Certificate Authentication
Manoj Ampalam edited this page May 31, 2018
·
3 revisions
Manuals
Installation
- MSI Install Instructions
- Script Install Instructions
- Alternative installation using the universal installer
- Retrieving download links for the latest packages
Usage
- SSH Usage Examples
- SFTP Usage Examples
- Using Certificate Authentication
- Fix SSH file permissions
- Info on SSH remote sessions on Windows
- TTY PTY support
- Troubleshooting
Project
Developing and Contributing to Win32-OpenSSH
Clone this wiki locally
Setup SSHD server for certificate based user authentication
- Generate CA keys (just like any other keys)
ssh-keygen -t rsa -f ca_userkeys
- Register above key as trusted CA for sshd. Add following entry in sshd_config
TrustedUserCAKeys ca_userkeys.pub- Path above is relative to sshd binaries directory. Absolute path is recommended to avoid confusion
- Prior to v7.7.0.0, check out #1055 for considerations while working with domain accounts.
At this point, server can accept any user certificates signed using ca_userkeys and there is no need to explicitly map user keys in authorized_keys
Signing user keys
- sign user keys using ssh-keygen
ssh-keygen.exe -s ca_userkeys -I cert_identity -V -1w:+54w5d -n username id_rsa.pub-
usernameshould match the user to be authenticated