Start a new topic
Implemented

OpenSSH SSH certificate

Hi Royal Apps,


Would it be possible to support OpenSSH certificate as an authentication method to login?


In the latest PuTTY version 0.78, there is support for this method (see screenshot).


One of the major security benefits of using signed cert is its validity period.


Thanks.





Hi,


as far as I know, OpenSSH certificates is currently only supported by PuTTY. The integration on MacOS is based on iTerm2 and from what I see, there's no support for that. I also got feedback from Rebex that they don't have plans to implement OpenSSH certificates in their products. Here's what Rebex wrote about the OpenSSH certificate situation:

We [Rebex] support public key authentication, and we also support X.509 certificate authentication. What we don’t support are the so-called “OpenSSH certificates”, which we believe is a horrible idea that should never have materialized. Basically, instead of implementing RFC 6187 and adding support for the ubiquitous X.509 certificates, OpenSSH developers instead decided to create their own proprietary certificate format called “OpenSSH certificates”, which are incompatible with the existing X.509 certificate infrastructure. We have no plans to add support for these, and we really prefer if they got deprecated in favor of X.509 certificates as soon as possible. X.509 certificates work fine, and OpenSSH’s proprietary alternative doesn’t really offer any benefits – it just makes life harder for everyone due to the need to maintain two kinds of certificate infrastructure.


Regards,
Stefan

Hi,

How is this feature for Royal TSX V6?

Now that the version 7 is available how we can configure a tunnel to use an SSH certificate?

supporting OpenSSH certificates as an authentication method is possible and provides several security benefits. PuTTY version 0.78 and later supports this feature.

Login or Signup to post a comment