Creating SSH Certificates for SFTP using a CA

ssh certificate certificate-authority

I'm a bit confused regarding the order of things to make this happen.

This is what I had in mind:

1 - Generate CA public and private key.

2 - Use CA Public Key with SFTP server (TrustedUserCAKeys).

3 - Generate a user private + public key.

4 - Sign user private key using CA.

5 - Connect to the SFTP server using the private key, username and winscp.

Should this work?


Solution 1:

CAs sign the public key (producing a certificate). They never see the signee's private key.

Besides that, the workflow seems correct, except for the WinSCP part.

The certificates used by TrustedUserCAKeys are a format invented by OpenSSH. Currently no other software supports this kind of certificate authentication – here's the PuTTY wishlist entry for them. Because WinSCP uses PuTTY as its SSH core, it does not have OpenSSH certificate support, and won't have it until PuTTY does.

Related

How can I run OSX under Windows?
System Image restore crashes consistently while trying to access external media
Why was my system able to sleep without power?
tmux printing u'0x001b' and "]112" randomly
Are all functions that have a primitive differentiable?
Show that there isn't $A \in M_2(\mathbb R)$ such that $A^{2004}=\begin{pmatrix} -1 &0 \\ 0&-2 \end{pmatrix}$?
Rational Roots of Riemann's $\zeta$ Function
Matrices with $A^3+B^3=C^3$
Point of discontinuity
What is $(26+15(3)^{1/2})^{1/3}+(26-15(3)^{1/2})^{1/3}$?
How can you find the cubed roots of $i$?
Is there an analytic function satisfying $\,\,f\big(\!\frac 1 n\!\big)=\frac 1 {\sqrt{n}}$ for all $n\in\mathbb N$?