[ssh_x509] Clarification on pkixssh-10.2

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Fri Apr 6 09:34:43 EEST 2018


 Hi Roumen,

Thanks for all your earlier responses.
Is it necessary to have same Host key algorithm and public key algorithm?
I mean Host key should have x509v3-ssh-rsa and ssh_config should
have X509KeyAlgorithm x509v3-ssh-rsa,rsa-sha1,ssh-rsa?
If host key exchange is negotiated as ssh-dss, will public key
authentication will also use ssh-dss algorithm?
Should there be any relation in between server certificate and user
certificate? Or they can be generated and used independently

PFA for sshd_config, ca-chain.cert.pem, www.example.com.key.pem,
www.example.com.cert.pem (passphrase is secretpassword).
*www.example.com.cert.pem  is used as user certificate.*

SSH Server configuration:-
1. Using the existing host key which gets generated as part of SSH
installation.

2. sshd_config file:- PFA.
2.1 AllowedCertPurpose any
2.2 KeyAllowSelfIssued yes
2.3 CACertificateFile /etc/ssh/ca/crt/ca-chain.cert.pem -- this is the
intermediate self-signed CA certificate which is used to generate user
certificate.

3. User file on the server:-
3.1 .ssh/authorized_keys
x509v3-sign-rsa subject= /C=GB/ST=California/L=Mountain View/O=Alice
Ltd/OU=Alice Ltd Web Services/CN=www.example.com
x509v3-ssh-rsa subject= /C=GB/ST=California/L=Mountain View/O=Alice
Ltd/OU=Alice Ltd Web Services/CN=www.example.com
*Is this the correct format of authorized_keys ? Can you send me an example
of authroized_keys entry *?
3.2 /etc/ssh/ca/crt
ls -ltr /etc/ssh/ca/crt/
-r--r--r--   1 root     root         4180 Apr  5 16:51 ca-chain.cert.pem
lrwxrwxrwx   1 root     root           17 Apr  6 05:45 cd927608.0 ->
ca-chain.cert.pem

3. We are using *SecureCRT* for connecting to our SSH server.
Under public key properties, global settings, we are using the same
ca-chain.cert.pem as identity or certificate file.

