I have sent you an email regarding autodetection of Azure certificates.
Issue 2311 – Recognize matching Azure certificate files
Issue 2311 – Recognize matching Azure certificate files
- martin
Post a reply
Topic review
- martin
Indeed, you are right, the
/keygen does not detect the certificate automatically. Thanks for the correction.
- davidmrlane
Hi Martin,
After I had renamed the certificate to
After I had renamed the certificate to
id_rsa-cert.pub, the /keygen on the cli didn't detect it automatically and still needed it as parameter. Thanks for your hints!
rm $env:USERPROFILE\az_ssh_config\all_ips -r; az ssh config --file $env:USERPROFILE\config --ip * --overwrite --yes -force; & "C:\Program Files (x86)\WinSCP\WinSCP.exe" /keygen $env:USERPROFILE\az_ssh_config\all_ips\id_rsa /certificate=$env:USERPROFILE\az_ssh_config\all_ips\id_rsa.pub-aadcert.pub /output=$env:USERPROFILE\az_ssh_config\all_ips\id_rsa.ppk
- martin
You can automate that:
Untested, but it should give you the idea.
See https://winscp.net/eng/docs/commandline#keygen
Maybe you can also use
https://learn.microsoft.com/en-us/cli/azure/ssh#az-ssh-config-optional-parameters
az ssh config --file ./.ssh/config --ip *
ren id_rsa-aadcert.pub id_rsa-cert.pub
winscp.com /keygen id_rsa /output=id_rsa.ppk
Untested, but it should give you the idea.
See https://winscp.net/eng/docs/commandline#keygen
Maybe you can also use
--certificate-file switch to specify the "correct" name of the certificate file on the az ssh config commandline to avoid the need to rename it:
https://learn.microsoft.com/en-us/cli/azure/ssh#az-ssh-config-optional-parameters
- davidmrlane
Hi Martin, thank you for your prompt reply, and yes that did work :)
When you use:
It downloads:
Any chance of supporting OpenSSH format keys as well and reading the ssh config file?
Thanks,
David
When you use:
az ssh config --file ./.ssh/config --ip *
It downloads:
id_rsa, id_rsa.pub, id_rsa.pub-aadcert.pub. These are only valid for 1 hour so everytime I want to use WinSCP I have to (rename aadcert.pub and) convert them to ppk.
Any chance of supporting OpenSSH format keys as well and reading the ssh config file?
Thanks,
David
- martin
Re: Tunnel - Allow certificate with private key
and when WinSCP converts them from OpenSSH format to ppk that doesn't bundle in the accompanying certificate that is required.
It should. If the certificate is present in the same folder and follows the standard naming format with
-cert.pub suffix:
https://winscp.net/eng/docs/ui_login_authentication#convert
Do you have a different experience?
- davidmrlane
Tunnel – Allow certificate with private key
Can the option for a certificate please be added to the Tunnel settings as there is on the Authentication page?
I am using Azure temporary SSH keys, and when WinSCP converts them from OpenSSH format to ppk that doesn't bundle in the accompanying certificate that is required.
I am using Azure temporary SSH keys, and when WinSCP converts them from OpenSSH format to ppk that doesn't bundle in the accompanying certificate that is required.