Support for signed SSH certificates – Windows 10 OpenSSH to Linux

“OpenSSH for Windows” version OpenSSH_for_Windows_8.0p1, LibreSSL 2.6.5 Client OperatingSystem Windows 10 Enterprise

Does OpenSSH for Windows support signed certs?

I feel like it does, as ssh-keygen picks up the certificate no problem. However, it doesn’t want to connect. The same steps seem to work fine from linux.

 Directory of C:\hi 11/04/2019  01:18 PM             2,013 GregDFO-cert.pub 04/16/2019  09:07 AM             1,854 GregDFO-private.key 04/16/2019  09:31 AM               389 GregDFO-public.key  C:\hi>ssh-keygen -Lf GregDFO-cert.pub GregDFO-cert.pub:         Type: ssh-rsa-cert-v01@openssh.com user certificate         Public key: RSA-CERT SHA256:Ccox9NCf/HBjzFxRE76XsnTT9k0vbmRB4/j5qX95WkQ         Signing CA: RSA SHA256:3axo+wPqiszHOTKy94Tk2gj4S6Rb6uGWKcB4s059bvg (using ssh-rsa)         Key ID: "root"         Serial: 17890926214909873034         Valid: from 2019-11-01T08:52:18 to 2019-11-13T19:52:48         Principals:                 cormierg         Critical Options: (none)         Extensions:                 permit-pty 

However, when trying to use it, ssh spits out invalid format

C:\hi>ssh -i GregDFO-private.key -i GregDFO-cert.pub cormiergr@1.2.3.4  Enter passphrase for key 'GregDFO-private.key': ***** Load key "GregDFO-cert.pub": invalid format 

A few extra verbose tidbits:

Enter passphrase for key 'GregDFO-private.key': debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Offering public key: GregDFO-cert.pub RSA-CERT  SHA256:Ccox9NCf/HBjzFxRE76XsnTT9k0vbmRB4/j5qX95WkQ explicit debug2: we sent a publickey packet, wait for reply debug1: Server accepts key: GregDFO-cert.pub RSA-CERT  SHA256:Ccox9NCf/HBjzFxRE76XsnTT9k0vbmRB4/j5qX95WkQ explicit debug1: sign_and_send_pubkey: no separate private key for certificate "GregDFO-cert.pub" Load key "GregDFO-cert.pub": invalid format debug2: we did not send a packet, disable method debug1: Next authentication method: keyboard-interactive