[empty image] [empty image]
[empty image]
[empty image] [empty image] [empty image]
[empty image]

OpenSSH secure shell
and
X.509 v3 certificates
(archive 5.x-series)

Check the current version!

10 Mar 2007 : Published version x509-5.5.2 for OpenSSH 4.6p1.
What's new:
  • OpenSSH 4.6p1
Detailed:
  • OpenSSH 4.6p1
    The OpenSSH 4.6p1 released on 8 Mar 2007 and release details can be found at announce page.
Download:
Get it from download page.

8 Nov 2006 : Published version x509-5.5.2 for OpenSSH 4.5p1.
What's new:
  • OpenSSH 4.5p1
  • specific diff of 5.5 for OpenSSH 4.5p1
Detailed:
  • OpenSSH 4.5p1
    The OpenSSH 4.5p1 released on 7 Nov 2006 resolve one security bug and several compilation fixes. Details are included in announce.
  • specific diff of 5.5 for OpenSSH 4.5p1
    OpenSSH changes in include statements continue. Now header file bufaux.h is removed so as in 5.5.1 this require change in X.509 certificate support specific files. As in 5.5.1 patch for ocsp-path component is included.
Download:
Get it from download page.

30 Sep 2006 : OpenSSL Security Advisory from 28 September 2006
Problems:
  • ASN.1 Denial of Service Attacks
    Quotes from OpenSSL Security Advisory: ... 1. During the parsing of certain invalid ASN.1 structures an error condition is mishandled. ... 2. Certain types of public key can take disproportionate amounts of time to process. ...
Solution:
OpenSSL team release version 0.9.8d and 0.9.7l to address them and other vulnerabilities mentioned in advisory. Its is recommended to update openssl used for X.509 certificates support for OpenSSH.

30 Sep 2006 : Published version x509-5.5.1 for OpenSSH 4.4p1.
OpenSSH 4.4p1 is released on 27 Sep 2006.
What's new:
  • specific diff of 5.5 for OpenSSH 4.4p1
  • ocsp-path patch included
Detailed:
  • specific diff of 5.5 for OpenSSH 4.4p1
    OpenSSH change include statements in its source code. This change require modifications in X.509 certificate support specific files so those files cannot be same as is in x509-5.5 for OpenSSH 4.3p2 and 4.2p1. The new server option "Match" require changes in files specific to X.509 certificate support. So that in result of OpenSSH changes new version number (x509-5.5.1) is required.
  • ocsp-path patch included
    The patch for ocsp-path component issued on 4 Sep 2006 is included in this version.
Download:
Go to download page and get it.

8 Sep 2006 : OpenSSL Security Advisory from 5 September 2006
Problems:
  • RSA Signature Forgery
    Quotes from OpenSSL Security Advisory: ...If an RSA key with exponent 3 is used it may be possible to forge a PKCS #1 v1.5 signature signed by that key... ...Since there are CAs using exponent 3 in wide use, and PKCS #1 v1.5 is used in X.509 certificates, all software that uses OpenSSL to verify X.509 certificates is potentially vulnerable...
Solution:
See OpenSSL recommendations in advasory. Recommended OpenSSL versions for X.509 certificates support for OpenSSH are listed in section Miscellaneous later on page.

4 Sep 2006 : Patch for path in OCSP http request.
Problems:
  • If OCSP is enabled and configured in X.509 certificate support for OpenSSH, server or client sent http request to OCSP responder. This request can containt path component. The problem is that path component sent from programs is without leading slash.
Solution:
The ocsp-path patch can be found here. To save the patch please see download tips. This patch is for version x509-5.5 and earlier from Validator series (5.x and h).
Note if you build is without OCSP support (that is default) you don't need it.
This patch should be applied to OpenSSH source after patch for X.509 certificates support.
If OpenSSH is already build you don't need to configure it again. Instruction in last case:
  • uncompress the patch, go to [OpenSSH_SOURCE_DIR] and apply it (don't forget patch options "-p 1");
  • change working directory to [OpenSSH_BUILD_DIR] and run "make" and "make install".
Thanks:
Thanks to Bruno Bonfils who report the problem, and confirm that patch solve problem.

