[ssh_x509] Clarification on pkixssh-10.2

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Sun Apr 1 16:23:05 EEST 2018


Hi Roumen,


11.0 is version multi-algorithm host-keys. This mean if a rsa host key has
key plus certificate it will be announces as
x509v3-sign-rsa, x509v3-ssh-rsa and ssh-rsa. List is impacted by options
*AcceptedAlgorithms* and *X509KeyAlgorithm.*

For version before this key will be announced as x509v3-sign-rsa.
 1. [Mohit] -- So that means if I am using version 10.2, host key algorithm
is only announced as x509v3-sign-rsa or it can also announce as ssh-rsa
algorithm??
Or do We need to move to version 11.0? We want to use openssh-7.5p1 and
that's why we choose pkixssh version 10.2

For my development UT, I have generated a self-signed certificate. Root CA
certificate which is used to generate certificate is copied to
*/etc/ssh/ca/crt/cacert.pem* and also added this '*CACertificateFile
/etc/ssh/ca/crt/cacert.pem*' in sshd_config. I am trying to configure SSH
server and connect to it, I am getting the error when I started SSH server
in debug mode. PFA for the complete debug log and sshd_config.
*Connection from 10.197.200.94 port 55674 on 10.24.12.85 port 5000*
*Did not receive identification string from 10.197.200.94 port 55674.*
There are other errors related to x509key_parse_cert: PEM_read_X509 fail
error. Please see the logs. The connection is getting failed at very first
step.

# HostKeys for protocol version 2
HostKey /etc/ssh_host_dsa_key
HostKey /etc/ssh_host_rsa_key
HostKey /etc/ssh_host_ecdsa_key

2. Can we use ssh-rsa for server authentication algorithm( host key
exchange ) and x509v3-ssh-rsa for user authentication algorithm?
If yes, what will be the SSH server configuration? I want to know how a
certificate in PEM format should be generated and appended to host key file
which is generated as part of SSH server installation?
Can we replace the default /etc/ssh_host_rsa_key and replace it with a new
key which has the private key as well as the certificate in PEM format. Or
this format of key is only needed in the case where we choose host key
algorithm as x509v3-ssh-rsa?

Thanks & Regards
Mohit Gupta

On Thu, Mar 22, 2018 at 3:29 AM, <ssh_x509 at roumenpetrov.info> wrote:

> ssh_x509 at roumenpetrov.info wrote:
>
>> Hi Roumen,
>>
>> Thanks for the quick response. I have following questions. Hope you can
>> help on these as well.
>>
>> 1. Identity or hostkey file for protocol version 2 can contain a private
>> key plus X.509 certificate in PEM format. To use X.509 certificate as
>> identity or hostkey user
>> should convert certificate in PEM format and append to file.
>>
> Yes - the certificate that match key. Format is not restricted to
> hostkeys. It is used in user identity as well.
> For more details see ssh_config options IdentityFile . HostKey in
> sshd_config(5) is  similar .
>
>
> This
>> hostkey will be shared with the client for server authentication?
>>
> Hmm. In key exchange server list host key algorithms . Key algorithm will
> be listed. Selection depend from client options.
>
>
> We just
>> want to use x509v3-ssh-rsa algorithm.
>>
> Ok. See below.
>
> So certificate in PEM format should be appended to ssh_host_rsa_key?
>>
>
> Yes this is required part key material from file to be considered as a
> X.509 key.
>
> 2. sshd_config/ssh_config
>>
>> 2.1 Most of your changes are commented out in sshd_config. I have attached
>> sshd_config and ssh_config file (please see). Can you please
>> share the sshd_config and ssh_config file which is configured to handle
>> x509v3 certificates?
>>
> Comment is such case mean default configuration.
> Unfortunately manual page sshd_config(5) is correct but sample
> configuration is not.
> Please find attached file "0002-X509KeyAlgorithm-configu
> ration-defaults-for-RFC6187-.patch"
> This correction was created after 11.0 and miss releases 11.1 :( and 11.2.
>
> 2.2 We just want to use x509v3-ssh-rsa algorithm. What will be the value of
>> X509KeyAlgorithm attribute in sshd_config and ssh_config?
>>
>>   X509KeyAlgorithm x509v3-sign-rsa-sha1,rsa-sha1,ssh-rsa ?
>>
> No. See attached patch :  X509KeyAlgorithm x509v3-ssh-rsa,rsa-sha1,ssh-rs
> a.
>
>
>
> 11.0 is version multi-algorithm host-keys. This mean if a rsa  host key
> has key plus certificate it will be announces as
> x509v3-sign-rsa, x509v3-ssh-rsa and ssh-rsa. List is impacted by options
> *AcceptedAlgorithms* and *X509KeyAlgorithm.*
>
> For version before this key will be announced as x509v3-sign-rsa.
>
> It you case (version 10.2) sshd_config should contain
> ... ... ...
> # "key type names" for X.509 certificates with RSA key
> X509KeyAlgorithm x509v3-ssh-rsa,rsa-sha1,ssh-rsa
>
> # "key type names" for X.509 certificates with EC key
> X509KeyAlgorithm x509v3-ecdsa-sha2-nistp256,sha256,ecdsa-sha2-nistp256
> X509KeyAlgorithm x509v3-ecdsa-sha2-nistp384,sha384,ecdsa-sha2-nistp384
> X509KeyAlgorithm x509v3-ecdsa-sha2-nistp521,sha512,ecdsa-sha2-nistp521
>
> # "key type names" for X.509 certificates with DSA key
> # Note first defined is used in signature operations!
> X509KeyAlgorithm x509v3-ssh-dss,dss-raw,ssh-dss
> ... ... ...
> Remark: configuration only for RFC6187 format
>
> 2.3 What is the purpose of "X509 store" in sshd_config and ssh_config?
>>
> X.509 store is filled with "trusted certificates" . Those certificates are
> used in verification process.
>
> http://roumenpetrov.info/domino_CA/
> Apache , PKIX-SSH and other share similar options.
> For instance purpose is same as openssl verify command and its command
> line options -CApath or -CAfile.
>
>
> 3. User files on the server
>>
>>    Append in USER_HOME/.ssh/authorized_keys a record with following
>> format:
>> <KEY_TYPE><SPACE><WORDDN><SPACE>{<Distinguished_Name>|CertBlob}
>>
>> What is the purpose of adding this detail in authorized_keys file ?
>>
> This is map between user(logon) name and user identity . Identity could be
> public key or X.509 certificate distinguished name or CertBlob. Later is
> similar as public key.
>
> Remark: a X.509 user identity could be "authorized" by public key as well.
>
>
> 4. How to test this feature if my make check-certs is not working?
>>
> You previous report shows that you cannot run any of executable.
> For instance
>
> /openssh-7.5p1/regress/unittests/sshbuf/test_sshbuf is from OpenSSH
> regression test
>
> So " make check-certs is not working" is not correct.
>
> Would you confirm that you build directory is  /openssh-7.5p1/  ?
>
> If is not cross-compilation then what about mount options - mount point
> that forbids execution?
>
>
> Another question. Let review part of Makefile:
> ...
> tests interop-tests t-exec unit: regress-prep regress-binaries $(TARGETS)
>     BUILDDIR=`pwd`; \
>     TEST_SSH_SCP="$${BUILDDIR}/scp"; \
> ...
> BUILDDIR is result of command pwd . Would you confirm that command (or may
> be alias) pwd return correct result - path to you build tree?
>
>
> I read
>> about Pragma fortress software
>>
> I will not recommend. Only RSA and fail in some cases but I cannot
> remember details.
>
> and SecureCRT support ssh client capable of
>> handling x509v3 certificates. Any suggestions?
>>
> This is good one . It supports  legacy format.
