Mailing List Archive

On Mon, Jun 07, 2010 at 17:04:09 -0500, Dani, Naitik wrote:
> Hello,
>
> I would like to know whether OpenSSH supports x509 certificate based
> authentication.

No, although Roumen Petrov maintains a patch that adds such support.

> It looks like OpenSSH has dependency on OpenSSL so does this mean that
> OpeSSH also supports x509 certificate based authentication.

No, OpenSSH just uses the low-level cryptographic algorithms from
OpenSSL.

>
> If it does support, can you please point me to the necessary
> documentation.
>

The developers have maintained a stance that the complexity of X.509
certificates introduces an unacceptable attack surface for sshd.
Instead, they have recently implemented an alternative certificate
format which is much simpler to parse and thus introduces less risk. See
the various man pages in OpenSSH 5.5 for more information.

--
Iain Morgan
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

Thanks for your responses. They really helped me in understanding.

Following are the steps I did to install a self-signed certificate:
1) client: ssh-keygen -f ca_rsa
2) ssh-keygen -s ca_rsa -I 0 -n USER1 ca_rsa.pub
3) Copied the ca_rsa-cert.pub to ~/.ssh/authorized_keys file on the
servers.
4) ssh USER1 [at] server

Did I miss anything in the above steps?

Qestions:
1) How does CA-signed certificate work in SSH?
2) Does Verisgin and other companies issue such kind of certificates?
3) What kind of input do such companies require in order to generate a
CA-signed certificate.
For example, SSL generates CSR and that CSR is sent out to these
companies to generate CA-signed certificate.
3) What are the different options I need to use to make step 1 working?

Thanks in advance.

Naitik Dani
MTS
GX Infrastructure HQ

NetApp
724-741-5153 Direct
Naitik.Dani@netapp.com
www.netapp.com





> -----Original Message-----
> From: Iain Morgan [mailto:imorgan@nas.nasa.gov]
> Sent: Monday, June 07, 2010 19:23
> To: Dani, Naitik
> Cc: openssh-unix-dev@mindrot.org
> Subject: Re: X509 based certificate authentication in OpenSSH
>
> On Mon, Jun 07, 2010 at 17:04:09 -0500, Dani, Naitik wrote:
> > Hello,
> >
> > I would like to know whether OpenSSH supports x509 certificate based
> > authentication.
>
> No, although Roumen Petrov maintains a patch that adds such support.
>
> > It looks like OpenSSH has dependency on OpenSSL so does
> this mean that
> > OpeSSH also supports x509 certificate based authentication.
>
> No, OpenSSH just uses the low-level cryptographic algorithms from
> OpenSSL.
>
> >
> > If it does support, can you please point me to the necessary
> > documentation.
> >
>
> The developers have maintained a stance that the complexity of X.509
> certificates introduces an unacceptable attack surface for sshd.
> Instead, they have recently implemented an alternative certificate
> format which is much simpler to parse and thus introduces
> less risk. See
> the various man pages in OpenSSH 5.5 for more information.
>
> --
> Iain Morgan
>
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

I did the following steps to create a certficate, but it does not work:


1) Client: ssh-keygen -f ca_key
2) Client: ssh-keygen -f user_key
3) Client: ssh-keygen -s ca_key -I 2 -n USER user_key.pub
4) Server: cp ca_key.pub ~/.ssh/authorized_keys
5) I tagged the entry in authorized_keys as follows with
cert-authority, is this correct:
cert-authority ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQDscbUTgHMo+bryVqKHbItgd1THR4fVvjRdrDd3ZoEo
oPA8iz/AR9umzn19rAeuRIKRYUnRsslaAVnAji6Hl1To51xoKQuV63cykCM+smxqsEIO8ThG
eF/oH/HfAnpdDfZ7Lkh2n6n4ixwEygjQ0M9gnAZkyKBoq08rGp3vCZUFRCOTH3Xpdsy8kIqF
xNdYyGNyLr3RpneSGJ9V99n4UmeUkm0ofVI0BaL0aCe4t1WTHQoeAXJ USER@server1
5) Client: ssh USER@server --> it failed

What should I do with user_key-cert.pub file which gets created in step
3? Where should I copy this file?
Do I need to copy user_key/user_key.pub in ~/.ssh/ directory as
id_rsa/id_rsa.pub on the server side?

