putty-cac icon indicating copy to clipboard operation
putty-cac copied to clipboard
verified publisher icon NoMoreFood

Support for forwarding certificates

Open sprig opened this issue 1 year ago • 1 comments

Hello,

Thanks for putty-cac!

Currently (regular) pageant (0.8.1) supports (openssh) ssh certificates in pageant, including forwarding (ssh -A). However, user confirmation for key/cert usage is not supported - this is why I use putty-cac. With putty-cac's pageant I find that certificates work as well and I welcome the confirmation dialog for each new connection attempt. However, the forwarded agent is unable to use the certificates and presents only keys.

Since certificate forwarding works in regular pageant, would it be possible to backport this functionality to putty-cac?

Thanks!

sprig avatar Aug 28 '24 18:08 sprig

Can you clarify your environment and actions takes to reproduce this issue? If the option in PuTTY is selected to allow agent forwarding under the 'Auth' tab, then any certificates loaded into Pageant will be used in forwarding operations.

For example, this works perfectly for me:

  1. Launch Pageant
  2. Load the certificate
  3. Launch PuTTY
  4. Add the username@hostkey, preferred certificate, and allow agent forwarding
  5. Connect to the destination
  6. Run ssh username@hostkey again from the destination system

Does that not work for you?

NoMoreFood avatar Aug 28 '24 22:08 NoMoreFood

Everything as you stated except I was using windows' OpenSSH. This exact procedure used to not work for me - however, I just rechecked and it worked - sorry for the noise.

sprig avatar Aug 29 '24 08:08 sprig