NoMoreFood
commented
1 year ago Not currently. And I can't think of any way to do this easily currently based on how PuTTY is designed. When FIDO/CAPI/PKCS are specificized, the token/certificate reference is internally passed around instead of the private key file reference. It might be possible by storing / caching the contains of id_ed25519_sk inside of the registry somehow like how we are caching the FIDO keys, but that would have to be investigated.
pakud
First: thank you for developing and maintaining this fork!
Let's say I'm creating a key-pair, using Microsoft's build of OpenSSH from https://github.com/PowerShell/Win32-OpenSSH/releases:
ssh-keygen -t ed25519-sk -O application=ssh:testI do it with Yubikey 5 NFC plugged in and provide a pass-phrase protecting content saved in .ssh/id_ed25519_sk
When using OpenSSH for Windows - I can use ssh-agent to avoid entering the passphrase with each login, so to authenticate subsequent ssh connections - I just have to touch the token to confirm my presence.
Can I convert such a private key to putty's format and use it with with putty-cac and pageant coming with it?
For the record - there's a workaround where ssh-agent from OpenSSH project can be used in combination with https://github.com/ndbeals/winssh-pageant/, then mainline putty, filezilla, winscp etc can be used together with non-resident pass-phrase protected FIDO2 key.
Thanks in advance for the answer!