Forum » Feature Requests »

Post a reply

Username

Subject

Message body

Font colour:

Font size:

Options

Disable BBCode in this post

Notify me when a reply is posted (registered users only)

Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

Filename

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

File Comment

Options

Private file (available to author and site moderators only)

Topic review

martin

2025-05-01

Ok, and does your plink example imply that it is possible with plink to use its -hostkey to specify a public key of the certificate? I do not even thing that plink has any -cert switch.

koka

2025-04-30 08:04

Are you trying to verify certified host key by passing public key of the certificate in /hostkey?

Yes

martin

Re: -rawsettings DetachedCertificate -hostkey and Load Authorities from PuTTY

2025-04-29

I'm bit confused. I do not use this much, but the DetachedCertificate is not related to the "Load Authorities from PuTTY", right? The first is about user authentication, while the later is about host authentication.

What are you trying to do? Are you trying to verify certified host key by passing public key of the certificate in /hostkey?

koka

2025-04-26 14:34

log files

koka

-rawsettings DetachedCertificate -hostkey and Load Authorities from PuTTY

2025-04-26 14:10

Connect using a certificate with:

winscp.exe sftp://_@127.0.0.1:2200/ /hostkey="ecdsa-sha2-nistp256-cert-v01@openssh.com 256 HGzeMguvVfTsMb+WfkqmjZNXaeVcBXCQqXyjKUBy9pA" /rawsettings DetachedCertificate="C:\Users\user_\.ssh\id_rsa-cert.pub"

is possible if the option Security > Load Authorities from PuTTY is enabled as SshHostCAsFromPuTTY=1 and the host certificate is specified in:

[HKEY_CURRENT_USER\SOFTWARE\SimonTatham\PuTTY\SshHostCAs\X]
"PublicKey"="AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFDm48o80E2Ah5JFxqRzYzRN5hJx2y1+Pkukace/j1n0aw+6CemCSz2o4T+n7CG9yyneWggyz59eser70VOLI3A="
"Validity"="*"

if you change SshHostCAsFromPuTTY=0
then you will not be able to connect. This is because

-hostkey="ecdsa-sha2-nistp256-cert-v01@openssh.com 256 HGzeMguvVfTsMb+WfkqmjZNXaeVcBXCQqXyjKUBy9pA"

changed SSHManualHostKeys
as

plink -v _@127.0.0.1:2200 -hostkey AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFDm48o80E2Ah5JFxqRzYzRN5hJx2y1+Pkukace/j1n0aw+6CemCSz2o4T+n7CG9yyneWggyz59eser70VOLI3A= -cert C:\Users\user_\.ssh\id_rsa-cert.pub

and that's right, if it's not a certificate, but if it's a certificate, then you need to change:

[...\SshHostCAs\X]
"PublicKey"="AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFDm48o80E2Ah5JFxqRzYzRN5hJx2y1+Pkukace/j1n0aw+6CemCSz2o4T+n7CG9yyneWggyz59eser70VOLI3A="
"Validity"="*"

to connect.
Where PublicKey and Validity from file ~/.ssh/X:

@cert-authority * ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFDm48o80E2Ah5JFxqRzYzRN5hJx2y1+Pkukace/j1n0aw+6CemCSz2o4T+n7CG9yyneWggyz59eser70VOLI3A=

Post a reply

Topic review

Re: -rawsettings DetachedCertificate -hostkey and Load Authorities from PuTTY

-rawsettings DetachedCertificate -hostkey and Load Authorities from PuTTY

Documentation

Support

Associations

Follow Us