Thanks in advance.

Naitik Dani
MTS
GX Infrastructure HQ

NetApp
724-741-5153 Direct
Naitik.Dani@netapp.com
www.netapp.com





> -----Original Message-----
> From: Iain Morgan [mailto:imorgan@nas.nasa.gov]
> Sent: Monday, June 07, 2010 19:23
> To: Dani, Naitik
> Cc: openssh-unix-dev@mindrot.org
> Subject: Re: X509 based certificate authentication in OpenSSH
>
> On Mon, Jun 07, 2010 at 17:04:09 -0500, Dani, Naitik wrote:
> > Hello,
> >
> > I would like to know whether OpenSSH supports x509 certificate based
> > authentication.
>
> No, although Roumen Petrov maintains a patch that adds such support.
>
> > It looks like OpenSSH has dependency on OpenSSL so does
> this mean that
> > OpeSSH also supports x509 certificate based authentication.
>
> No, OpenSSH just uses the low-level cryptographic algorithms from
> OpenSSL.
>
> >
> > If it does support, can you please point me to the necessary
> > documentation.
> >
>
> The developers have maintained a stance that the complexity of X.509
> certificates introduces an unacceptable attack surface for sshd.
> Instead, they have recently implemented an alternative certificate
> format which is much simpler to parse and thus introduces
> less risk. See
> the various man pages in OpenSSH 5.5 for more information.
>
> --
> Iain Morgan
>
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

Hi Naitik,

One thing I neglected to point out in my earlier off-list response to
you is that your use of the -n option may create a complication.
Specifically, using '-n USER' will restrict the certificate to only
being able to authenticate to a USEr account.

When sshd encounters a certificate that has a non-empty list of
principals (as specified by the -n option to ssh-keygen), it will
compare the username of the account being logged into against this list.
If the name of the remote account is not in the list of principals, the
certificate will be rejected.

Other than that caveat, what you have described looks correct.

You don't need to do anything with the -cert.pub file that was created.
Simply keep it in the same directory as the associated private key. In
particular, there is no need to copy it to remote hosts. You would only
need to copy the public key, user_key.pub, to servers that do not
support the certificate format, i.e. any older than OpenSSH 5.4 or any
server using something other than OpenSSH. And you should _never_ copy
the private key to a remote host.

Simply keep the private key, public key and certificate (user_key,
user_key.pub, and user_key-cert.pub respectively) in Your ~/.ssh
directory on the client system. Note that since you chose to use a
non-default name for the key (and thus the cert) you will need to
explicitly tell ssh to load the key/cert either with the -i command-line
option or the IdentityFile option in ~/.ssh/config.

