[ssh_x509] Clarification on pkixssh-10.2

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Mon Apr 9 19:08:49 EEST 2018

Hello Mohit ,

ssh_x509 at roumenpetrov.info wrote:
>   Hi Roumen,
> Thanks for all your earlier responses.
> Is it necessary to have same Host key algorithm and public key algorithm?
No. Host keys could use different algorithms then user identities 
(public key).

> I mean Host key should have x509v3-ssh-rsa and ssh_config should
> have X509KeyAlgorithm x509v3-ssh-rsa,rsa-sha1,ssh-rsa?
In version before 11.0 "X509KeyAlgorithm x509v3-ssh-rsa..." must be 
listed first
if you like key matherial to be announced as x509v3-ssh-rsa.

Sample (only for rsa related part):
X509KeyAlgorithm x509v3-ssh-rsa,rsa-sha1,ssh-rsa
X509KeyAlgorithm x509v3-sign-rsa,rsa-sha1
X509KeyAlgorithm x509v3-sign-rsa,rsa-md5
So if host key is rsa+certificate it will be announced as x509v3-ssh-rsa.
Next two lines will be used to support legacy format for user identities

For instance line " X509KeyAlgorithm x509v3-sign-rsa,rsa-sha1" is for 
Tectia (ssh.com) clients and line
"X509KeyAlgorithm x509v3-sign-rsa,rsa-md5" is SecureCRT clients (legacy 

> If host key exchange is negotiated as ssh-dss, will public key
> authentication will also use ssh-dss algorithm?

> Should there be any relation in between server certificate and user
> certificate? Or they can be generated and used independently
> PFA for sshd_config, ca-chain.cert.pem,www.example.com.key.pem,
> www.example.com.cert.pem  (passphrase is secretpassword).
> *www.example.com.cert.pem  is used as user certificate.*
> SSH Server configuration:-
> 1. Using the existing host key which gets generated as part of SSH
> installation.
> 2. sshd_config file:- PFA.
> 2.1 AllowedCertPurpose any
> 2.2 KeyAllowSelfIssued yes
> 2.3 CACertificateFile /etc/ssh/ca/crt/ca-chain.cert.pem -- this is the
> intermediate self-signed CA certificate which is used to generate user
> certificate.

> 3. User file on the server:-
> 3.1 .ssh/authorized_keys
> x509v3-sign-rsa subject= /C=GB/ST=California/L=Mountain View/O=Alice
> Ltd/OU=Alice Ltd Web Services/CN=www.example.com
> x509v3-ssh-rsa subject= /C=GB/ST=California/L=Mountain View/O=Alice
> Ltd/OU=Alice Ltd Web Services/CN=www.example.com
> *Is this the correct format of authorized_keys ? Can you send me an example
> of authroized_keys entry *?

x509v3-sign-rsa (!) and x509v3-ssh-rsa require respective entry in option X509KeyAlgorithm
You request was to use only  RFC 6187.
Otherwise format is connect but you don't need to list two times one and the same information.

> 3.2 /etc/ssh/ca/crt
> ls -ltr /etc/ssh/ca/crt/
> -r--r--r--   1 root     root         4180 Apr  5 16:51 ca-chain.cert.pem
> lrwxrwxrwx   1 root     root           17 Apr  6 05:45 cd927608.0 ->
> ca-chain.cert.pem
> 3. We are using *SecureCRT* for connecting to our SSH server.
> Under public key properties, global settings, we are using the same
> ca-chain.cert.pem as identity or certificate file.
SecureCRT 8.3.2 lock good ;)

> *Please find the SSH server side log file attached also for the failure.*

debug1: userauth-request for userwww.example.com  
debug3: Xkey_from_blob() pkalg='ssh-rsa', blen=535

debug1: Could not open authorized keys '...../.ssh/authorized_keys.www.example.com': No such file or directory

Client send plain keys and it seems to me you use server options*AuthorizedKeysFile*  with %u token.
Perhaps you could remove ".%u" for options or you should use correct file name.


> Thanks & Regards
> Mohit Gupta
> [SNIP]

Roumen Petrov

More information about the ssh_x509 mailing list