> Support rfc6187 keys (version 8.+). Versions after 8.2 (8.3+ ) works fine
> in all configuration cases.
> It support RSA, DSA certificates but does not support EC.
> The only limitation (tested with 8.2) is if distinguished name contain non
> latin characters - cannot be used is some configuration as lost non latin
> characters are lost.
>
> Thanks in advance.
>> Regards
>> Mohit Gupta
>>
>> [SNIP]
>
> Roumen Petrov
>
>
> --
> Secure shell with X.509 certificate support
> http://roumenpetrov.info/secsh/
>
>
> _______________________________________________
> ssh_x509 mailing list
> ssh_x509 at roumenpetrov.info
> http://roumenpetrov.info/mailman/listinfo/ssh_x509_roumenpetrov.info
>
>
-------------- next part --------------
sw0:FID128:root> /usr/sbin/sshd -ddd -p 5000
debug2: load_server_config: filename /etc/sshd_config
debug2: load_server_config: done config len = 792
debug2: parse_server_config: config /etc/sshd_config len 792
debug3: /etc/sshd_config:13 setting Port 830
debug3: /etc/sshd_config:14 setting Port 22
debug3: /etc/sshd_config:15 setting Protocol 2
debug3: /etc/sshd_config:26 setting HostKey /etc/ssh_host_dsa_key
debug3: /etc/sshd_config:27 setting HostKey /etc/ssh_host_rsa_key
debug3: /etc/sshd_config:28 setting HostKey /etc/ssh_host_ecdsa_key
debug3: /etc/sshd_config:43 setting X509KeyAlgorithm x509v3-ssh-rsa,rsa-sha1,ssh-rsa
debug3: /etc/sshd_config:49 setting X509KeyAlgorithm x509v3-ssh-dss,dss-raw,ssh-dss
debug3: /etc/sshd_config:70 setting CACertificateFile /etc/ssh/ca/crt/cacert.pem
debug3: /etc/sshd_config:119 setting LoginGraceTime 120
debug3: /etc/sshd_config:120 setting PermitRootLogin yes
debug3: /etc/sshd_config:122 setting MaxAuthTries 6
debug3: /etc/sshd_config:123 setting MaxSessions 1
debug3: /etc/sshd_config:145 setting IgnoreRhosts yes
debug3: /etc/sshd_config:152 setting ChallengeResponseAuthentication no
debug3: /etc/sshd_config:173 setting UsePAM yes
debug3: /etc/sshd_config:176 setting AllowTcpForwarding no
debug3: /etc/sshd_config:189 setting ClientAliveInterval 0
debug3: /etc/sshd_config:190 setting ClientAliveCountMax 4
debug3: /etc/sshd_config:194 setting AllowedLogin admin
debug3: /etc/sshd_config:203 setting Subsystem sftp    /usr/libexec/sftp-server
debug3: /etc/sshd_config:204 setting Subsystem netconf /usr/confd/bin/confd_netconf_subsys
debug2: hash dir '/vobs/projects/springboard/build/swbd1000/target/etc/ca/crt' added to x509 store
debug2: file '/etc/ssh/ca/crt/cacert.pem' added to x509 store
debug2: hash dir '/vobs/projects/springboard/build/swbd1000/target/etc/ca/crl' added to x509 revocation store
debug1: ssh_set_validator: ignore responder url
debug1: annonced algorithms: x509v3-ssh-rsa,x509v3-ssh-dss,ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384
debug1: annonced signatures: ssh-rsa,ssh-dss,ssh-ed25519,rsa-sha2-256,rsa-sha2-512,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384
debug1: sshd version PKIX-SSH 10.2, OpenSSH_7.5p1, OpenSSL 1.0.2h  3 May 2016
debug3: sshkey_load_private() filename=/etc/ssh_host_dsa_key
debug1: read PEM private key begin
debug1: read X.509 certificate begin
debug3: x509key_parse_cert: PEM_read_X509 fail error:0906D06C:lib(9):func(109):reason(108)
debug3: sshkey_load_public() filename=/etc/ssh_host_dsa_key
debug3: key_from_blob(..., ...) ktype=ssh-dss
debug1: private host key #0: ssh-dss SHA256:YlhPO+s49g7zsqwevQePaHFOonoSqK2Y+Bt3BJEnViQ
debug3: sshkey_load_private() filename=/etc/ssh_host_rsa_key
debug1: read PEM private key begin
debug1: read X.509 certificate begin
debug3: x509key_parse_cert: PEM_read_X509 fail error:0D0680A8:lib(13):func(104):reason(168)
debug3: sshkey_load_public() filename=/etc/ssh_host_rsa_key
debug3: key_from_blob(..., ...) ktype=ssh-rsa
debug1: private host key #1: ssh-rsa SHA256:pQlxMsce0MUiv2xcLX60dg3FA/ZY147t7WQ+psljJdE
debug3: sshkey_load_private() filename=/etc/ssh_host_ecdsa_key
debug1: read PEM private key begin
debug1: read X.509 certificate begin
debug3: x509key_parse_cert: PEM_read_X509 fail error:0D0680A8:lib(13):func(104):reason(168)
debug3: sshkey_load_public() filename=/etc/ssh_host_ecdsa_key
debug3: key_from_blob(..., ...) ktype=ecdsa-sha2-nistp256
debug3: key_from_blob(..., ...) ktype/nid=ecdsa-sha2-nistp256 / 415
debug1: private host key #2: ecdsa-sha2-nistp256 SHA256:6OiOTtlAR3fwKbVmsWSAGjRZMV5JFkW/Rd9MS5AltfU
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-ddd'
debug1: rexec_argv[2]='-p'
debug1: rexec_argv[3]='5000'
debug3: oom_adjust_setup
debug1: Set /proc/self/oom_adj from 0 to -17
debug2: fd 3 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 3 IPV6_V6ONLY
debug1: Bind to port 5000 on ::.
Server listening on :: port 5000.
debug2: fd 4 setting O_NONBLOCK
debug1: Bind to port 5000 on 0.0.0.0.
Server listening on 0.0.0.0 port 5000.
debug3: fd 5 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 8 config len 792
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from 10.197.200.94 port 55674 on 10.24.12.85 port 5000
Did not receive identification string from 10.197.200.94 port 55674

