Does anybody successfully configured OpenSSH on Windows with CA signed host certificates? OpenSSH doesn't use this signed certificate in my case.
I tried:
- Sign generated by OpenSSH public certificate sing Hashicorp Vault.
- Issue certificate key pair with the same ssh engine in Vault.
In a both ways OpenSSH on Windows writes error: sshd: error: Public key for PROGRAMDATA/ssh/ssh_host_ed25519_key does not match private key.
ssh-keyscan from another host shows that Windows host returns short key which is not signed and dinamically generated based on private key
Signed public keys should be named with "cert" at the end. For example, ssh_host_ed25519_key-cert.pub. Unfortunately, it's not clearly described in openssh docs. You can find it in ssh-keysign manual: https://man.openbsd.org/ssh-keysign.8