[ssh_x509] Clarification on pkixssh-10.2

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Wed Mar 21 23:59:10 EET 2018

ssh_x509 at roumenpetrov.info wrote:
> Hi Roumen,
> Thanks for the quick response. I have following questions. Hope you can
> help on these as well.
> 1. Identity or hostkey file for protocol version 2 can contain a private
> key plus X.509 certificate in PEM format. To use X.509 certificate as
> identity or hostkey user
> should convert certificate in PEM format and append to file.
Yes - the certificate that match key. Format is not restricted to 
hostkeys. It is used in user identity as well.
For more details see ssh_config options IdentityFile . HostKey in 
sshd_config(5) is  similar .

> This
> hostkey will be shared with the client for server authentication?
Hmm. In key exchange server list host key algorithms . Key algorithm 
will be listed. Selection depend from client options.

> We just
> want to use x509v3-ssh-rsa algorithm.
Ok. See below.

> So certificate in PEM format should be appended to ssh_host_rsa_key?

Yes this is required part key material from file to be considered as a 
X.509 key.

> 2. sshd_config/ssh_config
> 2.1 Most of your changes are commented out in sshd_config. I have attached
> sshd_config and ssh_config file (please see). Can you please
> share the sshd_config and ssh_config file which is configured to handle
> x509v3 certificates?
Comment is such case mean default configuration.
Unfortunately manual page sshd_config(5) is correct but sample 
configuration is not.
Please find attached file 
This correction was created after 11.0 and miss releases 11.1 :( and 11.2.

> 2.2 We just want to use x509v3-ssh-rsa algorithm. What will be the value of
> X509KeyAlgorithm attribute in sshd_config and ssh_config?
>   X509KeyAlgorithm x509v3-sign-rsa-sha1,rsa-sha1,ssh-rsa ?
No. See attached patch :  X509KeyAlgorithm x509v3-ssh-rsa,rsa-sha1,ssh-rsa.

11.0 is version multi-algorithm host-keys. This mean if a rsa  host key 
has key plus certificate it will be announces as
x509v3-sign-rsa, x509v3-ssh-rsa and ssh-rsa. List is impacted by options 
*AcceptedAlgorithms* and *X509KeyAlgorithm.*

For version before this key will be announced as x509v3-sign-rsa.

It you case (version 10.2) sshd_config should contain
... ... ...
# "key type names" for X.509 certificates with RSA key
X509KeyAlgorithm x509v3-ssh-rsa,rsa-sha1,ssh-rsa

# "key type names" for X.509 certificates with EC key
X509KeyAlgorithm x509v3-ecdsa-sha2-nistp256,sha256,ecdsa-sha2-nistp256
X509KeyAlgorithm x509v3-ecdsa-sha2-nistp384,sha384,ecdsa-sha2-nistp384
X509KeyAlgorithm x509v3-ecdsa-sha2-nistp521,sha512,ecdsa-sha2-nistp521

# "key type names" for X.509 certificates with DSA key
# Note first defined is used in signature operations!
X509KeyAlgorithm x509v3-ssh-dss,dss-raw,ssh-dss
... ... ...
Remark: configuration only for RFC6187 format

> 2.3 What is the purpose of "X509 store" in sshd_config and ssh_config?
X.509 store is filled with "trusted certificates" . Those certificates 
are used in verification process.

Apache , PKIX-SSH and other share similar options.
For instance purpose is same as openssl verify command and its command 
line options -CApath or -CAfile.

> 3. User files on the server
>    Append in USER_HOME/.ssh/authorized_keys a record with following
> format:
> <KEY_TYPE><SPACE><WORDDN><SPACE>{<Distinguished_Name>|CertBlob}
> What is the purpose of adding this detail in authorized_keys file ?
This is map between user(logon) name and user identity . Identity could 
be public key or X.509 certificate distinguished name or CertBlob. Later 
is similar as public key.

Remark: a X.509 user identity could be "authorized" by public key as well.

> 4. How to test this feature if my make check-certs is not working?
You previous report shows that you cannot run any of executable.
For instance

/openssh-7.5p1/regress/unittests/sshbuf/test_sshbuf is from OpenSSH regression test

So " make check-certs is not working" is not correct.

Would you confirm that you build directory is  /openssh-7.5p1/  ?

If is not cross-compilation then what about mount options - mount point 
that forbids execution?

Another question. Let review part of Makefile:
tests interop-tests t-exec unit: regress-prep regress-binaries $(TARGETS)
     BUILDDIR=`pwd`; \
     TEST_SSH_SCP="$${BUILDDIR}/scp"; \
BUILDDIR is result of command pwd . Would you confirm that command (or 
may be alias) pwd return correct result - path to you build tree?

> I read
> about Pragma fortress software
I will not recommend. Only RSA and fail in some cases but I cannot 
remember details.

> and SecureCRT support ssh client capable of
> handling x509v3 certificates. Any suggestions?
This is good one . It supports  legacy format.
Support rfc6187 keys (version 8.+). Versions after 8.2 (8.3+ ) works 
fine in all configuration cases.
It support RSA, DSA certificates but does not support EC.
The only limitation (tested with 8.2) is if distinguished name contain 
non latin characters - cannot be used is some configuration as lost non 
latin characters are lost.

> Thanks in advance.
> Regards
> Mohit Gupta
Roumen Petrov

Secure shell with X.509 certificate support

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-X509KeyAlgorithm-configuration-defaults-for-RFC6187-.patch
Type: text/x-diff
Size: 1040 bytes
Desc: not available
URL: <http://roumenpetrov.info/pipermail/ssh_x509_roumenpetrov.info/attachments/20180321/7dec3c90/attachment.bin>

More information about the ssh_x509 mailing list