“OpenSSH for Windows” version OpenSSH_for_Windows_8.0p1, LibreSSL 2.6.5 Client OperatingSystem Windows 10 Enterprise
Does OpenSSH for Windows support signed certs?
I feel like it does, as ssh-keygen picks up the certificate no problem. However, it doesn’t want to connect. The same steps seem to work fine from linux.
Directory of C:\hi 11/04/2019 01:18 PM 2,013 GregDFO-cert.pub 04/16/2019 09:07 AM 1,854 GregDFO-private.key 04/16/2019 09:31 AM 389 GregDFO-public.key C:\hi>ssh-keygen -Lf GregDFO-cert.pub GregDFO-cert.pub: Type: firstname.lastname@example.org user certificate Public key: RSA-CERT SHA256:Ccox9NCf/HBjzFxRE76XsnTT9k0vbmRB4/j5qX95WkQ Signing CA: RSA SHA256:3axo+wPqiszHOTKy94Tk2gj4S6Rb6uGWKcB4s059bvg (using ssh-rsa) Key ID: "root" Serial: 17890926214909873034 Valid: from 2019-11-01T08:52:18 to 2019-11-13T19:52:48 Principals: cormierg Critical Options: (none) Extensions: permit-pty
However, when trying to use it, ssh spits out invalid format
C:\hi>ssh -i GregDFO-private.key -i GregDFO-cert.pub email@example.com Enter passphrase for key 'GregDFO-private.key': ***** Load key "GregDFO-cert.pub": invalid format
A few extra verbose tidbits:
Enter passphrase for key 'GregDFO-private.key': debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Offering public key: GregDFO-cert.pub RSA-CERT SHA256:Ccox9NCf/HBjzFxRE76XsnTT9k0vbmRB4/j5qX95WkQ explicit debug2: we sent a publickey packet, wait for reply debug1: Server accepts key: GregDFO-cert.pub RSA-CERT SHA256:Ccox9NCf/HBjzFxRE76XsnTT9k0vbmRB4/j5qX95WkQ explicit debug1: sign_and_send_pubkey: no separate private key for certificate "GregDFO-cert.pub" Load key "GregDFO-cert.pub": invalid format debug2: we did not send a packet, disable method debug1: Next authentication method: keyboard-interactive