29 May 2006 : Published version x509-5.5 (from Validator series).
What's new:
  • enhanced PubkeyAlgorithms client options
  • enabled SSL support for OCSP
Detailed:
  • enhanced PubkeyAlgorithms client options
    The client option PubkeyAlgorithms specifies the protocol version 2 algorithms used in "publickey" authentication allowed to sent to the host. Now if a X.509 certificate is used as identity but corresponding algorithm is not allowed the client will try algorithm ( "ssh-rsa" or "ssh-dss" ) conforming to certificate public key if allowed.
    This option is available for first time in version 5.4. In this version code is rewritten to avoid client crashes in some configurations. If you use version 5.4 you are encouraged to switch to new version.
  • enabled SSL support for OCSP
    Now SSL support for OCSP requests is enabled by default. Thanks to Kenneth Robinette for independent tests.
Download:
Diffs are available for OpenSSH 4.2p1 and 4.3p2 (get it).

27 Apr 2006 : Published version x509-5.4 (from Validator series).
What's new:
  • given up support for "x509v3-sign-rsa-sha1" and "x509v3-sign-dss-sha1"
  • correct nid for OCSP responder location
  • public key permit X.509 certificate for authentication
  • client option "PubkeyAlgorithms"
  • server option "KeyAllowSelfIssued"
Detailed:
  • given up support for "x509v3-sign-rsa-sha1" and "x509v3-sign-dss-sha1"
    The implementation realised in previous version 5.3 is not fully in conformance with "draft-ietf-secsh-x509-02.txt"
  • correct nid for OCSP responder location
    All version before 5.4 search for nid "id-pkix-ocsp-service-locator" instead for correct one "id-ad-ocsp" to find location of OCSP responder.
  • public key permit X.509 certificate for authentication
    Now the public key listed in authorized keys file permit too a X.509 certificate with public key that match it to be used in "public key authentication".
  • client option "PubkeyAlgorithms"
    This new clent option specifies the protocol version 2 algorithms used in "publickey" authentication allowed to sent to the host.
  • server option "KeyAllowSelfIssued"
    This new server option specifies whether only public key or certificate blob listed in authorized keys file can allow self-issued(self-signed) X.509 certificate to be used for user authentication.
Download:
Diffs are available for OpenSSH 4.2p1 and 4.3p2 (get it).
Credits:
I'd like to say a big thank you to Kenneth Robinette for great debug on OCSP and LDAP support. Special credits to Alon Bar-Lev for ideas how to make X.509 certificate support more functional.

12 Feb 2006 : Published version x509-5.2 and x509-5.3 for OpenSSH 4.3p2.
OpenSSH 4.3p2 is released on 11 Feb 2006. Appropriate diff can be found on download page.

3 Feb 2006 : Published version x509-5.2 and x509-5.3 for OpenSSH 4.3p1.
OpenSSH 4.3 is released on 1 Feb 2006. Go to download page and select appropriate diff.

21 Jan 2006 : Published version x509-5.3 (from Validator series).
What's new:
  • added preliminary support for "x509v3-sign-rsa-sha1" and "x509v3-sign-dss-sha1" key type names in conformance with "draft-ietf-secsh-x509-02.txt";
  • extend "x509v3-sign-dss" key type with signatures in "ssh-dss" format.
Detailed:
To support extensions specified above a new option X509KeyAlgorithm is added. The option specifies how X.509 certificates and signatures are used for protocol version 2. It is possible to have multiple algorithms in form specified in "X.509 Key Algorithms" format. The format is a sequence of the form: key-type-name,digest-name[,signature-identifier], where key-type-name is key type name, digest-name is one of
  • rsa-md5  : RSA key and signature using the MD5 hash;
  • rsa-sha1 : RSA key and signature using the SHA-1 hash;
  • dss-asn1 : DSA key and signature as specified in [RFC3279];
  • dss-raw  : DSA key and signature with "dss_signature_blob" as is specified in "SecSH transport" draft for "ssh-dss" signature.
and optional signature-identifier. When signature-identifier is omited key-type-name is used as identifier. The programs like sshd, ssh use the first listed for "rsa" or "dsa" key in signing and accept all listed.
The default for certificates with RSA key is:
  • X509KeyAlgorithm x509v3-sign-rsa,rsa-md5
  • X509KeyAlgorithm x509v3-sign-rsa,rsa-sha1
  • X509KeyAlgorithm x509v3-sign-rsa-sha1,rsa-sha1,ssh-rsa
The default for certificates with DSA key is:
  • X509KeyAlgorithm x509v3-sign-dss,dss-asn1
  • X509KeyAlgorithm x509v3-sign-dss,dss-raw
  • X509KeyAlgorithm x509v3-sign-dss-sha1,dss-raw,ssh-dss
The option "X509rsaSigType" is now deprecated in favour of "X509KeyAlgorithm".
Download:
Diffs are available for OpenSSH 3.9p1 and 4.2p1 (get it).

