Differences
This shows you the differences between the selected revisions of the page.
| 2022-06-16 | 2023-02-13 | ||
| 5.21 stable released (martin) | 6.0 Bug 1873: Support for OpenSSH certificates + other updates from PuTTY docs (martin) | ||
| Line 60: | Line 60: | ||
| Use the command //Tools > Install Public Key into Server// to [[guide_public_key#configure_openssh|install a public key into OpenSSH server]]. You will be prompted to select key pair to install. You will need to authenticate to the server to install the key. You can authenticate using a password or using another key (select it in //Private key file// box). After installing succeeds, the new private key will be inserted into the //Private key file// box. | Use the command //Tools > Install Public Key into Server// to [[guide_public_key#configure_openssh|install a public key into OpenSSH server]]. You will be prompted to select key pair to install. You will need to authenticate to the server to install the key. You can authenticate using a password or using another key (select it in //Private key file// box). After installing succeeds, the new private key will be inserted into the //Private key file// box. | ||
| + | ==== [[certificate]] Certificate to use with the private key ==== | ||
| + | |||
| + | In some environments, user authentication keys can be signed in turn by a certifying authority (CA for short), and user accounts on an SSH server can be configured to automatically trust any key that's certified by the right signature. | ||
| + | |||
| + | This can be a convenient setup if you have a very large number of servers. When you change your key pair, you might otherwise have to [[guide_public_key#configure_openssh|edit the ''authorized_keys'' file]] (in case of OpenSSH) on every server individually, to make them all accept the new key. But if instead you configure all those servers once to accept keys signed as yours by a CA, then when you change your public key, all you have to do is to get the new key certified by the same CA as before, and then all your servers will automatically accept it without needing individual reconfiguration. | ||
| + | |||
| + | One way to use a certificate is to incorporate it into your private key file. You can [[ui_puttygen#certificate|do that using PuTTYgen]]. But another approach is to tell WinSCP itself where to find the public certificate file, and then it will automatically present that certificate when authenticating with the corresponding private key. | ||
| + | |||
| + | To do this, enter the pathname of the certificate file into the //Certificate to use with the private key// file selector. | ||
| + | |||
| + | When this setting is configured, WinSCP will honour it no matter whether the private key is found in a file, or loaded into Pageant.((&puttydoccite)) | ||
| ===== [[gssapi]] GSSAPI ===== | ===== [[gssapi]] GSSAPI ===== | ||