Using a certificate with SSH / SCP
When using a certificate for strong authentication with openSSH or WinSCP for example, you must extract the public key to put it in the file ~/.ssh/authorized_keys from the server.
The following commands are done using the OpenSSL and OpenSSH tools. On a Linux platform, these tools are generally pre-installed. On Windows, they must be installed manually. Here are the links for:
- Extract the certificate in PFX / P12 format
Once you have retrieved your Sign & Login certificate, it is installed in the certificate store of your browser. You can extract it in PFX / P12 format. The method differs depending on the browser:
- Convert PFX / P12 file to PEM format With Openssl, type the following command
- Extract the private key of your certificate in PFX/P12 format
- Extract the public key from the certificate in PEM format and add it to the file containing the private key
- Use of ssh-keygen to create the fingerprint to copy on the access server in the file~/.ssh/authorizedkeys
- Connection test Now you can test the connection to the server with strong authentication.
- Optional: addition of the mysshkey.pem file in the client configuration If desired, you can add the following lines to your SSH client configuration file. This is usually found at the place ~/.ssh/config
# openssl pkcs12 -in mycertificate.p12 -out mycertificate.pem -nodes
# openssl pkcs12 -in mycertificate.p12 -out mysshkey.pem -nodes -nocerts
# openssl x509 -in mycertificate.pem -pubkey -noout >> mysshkey.pem
# ssh-keygen -i -m PKCS8 -f mysshkey.pem
The line obtained must be copied to the server, in the file ~/.ssh/authorizedkeys
# ssh -i mysshkey.pem user@SERVER_NAME
Host SERVER_NAME IdentityFile path/to/mysshkey.pem
Once this is done, you just have to type this to access the server:
# ssh user@SERVER_NAME
Last edited on 05/22/2020 13:44:37 --- [search]