*Please find the SSH server side log file attached also for the failure.*


Thanks & Regards
Mohit Gupta





> On Thu, Apr 5, 2018 at 12:03 AM, <ssh_x509 at roumenpetrov.info> wrote:
>
>> Hello Mohit,
>>
>>
>> The list programs convert mail as text and is possible some formatting to
>> be lost.
>>
>>
>> (a) If I understand properly one of you question is about installation of
>> keys based on certificate.
>> Plain keys is easy to generate - all functionality (programs ssh-keygen)
>> is available.
>> X.509 keys require another party - CA. CA rules are not know and this
>> process cannot be automated by install procedure.
>>
>> Where to store?
>> For instance for rsa you could keep "plain" keys in location
>> /etc/ssh/ssh_host_rsa_key and to create new file /etc/ssh/ssh_host_rsa_x509
>> where to store key+certificates
>> But in this case you has to define HostKey (in sshd_config) for both
>> files:
>> ....
>> HostKey /etc/ssh/ssh_host_rsa_key
>> HostKey /etc/ssh/ssh_host_rsa_cert
>> ...
>>
>>
>> (b) Next question was about algorithm restriction: PubkeyAlgorithms vs
>> X509KeyAlgorithm
>>
>> Yes,  to restrict algorithms on server side  you could use only
>> X509KeyAlgorithm and without to change/use option PubkeyAlgorithms.
>>
>>  Regards,
>> Roumen Petrov
>>
>>
>>
>>
>> ssh_x509 at roumenpetrov.info wrote:
>>
>>> On Sun, Apr 1, 2018 at 10:23 PM,<ssh_x509 at roumenpetrov.info>  wrote:
>>>
>>> ssh_x509 at roumenpetrov.info  wrote:
>>>>
>>>> Hi Roumen,
>>>>>
>>>>>
>>>>> 11.0 is version multi-algorithm host-keys. This mean if a rsa host key
>>>>> has
>>>>> key plus certificate it will be announces as
>>>>> x509v3-sign-rsa, x509v3-ssh-rsa and ssh-rsa. List is impacted by
>>>>> options
>>>>> *AcceptedAlgorithms* and *X509KeyAlgorithm.*
>>>>>
>>>>> For version before this key will be announced as x509v3-sign-rsa.
>>>>>    1. [Mohit] -- So that means if I am using version 10.2, host key
>>>>> algorithm
>>>>> is only announced as x509v3-sign-rsa or it can also announce as ssh-rsa
>>>>> algorithm??
>>>>>
>>>>> For versions before 11.0 you has to keep two keys
>>>> a) only with "plain" key - announced as ssh-rsa
>>>>
>>>> Mohit -- So is this the original /etc/ssh_host_rsa_key that gets
>>>>>>
>>>>> generated during SSH installtion ?
>>>
>>> b) key and certificate. Actually option X509KeyAlgorithm impacts
>>>> algorithm.
>>>>
>>>> Mohit --- are we independent to generate this key and certificate file ?
>>>>>>
>>>>> What will be the name of this key file ?
>>>
>>> So if for RSA in you sshd_config option is like this:
>>>> X509KeyAlgorithm x509v3-ssh-dss,dss-raw,ssh-dss
>>>> X509KeyAlgorithm x509v3-sign-dss,dss-asn1
>>>> X509KeyAlgorithm x509v3-sign-dss,dss-raw
>>>>
>>>> host key will be announced as x509v3-ssh-dss (first listed for RSA key).
>>>>
>>>> Or do We need to move to version 11.0? We want to use openssh-7.5p1 and
>>>>
>>>>> that's why we choose pkixssh version 10.2
>>>>>
>>>>> For my development UT, I have generated a self-signed certificate.
>>>>> Root CA
>>>>> certificate which is used to generate certificate is copied to
>>>>> */etc/ssh/ca/crt/cacert.pem* and also added this '*CACertificateFile
>>>>> /etc/ssh/ca/crt/cacert.pem*' in sshd_config.
>>>>>
>>>>> Path is part of verification and does not impact host keys.
>>>>
>>>> I am trying to configure SSH
>>>>
>>>>> server and connect to it, I am getting the error when I started SSH
>>>>> server
>>>>> in debug mode.
>>>>>
>>>>> PFA for the complete debug log and sshd_config.
>>>>
>>>>> *Connection from 10.197.200.94 port 55674 on 10.24.12.85 port 5000*
>>>>> *Did not receive identification string from 10.197.200.94 port 55674.*
>>>>>
>>>>> Look like connection from port scanner.
>>>> Or it could be due to improper network configuration for instance in a
>>>> virtual machine. Or firewall issue.
>>>> It is not easy to say that this is an error.
>>>>
>>>> It could be reproduced with telnet - after connection type escape
>>>> character and on telnet prompt type quit.
>>>> Perhaps you could test network with telnet, After connection type
>>>> something, for instance "test" and press [Enter]. It is expected to see
>>>> message:
>>>> Bad protocol version identification 'test' from ...
>>>>
>>>>
>>>> There are other errors related to x509key_parse_cert: PEM_read_X509 fail
>>>>
>>>>> error.
>>>>>
>>>>> Debug message like "x509key_parse_cert: PEM_read_X509 fail ..." mean
>>>> that
>>>> host key does not contain certificate.
>>>> So only plain keys is used as host keys.
>>>> As those messages are not "error" - message they could be ignored.
>>>>
>>>> Please see the logs. The connection is getting failed at very first
>>>>
>>>>> step.
>>>>>
>>>>> # HostKeys for protocol version 2
>>>>> HostKey /etc/ssh_host_dsa_key
>>>>> HostKey /etc/ssh_host_rsa_key
>>>>> HostKey /etc/ssh_host_ecdsa_key
>>>>>
>>>>> 2. Can we use ssh-rsa for server authentication algorithm( host key
>>>>> exchange ) and x509v3-ssh-rsa for user authentication algorithm?
>>>>>
>>>>> Yes just add top sshd_config:
>>>> *PubkeyAlgorithms* x509v3-*
>>>>
>>>> Mohit - so we just need to add PubkeyAlgorithms x509v3-ssh-rsa in the
>>>>>>
>>>>> sshd_config ? No extra configuration in sshd_config like
>>> X509KeyAlgorithm
>>> x509v3-* ?
>>>
>>> Remark: option works in Match block as well.
>>>>
>>>>
>>>> If yes, what will be the SSH server configuration? I want to know how a
>>>>
>>>>> certificate in PEM format should be generated and appended to host key
>>>>> file
>>>>> which is generated as part of SSH server installation?
>>>>>
>>>>> Generation of client or server certificate. There is lot of articles on
>>>> topic "OpenSSL Certificate Authority".
>>>>
>>>>
>>>> Can we replace the default /etc/ssh_host_rsa_key and replace it with a
>>>> new
>>>>
>>>>> key which has the private key as well as the certificate in PEM
>>>>> format. Or
>>>>> this format of key is only needed in the case where we choose host key
>>>>> algorithm as x509v3-ssh-rsa?
>>>>>
>>>>> For 10.2 use separate files as was explained above.
>>>>
>>>> Thanks & Regards
>>>>
>>>>> Mohit Gupta
>>>>>
>>>>> [snip]
>>>>
>>>> Regards,
>>>> Roumen Petrov
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> ssh_x509 mailing list
>>>> ssh_x509 at roumenpetrov.info
>>>> http://roumenpetrov.info/mailman/listinfo/ssh_x509_roumenpetrov.info
>>>>
>>>> _______________________________________________
>>> ssh_x509 mailing list
>>> ssh_x509 at roumenpetrov.info
>>> http://roumenpetrov.info/mailman/listinfo/ssh_x509_roumenpetrov.info
>>>
>>
>>
>> --
>> Secure shell with X.509 certificate support
>> http://roumenpetrov.info/secsh/
>>
>>
>> _______________________________________________
>> ssh_x509 mailing list
>> ssh_x509 at roumenpetrov.info
>> http://roumenpetrov.info/mailman/listinfo/ssh_x509_roumenpetrov.info
>>
>
>
-------------- next part --------------
Please find the SSH server side log for the failure:-

