you post a bit more detail on your current configuration?

[jodygilbert]

Sorry, I was being dim, I had set defaultHostSSHCertDuration and not defaultUserSSHCertDuration

It's working a treat now I've read the instructions properly!