On Wed, Jun 09, 2010 at 10:14:41 -0500, Dani, Naitik wrote:
> I did the following steps to create a certficate, but it does not work:
>
>
> 1) Client: ssh-keygen -f ca_key
> 2) Client: ssh-keygen -f user_key
> 3) Client: ssh-keygen -s ca_key -I 2 -n USER user_key.pub
> 4) Server: cp ca_key.pub ~/.ssh/authorized_keys
> 5) I tagged the entry in authorized_keys as follows with
> cert-authority, is this correct:
> cert-authority ssh-rsa
> AAAAB3NzaC1yc2EAAAADAQABAAABAQDscbUTgHMo+bryVqKHbItgd1THR4fVvjRdrDd3ZoEo
> oPA8iz/AR9umzn19rAeuRIKRYUnRsslaAVnAji6Hl1To51xoKQuV63cykCM+smxqsEIO8ThG
> eF/oH/HfAnpdDfZ7Lkh2n6n4ixwEygjQ0M9gnAZkyKBoq08rGp3vCZUFRCOTH3Xpdsy8kIqF
> xNdYyGNyLr3RpneSGJ9V99n4UmeUkm0ofVI0BaL0aCe4t1WTHQoeAXJ USER@server1
> 5) Client: ssh USER@server --> it failed
>
> What should I do with user_key-cert.pub file which gets created in step
> 3? Where should I copy this file?
> Do I need to copy user_key/user_key.pub in ~/.ssh/ directory as
> id_rsa/id_rsa.pub on the server side?
>
> Thanks in advance.
>
> Naitik Dani
> MTS
> GX Infrastructure HQ
>
> NetApp
> 724-741-5153 Direct
> Naitik.Dani@netapp.com
> www.netapp.com
>
>
>
>
>
> > -----Original Message-----
> > From: Iain Morgan [mailto:imorgan@nas.nasa.gov]
> > Sent: Monday, June 07, 2010 19:23
> > To: Dani, Naitik
> > Cc: openssh-unix-dev@mindrot.org
> > Subject: Re: X509 based certificate authentication in OpenSSH
> >
> > On Mon, Jun 07, 2010 at 17:04:09 -0500, Dani, Naitik wrote:
> > > Hello,
> > >
> > > I would like to know whether OpenSSH supports x509 certificate based
> > > authentication.
> >
> > No, although Roumen Petrov maintains a patch that adds such support.
> >
> > > It looks like OpenSSH has dependency on OpenSSL so does
> > this mean that
> > > OpeSSH also supports x509 certificate based authentication.
> >
> > No, OpenSSH just uses the low-level cryptographic algorithms from
> > OpenSSL.
> >
> > >
> > > If it does support, can you please point me to the necessary
> > > documentation.
> > >
> >
> > The developers have maintained a stance that the complexity of X.509
> > certificates introduces an unacceptable attack surface for sshd.
> > Instead, they have recently implemented an alternative certificate
> > format which is much simpler to parse and thus introduces
> > less risk. See
> > the various man pages in OpenSSH 5.5 for more information.
> >
> > --
> > Iain Morgan
> >

--
Iain Morgan
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

> particular, there is no need to copy it to remote hosts. You
> would only
> need to copy the public key, user_key.pub, to servers that do not
> support the certificate format, i.e. any older than OpenSSH 5.4 or any
> server using something other than OpenSSH. And you should _never_ copy
> the private key to a remote host.

Does this mean that, if my servers do support certificate format, i.e.
newer than OpenSSH 5.4, then I need to copy user_key-cert.pub into
~/.ssh/authorized_keys instead of user_key.pub?

I tried that, and the connection failed. Is this the expected behavior
or am I missing something?