sw0:FID128:root> /usr/sbin/sshd -ddd -p 5000
debug2: load_server_config: filename /etc/sshd_config
debug2: load_server_config: done config len = 860
debug2: parse_server_config: config /etc/sshd_config len 860
debug3: /etc/sshd_config:13 setting Port 830
debug3: /etc/sshd_config:14 setting Port 22
debug3: /etc/sshd_config:15 setting Protocol 2
debug3: /etc/sshd_config:26 setting HostKey /etc/ssh_host_rsa_key
debug3: /etc/sshd_config:27 setting HostKey /etc/ssh_host_dsa_key
debug3: /etc/sshd_config:28 setting HostKey /etc/ssh_host_ecdsa_key
debug3: /etc/sshd_config:41 setting X509KeyAlgorithm x509v3-ssh-rsa,rsa-sha1,ssh-rsa
debug3: /etc/sshd_config:42 setting X509KeyAlgorithm x509v3-sign-rsa,rsa-sha1
debug3: /etc/sshd_config:43 setting X509KeyAlgorithm x509v3-sign-rsa,rsa-md5
debug3: /etc/sshd_config:58 setting AllowedCertPurpose any
debug3: /etc/sshd_config:63 setting KeyAllowSelfIssued yes
debug3: /etc/sshd_config:71 setting CACertificateFile /etc/ssh/ca/crt/ca-chain.cert.pem
debug3: /etc/sshd_config:120 setting LoginGraceTime 120
debug3: /etc/sshd_config:121 setting PermitRootLogin yes
debug3: /etc/sshd_config:123 setting MaxAuthTries 6
debug3: /etc/sshd_config:124 setting MaxSessions 1
debug3: /etc/sshd_config:147 setting IgnoreRhosts yes
debug3: /etc/sshd_config:154 setting ChallengeResponseAuthentication no
debug3: /etc/sshd_config:175 setting UsePAM yes
debug3: /etc/sshd_config:178 setting AllowTcpForwarding no
debug3: /etc/sshd_config:191 setting ClientAliveInterval 0
debug3: /etc/sshd_config:192 setting ClientAliveCountMax 4
debug3: /etc/sshd_config:196 setting AllowedLogin admin
debug3: /etc/sshd_config:205 setting Subsystem sftp    /usr/libexec/sftp-server
debug3: /etc/sshd_config:206 setting Subsystem netconf /usr/confd/bin/confd_netconf_subsys
debug2: hash dir '/vobs/projects/springboard/build/swbd1000/target/etc/ca/crt' added to x509 store
debug2: file '/etc/ssh/ca/crt/ca-chain.cert.pem' added to x509 store
debug2: hash dir '/vobs/projects/springboard/build/swbd1000/target/etc/ca/crl' added to x509 revocation store
debug1: ssh_set_validator: ignore responder url
debug1: annonced algorithms: x509v3-ssh-rsa,x509v3-sign-rsa,ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384
debug1: annonced signatures: ssh-rsa,x509v3-sign-rsa,ssh-ed25519,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384
debug1: sshd version PKIX-SSH 10.2, OpenSSH_7.5p1, OpenSSL 1.0.2h  3 May 2016
debug3: sshkey_load_private() filename=/etc/ssh_host_rsa_key
debug1: read PEM private key begin
debug1: read X.509 certificate begin
debug3: x509key_parse_cert: PEM_read_X509 fail error:0906D06C:lib(9):func(109):reason(108)
debug3: sshkey_load_public() filename=/etc/ssh_host_rsa_key
debug3: key_from_blob(..., ...) ktype=ssh-rsa
debug1: private host key #0: ssh-rsa SHA256:Yp5dizNfsJaE6o9P7inpuR+/imx1QzAkiL31amwk+bY
debug3: sshkey_load_private() filename=/etc/ssh_host_dsa_key
debug1: read PEM private key begin
debug1: read X.509 certificate begin
debug3: x509key_parse_cert: PEM_read_X509 fail error:0D0680A8:lib(13):func(104):reason(168)
debug3: sshkey_load_public() filename=/etc/ssh_host_dsa_key
debug3: key_from_blob(..., ...) ktype=ssh-dss
debug1: private host key #1: ssh-dss SHA256:YlhPO+s49g7zsqwevQePaHFOonoSqK2Y+Bt3BJEnViQ
debug3: sshkey_load_private() filename=/etc/ssh_host_ecdsa_key
debug1: read PEM private key begin
debug1: read X.509 certificate begin
debug3: x509key_parse_cert: PEM_read_X509 fail error:0D0680A8:lib(13):func(104):reason(168)
debug3: sshkey_load_public() filename=/etc/ssh_host_ecdsa_key
debug3: key_from_blob(..., ...) ktype=ecdsa-sha2-nistp256
debug3: key_from_blob(..., ...) ktype/nid=ecdsa-sha2-nistp256 / 415
debug1: private host key #2: ecdsa-sha2-nistp256 SHA256:6OiOTtlAR3fwKbVmsWSAGjRZMV5JFkW/Rd9MS5AltfU
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-ddd'
debug1: rexec_argv[2]='-p'
debug1: rexec_argv[3]='5000'
debug3: oom_adjust_setup
debug1: Set /proc/self/oom_adj from 0 to -17
debug2: fd 3 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 3 IPV6_V6ONLY
debug1: Bind to port 5000 on ::.
Server listening on :: port 5000.
debug2: fd 4 setting O_NONBLOCK
debug1: Bind to port 5000 on 0.0.0.0.
