How to Certificate Authorities for SSH key Authentication and implement in PuTTY?
It is necessary to confirm the validity and identity of the SSH key in order to ensure the secure remote connection. Rather than depending on totally locally and unverified keys, the standard industries uses the certificate authorities to cryptographically sign keys, linking server and user identity and to related with public key. PuTTY works with the public key by enabling imported SSH certificates instead of simple key pairs.
The authority of the generated certified keys is reliably confirmed before enabling connections by implementing a private CA or using public provider to issue signed keys. Implementing CA for SSH key is good feature for increased security over signed key or even in simple connection.
Why you should use certificate authorities for SSH authentication?
Certificate authorities bring an additional layer of SSH key authentication. Instead of keeping private key, CA’s issue the user certificate, associate user with public key. This integrated solution simplifies key distribution, renewal and improving the overall security.
Use PuTTY to implement CA for SSH
The process is beginning by generate the key pairs using and X.509 certificate and convert the private key to PuTTY ppk format by using PuTTYgen. By this it makes easier to use certificate with PuTTY allow to take benefit of security of CA authentication.
Generate a key pair:
Create the SSH key pairs (private and public key) using an X.509 certificate. You can use OpenSSL and other tools to generate key pairs.
Convert private key to ppk format:
The OpenSSL generate private key in format of .pem file and putty does not support it. So, it can be convert to .ppk format. For this
Download PuTTYgen from official website.
Click on ‘conversion’ in the menu.
Select the private key and click on open.
After this save the key in ppk format click on ‘save private key’.
Configure the connection with PuTTY:
Open the PuTTY configuration window, enter the IP address and hostname of the remote server you want to connect.
On the left panel, navigate to connection>SSH>Auth. Double Click on Auth section, then ‘Credentials’ option appears. Then browse the save private key in ppk format and open it.
After this open the connection category and set the name of configuration in the saved session section. Click on open
Connect to SSH server by using the PuTTY and it used the convert private key for authentication.
Update the SSH configuration:
On the server side, make sure that SSH server is set up to update the accept key based authentication. The public is added to the authorized key file in user.ssh directory.
Certificate authorities provide verified identity of SSH key. Validate key pairs cryptographically join user and device to associated public key before permitting SSH connection.