Thanks

Naitik Dani
MTS
GX Infrastructure HQ

NetApp
724-741-5153 Direct
Naitik.Dani@netapp.com
www.netapp.com





> -----Original Message-----
> From: Iain Morgan [mailto:imorgan@nas.nasa.gov]
> Sent: Wednesday, June 09, 2010 13:36
> To: Dani, Naitik
> Cc: openssh-unix-dev@mindrot.org
> Subject: Re: X509 based certificate authentication in OpenSSH
>
> Hi Naitik,
>
> One thing I neglected to point out in my earlier off-list response to
> you is that your use of the -n option may create a complication.
> Specifically, using '-n USER' will restrict the certificate to only
> being able to authenticate to a USEr account.
>
> When sshd encounters a certificate that has a non-empty list of
> principals (as specified by the -n option to ssh-keygen), it will
> compare the username of the account being logged into against
> this list.
> If the name of the remote account is not in the list of
> principals, the
> certificate will be rejected.
>
> Other than that caveat, what you have described looks correct.
>
> You don't need to do anything with the -cert.pub file that
> was created.
> Simply keep it in the same directory as the associated private key. In
> particular, there is no need to copy it to remote hosts. You
> would only
> need to copy the public key, user_key.pub, to servers that do not
> support the certificate format, i.e. any older than OpenSSH 5.4 or any
> server using something other than OpenSSH. And you should _never_ copy
> the private key to a remote host.
>
> Simply keep the private key, public key and certificate (user_key,
> user_key.pub, and user_key-cert.pub respectively) in Your ~/.ssh
> directory on the client system. Note that since you chose to use a
> non-default name for the key (and thus the cert) you will need to
> explicitly tell ssh to load the key/cert either with the -i
> command-line
> option or the IdentityFile option in ~/.ssh/config.
>
> On Wed, Jun 09, 2010 at 10:14:41 -0500, Dani, Naitik wrote:
> > I did the following steps to create a certficate, but it
> does not work:
> >
> >
> > 1) Client: ssh-keygen -f ca_key
> > 2) Client: ssh-keygen -f user_key
> > 3) Client: ssh-keygen -s ca_key -I 2 -n USER user_key.pub
> > 4) Server: cp ca_key.pub ~/.ssh/authorized_keys
> > 5) I tagged the entry in authorized_keys as follows with
> > cert-authority, is this correct:
> > cert-authority ssh-rsa
> >
> AAAAB3NzaC1yc2EAAAADAQABAAABAQDscbUTgHMo+bryVqKHbItgd1THR4fVvj
> RdrDd3ZoEo
> >
> oPA8iz/AR9umzn19rAeuRIKRYUnRsslaAVnAji6Hl1To51xoKQuV63cykCM+sm
> xqsEIO8ThG
> >
> eF/oH/HfAnpdDfZ7Lkh2n6n4ixwEygjQ0M9gnAZkyKBoq08rGp3vCZUFRCOTH3
> Xpdsy8kIqF
> > xNdYyGNyLr3RpneSGJ9V99n4UmeUkm0ofVI0BaL0aCe4t1WTHQoeAXJ
> USER@server1
> > 5) Client: ssh USER@server --> it failed
> >
> > What should I do with user_key-cert.pub file which gets
> created in step
> > 3? Where should I copy this file?
> > Do I need to copy user_key/user_key.pub in ~/.ssh/ directory as
> > id_rsa/id_rsa.pub on the server side?
> >
> > Thanks in advance.
> >
> > Naitik Dani
> > MTS
> > GX Infrastructure HQ
> >
> > NetApp
> > 724-741-5153 Direct
> > Naitik.Dani@netapp.com
> > www.netapp.com
> >
> >
> >
> >
> >
> > > -----Original Message-----
> > > From: Iain Morgan [mailto:imorgan@nas.nasa.gov]
> > > Sent: Monday, June 07, 2010 19:23
> > > To: Dani, Naitik
> > > Cc: openssh-unix-dev@mindrot.org
> > > Subject: Re: X509 based certificate authentication in OpenSSH
> > >
> > > On Mon, Jun 07, 2010 at 17:04:09 -0500, Dani, Naitik wrote:
> > > > Hello,
> > > >
> > > > I would like to know whether OpenSSH supports x509
> certificate based
> > > > authentication.
> > >
> > > No, although Roumen Petrov maintains a patch that adds
> such support.
> > >
> > > > It looks like OpenSSH has dependency on OpenSSL so does
> > > this mean that
> > > > OpeSSH also supports x509 certificate based authentication.
> > >
> > > No, OpenSSH just uses the low-level cryptographic algorithms from
> > > OpenSSL.
> > >
> > > >
> > > > If it does support, can you please point me to the necessary
> > > > documentation.
> > > >
> > >
> > > The developers have maintained a stance that the
> complexity of X.509
> > > certificates introduces an unacceptable attack surface for sshd.
> > > Instead, they have recently implemented an alternative certificate
> > > format which is much simpler to parse and thus introduces
> > > less risk. See
> > > the various man pages in OpenSSH 5.5 for more information.
> > >
> > > --
> > > Iain Morgan
> > >
>
> --
> Iain Morgan
>
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

On Wed, Jun 09, 2010 at 15:09:49 -0500, Dani, Naitik wrote:
> > particular, there is no need to copy it to remote hosts. You
> > would only
> > need to copy the public key, user_key.pub, to servers that do not
> > support the certificate format, i.e. any older than OpenSSH 5.4 or any
> > server using something other than OpenSSH. And you should _never_ copy
> > the private key to a remote host.
>
> Does this mean that, if my servers do support certificate format, i.e.
> newer than OpenSSH 5.4, then I need to copy user_key-cert.pub into
> ~/.ssh/authorized_keys instead of user_key.pub?

No, you _never_ need to add your *-cert.pub file to the
~/.ssh/authorized_keys file. You _only_ need to add the ca_key.pub file
with the cert-authority tag. That allows the server to detemine that the
certificate (which the client offers during authentication) is signed by
a trusted CA.

>
> I tried that, and the connection failed. Is this the expected behavior
> or am I missing something?
>
> Thanks
>

Offhand, I'm not sure what the expected behaviour would be if you added
user_key-cert.pub to your authorized_keys file. However, it would not
be of any benefit.

