PuTTY wish ssh2-openssh-certkeys

This is a mirror. Follow this link to find the primary PuTTY web site.

summary: Support for OpenSSH certificates
class: wish: This is a request for an enhancement.
difficulty: tricky: Needs many tuits.
priority: medium: This should be fixed one day.

OpenSSH has a system of certificates that it can use for authentication, under the following algorithm names:

ssh-rsa-cert-v01@openssh.com
ssh-dss-cert-v01@openssh.com
ecdsa-sha2-nistp256-cert-v01@openssh.com
ecdsa-sha2-nistp384-cert-v01@openssh.com
ecdsa-sha2-nistp521-cert-v01@openssh.com

They are described in this document.

PuTTY could usefully support using them for authentication. While the changes to the SSH protocol are trivial, the necessary modifications to the PuTTY private key file and to PuTTYgen might be a little more complicated, and host certificates would have to be integrated into PuTTY's host-key checking mechanisms.

If you want to comment on this web site, see the Feedback page.

Audit trail for this wish.

(last revision of this bug record was at 2016-04-22 00:28:48 +0100)