Server listening on 0.0.0.0 port 5000.
debug3: fd 5 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 8 config len 860
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from 172.22.10.80 port 54874 on 10.24.12.85 port 5000
debug1: Client protocol version 2.0; client software version SecureCRT_8.3.2 (x64 build 1584)
debug1: no match: SecureCRT_8.3.2 (x64 build 1584)
debug1: x.509 compatibility rfc6187_missing_key_identifier=no: pattern '*' match 'SecureCRT_8.3.2 (x64 build 1584)'
debug1: x.509 compatibility rfc6187_asn1_opaque_ecdsa_signature=no: pattern '*' match 'SecureCRT_8.3.2 (x64 build 1584)'
debug1: x.509 compatibility broken list with accepted publickey algorithms=no: pattern '*' match 'SecureCRT_8.3.2 (x64 build 1584)'
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.5 PKIX[10.2]
debug2: fd 3 setting O_NONBLOCK
debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ssh-dss,ecdsa-sha2-nistp256
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ssh-dss,ecdsa-sha2-nistp256
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctraes128-gcm,aes192-gcm,aes256-gcm,aes128-cbc,aes192-cbc,aes256-cbc,aes128-gcm at openssh.com,aes256-gcm at openssh.com
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctraes128-gcm,aes192-gcm,aes256-gcm,aes128-cbc,aes192-cbc,aes256-cbc,aes128-gcm at openssh.com,aes256-gcm at openssh.com
debug2: MACs ctos: hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib at openssh.com
debug2: compression stoc: none,zlib at openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer client KEXINIT proposal
debug2: KEX algorithms: ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1
debug2: host key algorithms: ssh-rsa,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,x509v3-sign-rsa,x509v3-ssh-rsa,x509v3-sign-dss,x509v3-ssh-dss,ssh-dss
debug2: ciphers ctos: aes256-ctr,aes192-ctr,aes128-ctr,aes256-gcm at openssh.com,aes128-gcm at openssh.com,aes256-cbc,aes192-cbc,aes128-cbc,chacha20-poly1305 at openssh.com,twofish-cbc,blowfish-cbc,3des-cbc,arcfour
debug2: ciphers stoc: aes256-ctr,aes192-ctr,aes128-ctr,aes256-gcm at openssh.com,aes128-gcm at openssh.com,aes256-cbc,aes192-cbc,aes128-cbc,chacha20-poly1305 at openssh.com,twofish-cbc,blowfish-cbc,3des-cbc,arcfour
debug2: MACs ctos: hmac-sha2-512,hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,umac-64 at openssh.com,umac-128 at openssh.com
debug2: MACs stoc: hmac-sha2-512,hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,umac-64 at openssh.com,umac-128 at openssh.com
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: ecdh-sha2-nistp384
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: client->server cipher: aes192-ctr MAC: hmac-sha2-512 compression: none
debug1: kex: server->client cipher: aes192-ctr MAC: hmac-sha2-512 compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_INIT
debug3: receive packet: type 30
debug3: ssh_rsa_sign  hash_alg=2/ssh-rsa
debug3: send packet: type 31
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 4294967296 blocks
debug1: KEX done
debug3: receive packet: type 5
debug3: send packet: type 6
debug3: receive packet: type 50
debug1: userauth-request for user www.example.com service ssh-connection method none
debug1: attempt 0 failures 0
debug2: parse_server_config: config reprocess config len 860
getpwnamallow returns authctxt->pw: \204\362` \204\245`
debug2: input_userauth_request: setting up authctxt for www.example.com
debug1: PAM: initializing for "www.example.com"
debug1: ***** PAM service name "172.22.10.80"
debug1: PAM: setting PAM_RHOST to "172.22.10.80"
debug1: PAM: setting PAM_TTY to "ssh"
debug3: send packet: type 53
debug1: userauth_send_motd_banner: MOTD sent
debug1: userauth_send_motd_banner:
debug2: input_userauth_request: try method none
Failed none for www.example.com from 172.22.10.80 port 54874 ssh2
debug3: userauth_finish: failure partial=0 next methods="publickey,password"
debug3: send packet: type 51
debug3: receive packet: type 50
debug1: userauth-request for user www.example.com service ssh-connection method publickey
debug1: attempt 1 failures 0
debug2: input_userauth_request: try method publickey
debug1: password:(null)