You may want to try using -v with ssh to see what actually is happening.
I suspect that either ssh is not actually using the certificate or that
you have a list of principals specified which does not match the account
you are trying to authenticate to.

You might also want to do 'ssh-keygen -Lf user_key-cert.pub' to verify
the parameters that are set for the certificate.

If those steps don't shed any light and you have sufficient access to
the server, you could check the system logs for further info regarding
the authentication attempt. For best results, you may need to set the
LogLevel on the server to 'verbose.'

--
Iain Morgan
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

Iain,

Thanks for your previous reply. I have removed -n option as you asked
for and it worked.

Is there any link which explains how the key/certificate exchange take
place (i.e. architecture over view) for Certificate based SSH
authentication?

I would really like to understand the steps that occur when a client
tries to connect to a remote host using certificate.

Once again thanks for helping me with this.

1) ssh-keygen -f ca_rsa --> Generates CA key for signing

2) ssh-keygen --> Generates the user key with the default name
(id_rsa/.pub)

3) ssh-keygen -s ca_rsa -I 2 /u/naitik/.ssh/id_rsa.pub --> Signs the
user key with CA key
Signed user key /u/naitik/.ssh/id_rsa-cert.pub: id "2" valid forever

4) ssh-keygen -Lf /u/naitik/.ssh/id_rsa-cert.pub --> Prints the contents
of certificate
/u/naitik/.ssh/id_rsa-cert.pub:
RSA-CERT user certificate
8c:50:f7:43:0a:ef:b3:8e:a9:4e:3f:04:d6:e7:a9:9a
Signed by RSA CA ad:82:20:d2:17:f9:09:cb:10:4c:a9:f7:d2:07:7a:e6
Key ID "2"
Valid: forever
Principals: (none)
Constraints:
permit-X11-forwarding
permit-agent-forwarding
permit-port-forwarding
permit-pty
permit-user-rc

5) cp ca_rsa.pub /u/naitik/.ssh/authorized_keys

6) Add cert-authority Tag
less authorized_keys
cert-authority ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQCnI29TpnhPWSCGQdESr1gyCO3u5bKpm5aZ00TlLEli
wz9NaBkwEgIB2oYmILzrqMUI/HdjXH/keBd0acyvJ41jL7dATA0N
gipNs6O+Zka2ryKsHD9IlfMCTRVXj6/fB4fXmNue6KQmsbVNaZ/Vh2OuHFNr1SJsoHsbXchQ
mz+jEN2/yM8f8VJBwi02rz4BLFwijEcUFcj3cKm+PVGX3WT9JhAzgHVPZ4tnIorQeb1BRwN0
mMR
Zbh8710Uh7VfJyxN8VXaxfpwphHJVybfkMCMCcpT1vl2KhkmszGg3sAiSVs6BeeLgifXF62q
lfGW9VfGXyic+L/ohhDSkaN0AI3t9 root@naitik001 <mailto:root@naitik001>



