Opened 18 months ago

Last modified 18 months ago

#11617 new Feature request

Support for OpenSSH Certificate based authentication

Reported by: Daniel Migowski Owned by:
Priority: normal Component: FileZilla Client
Keywords: openssh certificate Cc:
Component version: Operating system type:
Operating system version:

Description

OpenSSH support client certificates signed by some CA (not X.509-Certificates, but their own simpler form). These certificates are great because they when created with a short validity time they can function as a temporay access token for servers. This makes handling a large number of servers and users on these servers very easy.

The certificates are described at http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.certkeys?rev=HEAD and should be easy to implement in the protocol, according to the putty devs (https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/ssh2-openssh-certkeys.html). I don't share their opinion that the ppk files need to be updated, but the gui should just add a field where the cert file can be added and together with a pkk file containing the key the client has all information it needs to connect to a server.

The absence of any free Windows SCP client supporting OpenSSH certificates is the only thing currently stopping me from rolling out this feature in our organization. We are willing to donate 500$ if someone finds the time to implement that.

Change History (2)

comment:1 Changed 18 months ago by Tim Kosse

I don't share their opinion that the ppk files need to be updated, but the gui should just add a field where the cert file can be added and together with a pkk file containing the key the client has all information it needs to connect to a server.

I share their opinion. It's a difficult feature to implement.

comment:2 Changed 18 months ago by Tim Kosse

We are willing to donate 500$ if someone finds the time to implement that.

It's not a donation if it expects something in return.

Note: See TracTickets for help on using tickets.