-------------- next part --------------
sw0:FID128:root> cat /etc/sshd_config
#       $OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

Port 830
Port 22
Protocol 2
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# The default requires explicit activation of protocol 1
#Protocol 2

# HostKey for protocol version 1
#HostKey /vobs/projects/springboard/build/swbd1000/target/etc/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh_host_dsa_key
HostKey /etc/ssh_host_rsa_key
HostKey /etc/ssh_host_ecdsa_key

#ServerKeyBits 768

#RekeyInterval 3600

# "key type names" for X.509 certificates with EC key
#X509KeyAlgorithm x509v3-ecdsa-sha2-nistp256,sha256,ecdsa-sha2-nistp256
#X509KeyAlgorithm x509v3-ecdsa-sha2-nistp384,sha384,ecdsa-sha2-nistp384
#X509KeyAlgorithm x509v3-ecdsa-sha2-nistp521,sha512,ecdsa-sha2-nistp521

# "key type names" for X.509 certificates with RSA key
# Note first defined is used in signature operations!
#X509KeyAlgorithm x509v3-sign-rsa,rsa-sha1
#X509KeyAlgorithm x509v3-sign-rsa,rsa-md5
X509KeyAlgorithm x509v3-ssh-rsa,rsa-sha1,ssh-rsa

# "key type names" for X.509 certificates with DSA key
# Note first defined is used in signature operations!
#X509KeyAlgorithm x509v3-sign-dss,dss-asn1
#X509KeyAlgorithm x509v3-sign-dss,dss-raw
X509KeyAlgorithm x509v3-ssh-dss,dss-raw,ssh-dss

# The intended use for the X509 client certificate. Without this option
# no chain verification will be done. Currently accepted uses are case
# insensitive:
#  - "sslclient", "SSL client", "SSL_client" or "client"
#  - "any", "Any Purpose", "Any_Purpose" or "AnyPurpose"
#  - "skip" or ""(empty): don`t check purpose.
#AllowedCertPurpose sslclient

# Specifies whether self-issued(self-signed) X.509 certificate can be
# allowed only by entry in AutorizedKeysFile that contain matching
# public key or certificate blob.
#KeyAllowSelfIssued no

# Specifies whether CRL must present in store for all certificates in
# certificate chain with atribute "cRLDistributionPoints"
#MandatoryCRL no

# A file with multiple certificates of certificate signers
# in PEM format concatenated together.
CACertificateFile /etc/ssh/ca/crt/cacert.pem

# A directory with certificates of certificate signers.
# The certificates should have name of the form: [HASH].[NUMBER]
# or have symbolic links to them of this form.
#CACertificatePath /vobs/projects/springboard/build/swbd1000/target/etc/ca/crt

# A file with multiple CRL of certificate signers
# in PEM format concatenated together.
#CARevocationFile /vobs/projects/springboard/build/swbd1000/target/etc/ca/ca-bundle.crl

# A directory with CRL of certificate signers.
# The CRL should have name of the form: [HASH].r[NUMBER]
# or have symbolic links to them of this form.
#CARevocationPath /vobs/projects/springboard/build/swbd1000/target/etc/ca/crl

# LDAP protocol version.
# Example:
# CAldapVersion 2

# Note because of OpenSSH options parser limitation
# use %3D instead of = !
# LDAP initialization may require URL to be escaped, i.e.
# use %2C instead of ,(comma). Escaped URL don't depend from
# LDAP initialization method.
# Example:
# CAldapURL ldap://localhost:389/dc%3Dexample%2Cdc%3Dcom

# SSH can use "Online Certificate Status Protocol"(OCSP)
# to validate certificate. Set VAType to
#  - none    : do not use OCSP to validate certificates;
#  - ocspcert: validate only certificates that specify `OCSP
#      Service Locator' URL;
#  - ocspspec: use specified in the configuration 'OCSP Responder'
#      to validate all certificates.
#VAType none

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024

#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

LoginGraceTime 120
PermitRootLogin yes
#StrictModes yes
MaxAuthTries 6
MaxSessions 1

#RSAAuthentication yes
#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
#AuthorizedKeysFile     .ssh/authorized_keys

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /vobs/projects/springboard/build/swbd1000/target/etc/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

#AllowAgentForwarding yes
AllowTcpForwarding no
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog no
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation sandbox
#PermitUserEnvironment no
#Compression delayed
ClientAliveInterval 0
ClientAliveCountMax 4
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
AllowedLogin admin
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem       sftp    /usr/libexec/sftp-server
Subsystem   netconf /usr/confd/bin/confd_netconf_subsys

# Example of overriding settings on a per-user basis
#Match User anoncvs
#       X11Forwarding no
#       AllowTcpForwarding no
#       PermitTTY no
#       ForceCommand cvs server


More information about the ssh_x509 mailing list