Naitik Dani
MTS
GX Infrastructure HQ

NetApp
724-741-5153 Direct
Naitik.Dani@netapp.com
www.netapp.com





> -----Original Message-----
> From: Iain Morgan [mailto:imorgan@nas.nasa.gov
<mailto:imorgan@nas.nasa.gov> ]
> Sent: Wednesday, June 09, 2010 19:40
> To: Dani, Naitik
> Cc: openssh-unix-dev@mindrot.org
> Subject: Re: X509 based certificate authentication in OpenSSH
>
> On Wed, Jun 09, 2010 at 15:09:49 -0500, Dani, Naitik wrote:
> > > particular, there is no need to copy it to remote hosts. You
> > > would only
> > > need to copy the public key, user_key.pub, to servers that do not
> > > support the certificate format, i.e. any older than
> OpenSSH 5.4 or any
> > > server using something other than OpenSSH. And you should
> _never_ copy
> > > the private key to a remote host.
> >
> > Does this mean that, if my servers do support certificate
> format, i.e.
> > newer than OpenSSH 5.4, then I need to copy user_key-cert.pub into
> > ~/.ssh/authorized_keys instead of user_key.pub?
>
> No, you _never_ need to add your *-cert.pub file to the
> ~/.ssh/authorized_keys file. You _only_ need to add the
> ca_key.pub file
> with the cert-authority tag. That allows the server to
> detemine that the
> certificate (which the client offers during authentication)
> is signed by
> a trusted CA.
>
> >
> > I tried that, and the connection failed. Is this the
> expected behavior
> > or am I missing something?
> >
> > Thanks
> >
>
> Offhand, I'm not sure what the expected behaviour would be if
> you added
> user_key-cert.pub to your authorized_keys file. However, it would not
> be of any benefit.
>
> You may want to try using -v with ssh to see what actually is
> happening.
> I suspect that either ssh is not actually using the
> certificate or that
> you have a list of principals specified which does not match
> the account
> you are trying to authenticate to.
>
> You might also want to do 'ssh-keygen -Lf user_key-cert.pub' to verify
> the parameters that are set for the certificate.
>
> If those steps don't shed any light and you have sufficient access to
> the server, you could check the system logs for further info regarding
> the authentication attempt. For best results, you may need to set the
> LogLevel on the server to 'verbose.'
>
> --
> Iain Morgan
>

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

Hi Naitik,

You may want to look at PROTOCOL.certkeys in the OpenSSH source
distribution and at the archive for this mailing list. (www.marc.info is
a good place for the latter.) The call for release testing for the 5.4
release has an overview of the certificate support. And, of course, the
the source code, particularly auth2-pubkey.c, may be of interest.

On Thu, Jun 10, 2010 at 12:00:19 -0500, Dani, Naitik wrote:
> Iain,
>
> Thanks for your previous reply. I have removed -n option as you asked for and it worked.
>
> Is there any link which explains how the key/certificate exchange take place (i.e. architecture over view) for Certificate based SSH authentication?
>
> I would really like to understand the steps that occur when a client tries to connect to a remote host using certificate.
>
> Once again thanks for helping me with this.
>
> 1) ssh-keygen -f ca_rsa --> Generates CA key for signing
>
> 2) ssh-keygen --> Generates the user key with the default name (id_rsa/.pub)
>
> 3) ssh-keygen -s ca_rsa -I 2 /u/naitik/.ssh/id_rsa.pub --> Signs the user key with CA key
> Signed user key /u/naitik/.ssh/id_rsa-cert.pub: id "2" valid forever
>
> 4) ssh-keygen -Lf /u/naitik/.ssh/id_rsa-cert.pub --> Prints the contents of certificate
> /u/naitik/.ssh/id_rsa-cert.pub:
> RSA-CERT user certificate 8c:50:f7:43:0a:ef:b3:8e:a9:4e:3f:04:d6:e7:a9:9a
> Signed by RSA CA ad:82:20:d2:17:f9:09:cb:10:4c:a9:f7:d2:07:7a:e6
> Key ID "2"
> Valid: forever
> Principals: (none)
> Constraints:
> permit-X11-forwarding
> permit-agent-forwarding
> permit-port-forwarding
> permit-pty
> permit-user-rc
>
> 5) cp ca_rsa.pub /u/naitik/.ssh/authorized_keys
>
> 6) Add cert-authority Tag
> less authorized_keys
> cert-authority ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnI29TpnhPWSCGQdESr1gyCO3u5bKpm5aZ00TlLEliwz9NaBkwEgIB2oYmILzrqMUI/HdjXH/keBd0acyvJ41jL7dATA0N
> gipNs6O+Zka2ryKsHD9IlfMCTRVXj6/fB4fXmNue6KQmsbVNaZ/Vh2OuHFNr1SJsoHsbXchQmz+jEN2/yM8f8VJBwi02rz4BLFwijEcUFcj3cKm+PVGX3WT9JhAzgHVPZ4tnIorQeb1BRwN0mMR
> Zbh8710Uh7VfJyxN8VXaxfpwphHJVybfkMCMCcpT1vl2KhkmszGg3sAiSVs6BeeLgifXF62qlfGW9VfGXyic+L/ohhDSkaN0AI3t9 root@naitik001<mailto:root@naitik001>
>
> Naitik Dani
> MTS
> GX Infrastructure HQ
>
> NetApp
> 724-741-5153 Direct
> Naitik.Dani@netapp.com
> www.netapp.com
>
>
>
>
>
> > -----Original Message-----
> > From: Iain Morgan [mailto:imorgan@nas.nasa.gov]
> > Sent: Wednesday, June 09, 2010 19:40
> > To: Dani, Naitik
> > Cc: openssh-unix-dev@mindrot.org
> > Subject: Re: X509 based certificate authentication in OpenSSH
> >
> > On Wed, Jun 09, 2010 at 15:09:49 -0500, Dani, Naitik wrote:
> > > > particular, there is no need to copy it to remote hosts. You
> > > > would only
> > > > need to copy the public key, user_key.pub, to servers that do not
> > > > support the certificate format, i.e. any older than
> > OpenSSH 5.4 or any
> > > > server using something other than OpenSSH. And you should
> > _never_ copy
> > > > the private key to a remote host.
> > >
> > > Does this mean that, if my servers do support certificate
> > format, i.e.
> > > newer than OpenSSH 5.4, then I need to copy user_key-cert.pub into
> > > ~/.ssh/authorized_keys instead of user_key.pub?
> >
> > No, you _never_ need to add your *-cert.pub file to the
> > ~/.ssh/authorized_keys file. You _only_ need to add the
> > ca_key.pub file
> > with the cert-authority tag. That allows the server to
> > detemine that the
> > certificate (which the client offers during authentication)
> > is signed by
> > a trusted CA.
> >
> > >
> > > I tried that, and the connection failed. Is this the
> > expected behavior
> > > or am I missing something?
> > >
> > > Thanks
> > >
> >
> > Offhand, I'm not sure what the expected behaviour would be if
> > you added
> > user_key-cert.pub to your authorized_keys file. However, it would not
> > be of any benefit.
> >
> > You may want to try using -v with ssh to see what actually is
> > happening.
> > I suspect that either ssh is not actually using the
> > certificate or that
> > you have a list of principals specified which does not match
> > the account
> > you are trying to authenticate to.
> >
> > You might also want to do 'ssh-keygen -Lf user_key-cert.pub' to verify
> > the parameters that are set for the certificate.
> >
> > If those steps don't shed any light and you have sufficient access to
> > the server, you could check the system logs for further info regarding
> > the authentication attempt. For best results, you may need to set the
> > LogLevel on the server to 'verbose.'
> >
> > --
> > Iain Morgan
> >

