Sign windows-based SSH public key

Andrei Andriushin

5/26/24, 7:31 PM

Does anybody successfully configured OpenSSH on Windows with CA signed host certificates? OpenSSH doesn't use this signed certificate in my case.

I tried:

Sign generated by OpenSSH public certificate sing Hashicorp Vault.
Issue certificate key pair with the same ssh engine in Vault.

In a both ways OpenSSH on Windows writes error: sshd: error: Public key for PROGRAMDATA/ssh/ssh_host_ed25519_key does not match private key.

ssh-keyscan from another host shows that Windows host returns short key which is not signed and dinamically generated based on private key

1 + 2

windows

ssh

timsam

7/14/24, 2:01 PM

Hi seems you are not passing the pvt key, how are you trying to connect?

Andrei Andriushin

8/4/24, 9:38 AM

Hi! I don't need a private key to request public)

Score:0

Server

Andrei Andriushin

8/4/24, 9:43 AM

Signed public keys should be named with "cert" at the end. For example, ssh_host_ed25519_key-cert.pub. Unfortunately, it's not clearly described in openssh docs. You can find it in ssh-keysign manual: https://man.openbsd.org/ssh-keysign.8

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Sign windows-based SSH public key

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.