[ssh_x509] Some additional questions on pkixssh

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Wed May 17 07:52:09 EEST 2017

Hello Roumen,

Tonight I got user authentication working with X.509 certificates in pkixssh 10.1.1. Thanks for all your work on this!

As I dig into the details of pkixssh, I’ve got some questions about the configuration options.

First, I noticed that “ssh-keygen -y” output the certificate as type “x509v3-sign-rsa” when I updated my id_rsa.pub file. I had set things up to only accept “x509v3-ssh-rsa” in my test, but the key worked despite the mismatch. Given that x509v3-sign-rsa is historical at this point, will ssh-keygen be switching over to the new name at some point? After seeing that an “x509v3-sign-rsa” public key was accepted, I manually edited the name to “x509v3-ssh-rsa” in my id_rsa.pub and it still worked, so it looks like the two are interchangeable at the moment in the local config, with the choice of format just changing how the keys are transmitted on the wire.

Another thing I ran into is that pkixssh doesn’t seem to support the new ExtendedKeyUsage values of “secureShellClient” and “secureShellServer” defined in RFC 6187. Since I created my keys with this ExtendedKeyUsage set, I had to set “AllowedCertPurpose” to “Any” for now for pkixssh to accept them. Will pkixssh support these values at some point in the future?

Also, I was able to get both subject-based and blob-based matching to work on certificates, but I didn’t see any way to accept all certificates signed by a particular root CA the way you can with OpenSSH-format certificates and the “cert-authority” marker in authorized_keys/known_hosts. Is there any support in pkixssh for something like this, or for doing wildcard or partial matches on the X.509 subject names in the certificate being validated?OpenSSH supports the notion of a “principals” attribute in authorized_keys, with the ability to do both positive and negative wildcard matches. Does pkixssh support anything like that for matching on X.509 principals?

I’ve been looking at adding support for RFC 6187 in my python “AsyncSSH” implementation. However, I was thinking it might be nice to just extend the existing OpenSSH “cert-authority” syntax in authorized_keys and known_hosts to accept both OpenSSH and X509 format certificates when I did this, leveraging things like the wildcard principal matching support I already have for OpenSSH certificates. It would be great if pkixssh also supported this existing OpenSSH syntax for which certificate authorities and principals to trust. This could even potentially eliminate the need to have separate configuration options for the X.509 store and the “subject” style syntax. Now that RFC 6187 requires that the full certificate chain (other than the root CA) always be provided by the peer, there’s no need for an X.509 store to hold intermediate CAs. The only thing you really need to configure is which root CAs to trust. That could be done by configuring either trusted root CA public keys or trusted root CA self-signed certs as “cert-authority” values directly in authorized_keys and known_hosts.

Finally, I was hoping to test x509v3-rsa2048-sha256, but it seems like pkixssh doesn’t support that yet. Are there any plans to add it?
Ron Frederick
ronf at timeheart.net

More information about the ssh_x509 mailing list