2 Sep 2005 : Published version x509-5.2 for OpenSSH 4.2p1.
OpenSSH 4.2 is released on 1 Sep 2005. Go to download page and get diff version x509-5.2 for new release.

12 Jun 2005 : Version x509-5.2 (from Validator series) is published.
What's new:
  • diff version x509-5.2 for OpenSSH 3.9p1, 4.0p1 and 4.1p1 (get it).
  • print CERT RR (resource record)
  • verify remote key using DNS and CERT RR
  • include not-pipeline patch
  • work with OpenSSL 0.9.8betaX
Detailed:
  • print CERT RR (resource record)
    When specified public key contain a X.509 certificate ssh-keygen print CERT RR.
  • verify remote key using DNS and CERT RR
    SecSH client ssh is able to verify remote public keys containing X.509 certificate for protocol version 2. See option VerifyHostKeyDNS in ssh_config(5) manual page.
  • not-pipeline patch
    Certificate regression test patch for shell without reserved word ! support is included. For the patch see announce from 4 Mar 2005.
  • work with OpenSSL 0.9.8betaX
    In OpenSSL 0.9.8+ some structures related to X.509 store are modified. This modification is detected at configure time and define HAVE_X509_STORE_CTX_PARAM in "config.h".
    Note: about OpenSSL versions 0.9.8-beta{3|4|5} on system with "/dev/{u||s}random":
    OpenSSH configure script report on these systems: "checking whether OpenSSL's PRNG is internally seeded... no"
    This is due a bug in OpenSSL code and can be detected as example:
    - on working system:
    $ strace -f openssl genrsa 2>&1 | grep -i random
    open("/dev/urandom", ...) = 3
    - on buggy system:
    $ strace -f openssl genrsa 2>&1 | grep -i random
    open("DEVRANDOM", ...) = -1 ENOENT ...
    In this case OpenSSH will use "ssh-rand-helper", but this slow down. Better solution is: go in OpenSSL 0.9.8-beta{3|4|5} source directory, open the file "crypto/rand/rand_unix.c" in , find the line "... randomfiles[] = { "DEVRANDOM" };", remove quotes around DEVRANDOM (marked in red color), recompile and install OpenSSL. After this configure and build OpenSSH.

