-
Notifications
You must be signed in to change notification settings - Fork 671
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature Request: support certificate authentication. #551
Comments
AFAIK it should already work as such private keys are designed to be supported. Does it not work when you just supply the |
It does not work. In OpenSSH I have to have both the When I try to only use the private key with SSH2 it returns an error at client-authentication with this error message: |
Ok and just to clarify what |
Was looking for this, too. Here's a pretty good description of what they are and the |
Any update on this one? Instead of generating a new public key in client.js, I tried sending the 'id_rsa-cert.pub'. From what I could understand, this seems to be passing the authentication (
|
I couldn't figure out how to make this work either... I tried passing in the private key as the
|
The CA signed key type is not supported it looks like? Tried adding
|
As of Version 6.2.0, @baelter's statement rings true, and force-swapping the |
see #808 |
Above PR doesn't really solve connecting to SSH2 hosts that can only authenticate through Example debug output when using above PR branch:
|
My PR is for certificates for client authentication. It's not for server / machine authentication like your log appears to require. |
Would love to use this feature too. |
What needs to be done here to take this across the finish line? Seems it has been kicked down the road for 5-ish years. |
any proposals in this case? at least an implementation approach? thanks |
Any news or at least implementation plans in this issue after a next year? :-) |
bruh this is a 7-year-old issue, any work around for it? |
In OpenSSH one can use a CA-signed key and certificate pair to sign-in to an SSH server with CA authentication turned on. The server sets a public certificate as the "trusted ca" and the client then uses a private key signed by that certificate to connect to the server.
The private key is just like an id_rsa file
You also need the signing public certificate file.
In OpenSSH this is passed using a convention:
Example:
id_rsa
<- the name of the signed private key.id_rsa-cert.pub
<- the public certificate used to sign the private key.you would then connect to your server with this command:
ssh -i id_rsa [email protected]
I would like to see SSH2 support this authentication mechanism.
My suggestion for interface would be to add a "certKey" option to the connection options where we can include the certificate.
The text was updated successfully, but these errors were encountered: