[ssh_x509] x509v3-ssh-rsa hostkey algorithm on Cisco IOS XE

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Wed Feb 19 22:05:00 EET 2020

Hello Sergei,

ssh_x509 at roumenpetrov.info wrote:
> Hello Roumen,
> For quite a while, Cisco IOS XE supports x509v3-ssh-rsa as hostkey
> algrithm. I've set up a lab environment to lab it and can connect to IOS XE
> router with x509v3-ssh-rsa hostkey. The thing I'm interested in, is the
> format PKIXSSH uses to store the SSH server's identity in known_hosts:
> .ssh/known_hosts
> x509v3-sign-rsa Subject:C=AU,ST=Some-State,O=Internet Widgits
> Pty Ltd,CN=r1.lab.local

Two formats :
a) blob, i.e. base64 encoded certificate similar to plain keys. Actually 
this is same as "pub"-file.
b) dn ( distinguished name ).

Formats are used  for "know hosts" and "authorized keys" files.

This sis described in README.x509v3 and manual pages.

> I evaluated that x509v3-ssh-rsa option as a replacement of typical ssh-rsa
> hostkeys, and thought it should have a store of valid CAs per domain in a
> format similar to (just proposing) "*.lab.local x509v3-sign-rsa
> /etc/ssl/certificates/ca.lab.local.cer". This will facilitate a scalable
> management of trust when you need to import a cert of only one CA that has
> signed certs for hundreds of SSH servers and you need only one entry in
> known_hosts to trust all of them, opposed to per-host trust with regular
> ssh-rsa. Unfortunately I was unable to figure out how to configure PKIX-SSH
> to do so.

This is due to inherited functionality from ssh.com, then openssh and 
then pkis-ssh: pub-format or DN (new). DER or PEM encoded X.509 
certificate is not supported directly yet.

> Am I understanding right that as of now PKIX-SSH just compares CN in the
> certificate that it was presented with and if there's a match, it considers
> that SSH server is authentic?

This sound like regression ...

> Or I'm totally missing some PKIX-SSH's config
> options?
> ---
> Sergei Fomin

Roumen Petrov

More information about the ssh_x509 mailing list