tpm.msc
# I've elected to allow a simple 4-digit numeric pin. Access to the TPM hardware is sufficient multi-factor for me.
tpmvscmgr create /name "{KEY NAME}" /pin prompt /adminkey random /generate /pinpolicy minlen 4 uppercase allowed lowercase allowed specialchars allowed
[NewRequest]
Subject = "CN={RECOGNIZABLE SUBJECT NAME}"
Keylength = 2048
Exportable = FALSE
UserProtected = TRUE
MachineKeySet = FALSE
ProviderName = "Microsoft Base Smart Card Crypto Provider"
ProviderType = 1
RequestType = CERT
KeyUsage = 0x80
certreq -new -f request.inf
https://github.com/NoMoreFood/putty-cac/releases
putty.exe -> Connection -> SSH -> Certificate
See Image Below
Save as default configuration
Within putty certificate configuration screen, copy the SSH Key to the clipboard
Drop it into ~/.ssh/authorized_keys on machines
Enable Autoload Certs
and Cert Auth Prompting
putty.exe -> Connection -> SSH -> Auth -> Allow agent forwarding
Save as default configuration
C:\Program Files\PuTTY\pageant.exe
-> Send to Desktop (create shortcut)
Start -> Run -> shell:startup
Move the shortcut to the Startup
folder just opened