Home
|
FAQ
|
Feedback
|
Licence
|
Updates
|
Mirrors
|
Keys
|
Links
|
Team
Download:
Stable
·
Pre-release
·
Snapshot
|
Docs
|
Privacy
|
Changes
|
Wishlist
OpenSSH has a system of certificates that it can use for authentication, under the following algorithm names:
ssh-rsa-cert-v01@openssh.com
ssh-dss-cert-v01@openssh.com
ecdsa-sha2-nistp256-cert-v01@openssh.com
ecdsa-sha2-nistp384-cert-v01@openssh.com
ecdsa-sha2-nistp521-cert-v01@openssh.com
They are described in this document.
PuTTY could usefully support using them for authentication. While the changes to the SSH protocol are trivial, the necessary modifications to the PuTTY private key file and to PuTTYgen might be a little more complicated, and host certificates would have to be integrated into PuTTY's host-key checking mechanisms.
Update, 2022-07: this is now more or less fully implemented
in the snapshots, having been under development for the past three
months or so, although it's not yet documented at all (notably, the
syntax for CA configuration expressions is so far only documented in
a source code comment in
utils/cert-expr.c
).
2022-08-07: now properly done, without a long list of things to clean up afterwards. Documentation done, in particular.
The sponsor and lead partner for this work was Teleport. (See also the development blog post for this feature.)