Forum » Feature Requests »

Post a reply

Username

Subject

Message body

Font colour:

Font size:

Options

Disable BBCode in this post

Notify me when a reply is posted (registered users only)

Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

Filename

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

File Comment

Options

Private file (available to author and site moderators only)

Topic review

martin

2024-09-09

I have sent you an email regarding autodetection of Azure certificates.
Issue 2311 – Recognize matching Azure certificate files

martin

2024-09-05

Indeed, you are right, the /keygen does not detect the certificate automatically. Thanks for the correction.

davidmrlane

2024-09-02 11:48

Hi Martin,

After I had renamed the certificate to id_rsa-cert.pub, the /keygen on the cli didn't detect it automatically and still needed it as parameter. Thanks for your hints!

rm $env:USERPROFILE\az_ssh_config\all_ips -r; az ssh config --file $env:USERPROFILE\config --ip * --overwrite --yes -force; & "C:\Program Files (x86)\WinSCP\WinSCP.exe" /keygen $env:USERPROFILE\az_ssh_config\all_ips\id_rsa /certificate=$env:USERPROFILE\az_ssh_config\all_ips\id_rsa.pub-aadcert.pub /output=$env:USERPROFILE\az_ssh_config\all_ips\id_rsa.ppk

martin

2024-09-02

You can automate that:

az ssh config --file ./.ssh/config --ip *
ren id_rsa-aadcert.pub id_rsa-cert.pub
winscp.com /keygen id_rsa /output=id_rsa.ppk

Untested, but it should give you the idea.
See https://winscp.net/eng/docs/commandline#keygen
Maybe you can also use --certificate-file switch to specify the "correct" name of the certificate file on the az ssh config commandline to avoid the need to rename it:
https://learn.microsoft.com/en-us/cli/azure/ssh#az-ssh-config-optional-parameters

davidmrlane

2024-08-29 14:54

Hi Martin, thank you for your prompt reply, and yes that did work :)

When you use:

az ssh config --file ./.ssh/config --ip *

It downloads: id_rsa, id_rsa.pub, id_rsa.pub-aadcert.pub. These are only valid for 1 hour so everytime I want to use WinSCP I have to (rename aadcert.pub and) convert them to ppk.

Any chance of supporting OpenSSH format keys as well and reading the ssh config file?
Thanks,
David

martin

Re: Tunnel - Allow certificate with private key

2024-08-29

davidmrlane wrote:

and when WinSCP converts them from OpenSSH format to ppk that doesn't bundle in the accompanying certificate that is required.

It should. If the certificate is present in the same folder and follows the standard naming format with -cert.pub suffix:
https://winscp.net/eng/docs/ui_login_authentication#convert
Do you have a different experience?

davidmrlane

Tunnel – Allow certificate with private key

2024-08-29 10:07

Can the option for a certificate please be added to the Tunnel settings as there is on the Authentication page?

I am using Azure temporary SSH keys, and when WinSCP converts them from OpenSSH format to ppk that doesn't bundle in the accompanying certificate that is required.

Post a reply

Topic review

Re: Tunnel - Allow certificate with private key

Tunnel – Allow certificate with private key

Documentation

Support

Associations

Follow Us