Open catfish4254 opened 1 month ago
NoMoreFood
commented
1 month ago This looks like a pretty heavy lift both in a development sense and a test environment. Do you know of any SSH client on Windows (paid or free) that is currently capable of doing this?
catfish4254
commented
1 month ago So I believe that Win32-OpenSSH supports socket forwarding. The p11-kit I have only seen that in Cygwin and Mingw which are Windows projects.
This article gives a great overview of how this is implemented by the user.
https://www.redhat.com/en/blog/smart-card-forwarding-fedora
Thank you for taking the time to respond.
Support for proxying access to smartcards. However, this requires presence of p11-kit and SSH socket forwarding support on the client side. Needed for PKINIT enforcement in-order for AD users to be issue PKINIT Kerberos TGT from a FreeIPA realm in a remote connection scenario. The ssh connection is initiated from PuttyCaC to a RHEL workstation.
p11-kit: https://www.redhat.com/en/blog/smart-card-forwarding-fedora
Windows builds of p11-kit are part of both Cygwin and MSYS2:
Cygwin: https://cygwin.com/cygwin/packages/summary/p11-kit-src.html
MSYS2: https://packages.msys2.org/base/p11-kit
Various SSH clients for Windows do support socket forwarding over SSH.
macOS versions of p11-kit are available from multiple sources (MacPorts, Homebrew, etc).