PuTTY – How to Trust CA-Signed Host Keys

certificate-authorityputtyssh

I have something like this in ~/.ssh/known_hosts on my Linux machine:

@cert-authority * ssh-rsa pubkeypubkeypubkey

And any server with a signed host key is automatically trusted by the OpenSSH client.

I regularly use PuTTY on my Windows PC. How do I achieve something similar?

Best Answer

CA certificate authentication as implemented by OpenSSH is not supported by PuTTY (yet).

No evidence of such a feature is found in the current ChangeLog and as a feature request it is also still listed as open on the PuTTY WishList

Related Solutions

How to Remove Strict RSA Key Checking in SSH and Understand the Issues

Please don't delete the entire known_hosts file as recommended by some people, this totally voids the point of the warning. It's a security feature to warn you that a man in the middle attack may have happened.

I suggest you identify why it thinks something has changed, most likely an SSH upgrade altered the encryption keys due to a possible security hole. You can then purge that specific line from your known_hosts file:

sed -i 377d ~/.ssh/known_hosts

This deletes line 377 as shown after the colon in the warning:

/home/emerson/.ssh/known_hosts:377

Alternatively you can remove the relevant key by doing the following

ssh-keygen -R 127.0.0.1 (obviously replace with the server's IP)

Please DO NOT purge the entire file and ensure this is actually the machine you want to be connecting to prior to purging the specific key.

Ssh – PuTTY automatically supply password

You will do:

putty user@host -pw password

Notice that using public-key authentication is safer and preferred.

Best Answer

Related Solutions

How to Remove Strict RSA Key Checking in SSH and Understand the Issues

Ssh – PuTTY automatically supply password

Related Topic