debug1: sshpam_tty_conv enter

debug1: sshpam_tty_conv enter

debug1: sshpam_tty_conv enter

debug1: sshpam_tty_conv prompt echo

debug1: After pam authenticate sshpam_err :19, sshpampasswd:(null),authctxt->valid:1

debug1: PAM: password authentication failed for www.example.com: Conversation error
debug3: Xkey_from_blob() pkalg='ssh-rsa', blen=535
debug3: key_from_blob(..., ...) ktype=ssh-rsa
debug1: userauth_pubkey: test whether pkalg/pkblob are acceptable for RSA SHA256:DX3EClfwFr5VNA5lDIx30M8aUby1camQsscktY8FinM
debug1: temporarily_use_uid: 0/600 (e=0/0)
debug1: trying public key file /fabos/users/admin/.ssh/authorized_keys.www.example.com
debug1: Could not open authorized keys '/fabos/users/admin/.ssh/authorized_keys.www.example.com': No such file or directory
debug1: restore_uid: 0/0
debug1: temporarily_use_uid: 0/600 (e=0/0)
debug1: trying public key file /fabos/users/admin/.ssh/authorized_keys.www.example.com
debug1: Could not open authorized keys '/fabos/users/admin/.ssh/authorized_keys.www.example.com': No such file or directory
debug1: restore_uid: 0/0
debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa
Failed publickey for www.example.com from 172.22.10.80 port 54874 ssh2
debug3: userauth_finish: failure partial=0 next methods="publickey,password"
debug3: send packet: type 51
debug3: receive packet: type 1


More information about the ssh_x509 mailing list