It is assumed that OpenSSH is used on server side. At present, OpenSSH is the most widely deployed free SSH solution.
OpenSSH supports smart cards and certificates since version 5.5 (2010). The current version is 6.9. Main Linux distributions include the OpenSSH:
- Debian 7 : version 6.0
- Debian 8 : version 6.7
- Ubuntu 14.04 : version 6.6
- CentoS 7 : version 6.6
- Red Hat Enterprize Linux 7 : version 6.6
PuTTY is well known and one of the best SSH clients for Windows. The original PuTTY cannot access smart cards, but there are numerous PuTTY modifications which provide support for smart cards.
This document is based on puttywincrypt - modified PuTTY SSH client.
Follow the steps below to configure certificate-based SSH connection.
Download BOTH PuTTY and Pageant from puttywincrypt. You may replace the original files in an existing PuTTY installation or use them separately.
Prior to using modified apps, stop the original PuTTY or Pageant if they are running
Right-click on the Pageant icon in the system tray and choose "Add certificate"
After the dialog listing all your certificate appears, choose any certificate from your WWPass Key and press OK.
Right-click on Pageant icon in the system tray and choose "View keys". You will see a dialog with the key for the certificate chosen at previous step.
Double-click this key. It copies the public key to the clipboard. Close the dialog. The clipboard will contain a line with the following format:
ssh-rsa AAAAB3NzaC1yc2EAAAAdfg.....jdYYnM5V/ cert://cn=your_name_here, thumbprint=e745a7b6......
Paste the key from the clipboard to target server's ~/.ssh/authorized_keys.
Note: this key ends with
Start PuTTY. Open Connection > SSH > Auth and enter the
cert://cn=your_name_here,thumbprint=NNNNinto the "Private key file for authentication" text box.
Roll up left pane and select "Session" item
Save this connection configuration
Press Open button to establish an SSH connection