--
Iain Morgan
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

Recent posts here [1] and one of my engineers brought up certificate authentication topics at the same time, sorry for the necromancing.

> -----Original Message----- [2]
> From: Iain Morgan
> Sent: Monday, June 7, 2010 7:23 PM
>
> On Mon, Jun 07, 2010 at 17:04:09 -0500, Dani, Naitik wrote:
> > Hello,
> >
> > I would like to know whether OpenSSH supports x509 certificate based
> > authentication.
>
> No, although Roumen Petrov maintains a patch that adds such support.

I assume this is referring to RFC 6187.

<snip/>

> The developers have maintained a stance that the complexity of X.509
> certificates introduces an unacceptable attack surface for sshd.

Is this still the case? Reading PROTOCOL.certkeys [3], the preamble has not changed since 2010.

What could possibly allow for discussion on this topic (goal is to add RFC 6187 support and NOT fork - tired of being brow beat with but commercial versions do it)?

> Instead, they have recently implemented an alternative certificate
> format which is much simpler to parse and thus introduces less risk. See
> the various man pages in OpenSSH 5.5 for more information.

Respectfully,


Jason Pyeron

1: https://lists.mindrot.org/pipermail/openssh-unix-dev/2022-September/040400.html
2: https://lists.mindrot.org/pipermail/openssh-unix-dev/2010-June/028702.html
3: https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.certkeys

--
Jason Pyeron | Architect
PD Inc | Certified SBA 8(a)
10 w 24th St | Certified SBA HUBZone
Baltimore, MD | CAGE Code: 1WVR6

.mil: jason.j.pyeron.ctr@mail.mil
.com: jpyeron@pdinc.us
tel : 202-741-9397

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

On 22 Sep 2022, at 05:41, Jason Pyeron <jpyeron@pdinc.us> wrote:

>> On Mon, Jun 07, 2010 at 17:04:09 -0500, Dani, Naitik wrote:
>>> I would like to know whether OpenSSH supports x509 certificate based
>>> authentication.
>>
>> No, although Roumen Petrov maintains a patch that adds such support.
…
> The developers have maintained a stance that the complexity of X.509
> certificates introduces an unacceptable attack surface for sshd.
...
> Is this still the case? Reading PROTOCOL.certkeys [3], the preamble has not changed since 2010.