27 May 2005 :
What's new:

10 Mar 2005 :
What's new:

4 Mar 2005 : Patch for certificate regression test.
Problems:
  • Reserved word !
    From ksh manual page: ... A pipeline is a sequence of one or more commands separated by |. ... Each pipeline can be preceded by the reserved word ! which causes the exit status of the pipeline to become 0 if the exit status of the last command is non-zero, and 1 if the exit status of the last command is 0. ... A list is a sequence of one or more pipelines separated by ; ...
  • Test case:
    When shell support ! the command
    ! test -f /file_not_found && echo NOTFOUND
    should print NOTFOUND on standard output.
  • Limitations:
    Reserved word ! is not implemented in Solaris 8 shells.
Symptoms:
Output from X.509 certificate test is similar to
.....
(cd openbsd-compat && make)
.....
/bin/sh ./1-cre_cadb.sh
.....
RSA digest list:  md5 sha1 md2 md4 rmd160
creating file .../tests/CA/ca-test/catest.config
./1-cre_cadb.sh: !: not found
                                                  done
.....
/bin/sh ./2-cre_cakeys.sh
.....
./2-cre_cakeys.sh: !: not found
./2-cre_cakeys.sh: !: not found
                                                  done
.....
/bin/sh ./3-cre_certs.sh -f .....
OpenSSL executable version: .....
RSA digest list:  .....
./3-cre_certs.sh: !: not found
usage: ./3-cre_certs.sh <options>
  -f[ile]       [ssh]key_file_name
  -t[ype]       certificate type: client or server
  -n[ame]       "base" common name
*** Error code 1
make: Fatal error: Command failed for .....
Current working directory .../tests/CA
*** Error code 1
.....
Solution:
Please download not-pipeline patch.
The patch is for version x509g3 and newest. It can be applied on already compiled OpenSSH with X.509 certificates support.
Instructions (when OpenSSH is already build):
  • Uncompress the patch, go to [OpenSSH_SOURCE_DIR] and apply it (don't forget patch options "-p 1").
  • After this change working directory to [OpenSSH_BUILD_DIR]/tests/CA and run "make clean".
  • Now the directory should contain only Makefile (and env for x509-5.1).
  • Go to [OpenSSH_BUILD_DIR] and run tests again (as example "make check-certs" - only to test certificates).
Note that patch is only for regression tests. If you don't run the tests you don't need it even on Solaris 8!
Thanks:
Thanks to Erik Vanborren who report the problem and confirm that regression test for X.509 certificates pass on Solaris 8. More information on "Secure Shell" mailing list at SecurityFocus.

24 Nov 2004 : Version x509-5.1 (from Validator series) is ready.
What's new:
  • diff version x509-5.1 for OpenSSH 3.8.1.p1 and 3.9p1 (get it)
  • new versioning scheme
  • CRL issuer certificate with cRLSign key usage
  • new client and server option "MandatoryCRL"
  • new server options "PubkeyAlgorithms" and "HostbasedAlgorithms"
  • "X.509 store" now can use LDAP to lookup for certificates and CRLs
  • updated manual pages and README.x509v3
  • "X.509 store" in linked only to necessary binaries
Detailed:
  • new versioning scheme
    Old letter-number versioning scheme is replaced with standard numbering scheme. New version is 5.1 instead of h1. According to new scheme diff file name is with format openssh-X.X[.X]pX+x509-Y.Y[.Y].diff.gz, where X are numbers from OpenSSH version and Y numbers from X.509 support version.
  • CRL issuer certificate with cRLSign key usage
    When a public key from a certificate is used for verifying a signature on CRL cRLSign key usage must present in that certificate. This rule is conforming to [RFC3280].
  • new client and server option "MandatoryCRL"
    In verification process when a certificate from chain(CRL issuer) contain crlDistributionPoints extension and options MandatoryCRL is set issued CRL must present in "X.509 store" otherwise verification fail.
    Regression test script "crl" is extended with tests for the option.
  • new server options "PubkeyAlgorithms" and "HostbasedAlgorithms"
    When option is not set all supported algorithms are allowed in "Public Key" and "Host-Based " authentication methods respectively. Currently the list of supported algorithms is "ssh-rsa", "ssh-dss", "x509v3-sign-rsa", and "x509v3-sign-dss".
    New regression test script "alg" is added to check the option.
  • "X.509 store" now can use LDAP to lookup for certificates and CRLs
    In additional to "file" and "hash-dir" lookup methods the "X.509 store" can utilize LDAP queries to find certificates and CRLs in verification and validation process. The "LDAP" lookup method is enabled with configure option "--enable-ldap". The new feature is realised as OpenSSL lookup extension.
    Regression test script "by_ldap" check LDAP lookup applicability.
  • updated manual pages and README.x509v3
    Added information about new features.
    More precise description of "user identity" or "host key" file format when X.509 certificate is in use.
  • "X.509 store" in linked only to necessary binaries
    Now "X.509 store" contain only required object files. The store object files may require extra libraries, as example when OpenSSH is build with option "--enable-ldap". They all are linked to OpenSSH binaries that really use the store.


News archives:

[empty image]
[empty image] [empty image] Last modified : Monday August 06, 2007 [empty image]