Hello,to work with PuTTY.
I've been trying to understand how to use the new certificate-based authentication mechanism released in PuTTY 0.78. I'm familiar with the traditional workflow for OpenSSH certificate-based authentication, but following that procedure does not appear
In PuTTY, I have tried using a PPK file and an OpenSSH signed certificate associated with the private key (I originally generated a OpenSSH private key and imported it with PuTTYgen and created a PPK private key as well), but that does not appear towork. I get an error that PuTTY is 'Unable to use certificate file "..." (not a public key or a PuTTY SSH-2 private key)'.
I read the release docs and it seems like I need a PuTTY PPK key with a certificate attached, do I use PuTTYgen to create that?
I have tried using the "Add certificate to key" option in PuTTYgen, but I can't seem to pass a certificate file that the application accepts. I have tried both passing a OpenSSH certificate or passing a key file to sign the certificate.
I'm also a little curious how this new feature will integrate with existing certificate signing servers like Smallstep's and HashiCorp's Vault SSH security engine. I would assume if the OpenSSH-formatted certificate cannot be used, the certificatesigning servers would require changes to support the PuTTY certificate workflow.
Any help detailing the workflow to use the new feature would be greatly appreciated!
Thanks,
Colin
I have tried using the "Add certificate to key" option in PuTTYgen,
but I can't seem to pass a certificate file that the application
accepts. I have tried both passing a OpenSSH certificate or passing a
key file to sign the certificate.
Yes, this works if I use a certificate without the custom fields in the critical options.
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 307 |
Nodes: | 16 (2 / 14) |
Uptime: | 71:10:02 |
Calls: | 6,915 |
Files: | 12,380 |
Messages: | 5,432,121 |