While Petrov’s patches are splendid and (for us at least) rock and rock solid - I would add that the infrastructure it relies on is indeed not risk free. Even if one does to consult the network for OCSP or CRL.

We got very nearly taken out through a SSH implementation by CVE-2012-0654 (bad X.509 ca-authority cert commonly used in the energy industry).

Dw.


_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

> -----Original Message-----
> From: Dirk-Willem van Gulik
> Sent: Thursday, September 22, 2022 3:57 AM
>
> On 22 Sep 2022, at 05:41, Jason Pyeron wrote:
>
> >> On Mon, Jun 07, 2010 at 17:04:09 -0500, Dani, Naitik wrote:
> >>> I would like to know whether OpenSSH supports x509 certificate based
> >>> authentication.
> >>
> >> No, although Roumen Petrov maintains a patch that adds such support.
> …
> > The developers have maintained a stance that the complexity of X.509
> > certificates introduces an unacceptable attack surface for sshd.
> ...
> > Is this still the case? Reading PROTOCOL.certkeys [3], the preamble has not changed since 2010.
>
> While Petrov’s patches are splendid and (for us at least) rock and rock solid - I would add that the
> infrastructure it relies on is indeed not risk free. Even if one does to consult the network for OCSP
> or CRL.

Nothing is risk free, but is there a willingness to review, revise, an implement. A philosophical question is "are there guards against such risks".

Is there a high bar, that if met would change the maintainers' minds on supporting RFC 6187?

> We got very nearly taken out through a SSH implementation by CVE-2012-0654

Like above, if there was a vulnerability in libraries used for PAM, LDAP, and other parts of the authentication chain which allowed accesses uninitialized memory locations it too could allow remote attackers to execute arbitrary code.

> (bad X.509 ca-authority cert commonly used in the energy industry).

That’s silly, do not trust external CAs for local user authentication. At the company I work for we have high, medium, and low assurance CAs - we would only ever use the high assurance CA to authenticate users. Further, our customer organizations do not use/trust external CA, have thousands or millions of users, and issues smart cards to contain private keys. These are the use cases that seem to be most relevant.

I personally feel, use by responsible organizations following documentation stating the possible kill chain so they can make an informed risk acceptance should be supported.

The unacceptable workarounds that are currently in place are to use PuttyCAC's ssh agent, scripts to monitor LDAP for new users' certificates and then update authorized keys files.

v/r,

Jason Pyeron

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

On Wed, 21 Sep 2022, Jason Pyeron wrote:

> Recent posts here [1] and one of my engineers brought up certificate authentication topics at the same time, sorry for the necromancing.
>
> > -----Original Message----- [2]
> > From: Iain Morgan
> > Sent: Monday, June 7, 2010 7:23 PM
> >
> > On Mon, Jun 07, 2010 at 17:04:09 -0500, Dani, Naitik wrote:
> > > Hello,
> > >
> > > I would like to know whether OpenSSH supports x509 certificate based
> > > authentication.
> >
> > No, although Roumen Petrov maintains a patch that adds such support.
>
> I assume this is referring to RFC 6187.
>
> <snip/>
>
> > The developers have maintained a stance that the complexity of X.509
> > certificates introduces an unacceptable attack surface for sshd.
>
> Is this still the case? Reading PROTOCOL.certkeys [3], the preamble
> has not changed since 2010.

Yes, still the case. X.509 and the associated PKI are too syntactically,
semantically and operationally complex for us to trust.

> What could possibly allow for discussion on this topic (goal is to
> add RFC 6187 support and NOT fork - tired of being brow beat with but
> commercial versions do it)?

We don't have any desire to support X.509 certificates in OpenSSH,
sorry.

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev