Opened 5 years ago
Last modified 5 years ago
#11617 new Feature request
Support for OpenSSH Certificate based authentication
Reported by: | Daniel Migowski | Owned by: | |
---|---|---|---|
Priority: | normal | Component: | FileZilla Client |
Keywords: | openssh certificate | Cc: | |
Component version: | Operating system type: | ||
Operating system version: |
Description
OpenSSH support client certificates signed by some CA (not X.509-Certificates, but their own simpler form). These certificates are great because they when created with a short validity time they can function as a temporay access token for servers. This makes handling a large number of servers and users on these servers very easy.
The certificates are described at http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.certkeys?rev=HEAD and should be easy to implement in the protocol, according to the putty devs (https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/ssh2-openssh-certkeys.html). I don't share their opinion that the ppk files need to be updated, but the gui should just add a field where the cert file can be added and together with a pkk file containing the key the client has all information it needs to connect to a server.
The absence of any free Windows SCP client supporting OpenSSH certificates is the only thing currently stopping me from rolling out this feature in our organization. We are willing to donate 500$ if someone finds the time to implement that.
Change History (2)
comment:1 by , 5 years ago
comment:2 by , 5 years ago
We are willing to donate 500$ if someone finds the time to implement that.
It's not a donation if it expects something in return.
I share their opinion. It's a difficult feature to implement.