[ssh_x509] x509v3-ssh-rsa hostkey algorithm on Cisco IOS XE

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Thu Feb 20 23:16:28 EET 2020


Hello,

ssh_x509 at roumenpetrov.info wrote:
> Hi Roumen,
>
> Thanks for quick feedback on that!
> [SNIP]
>
> Thanks for that reference, I've gone through it already and it does specify
> how to use @cert-authority for ssh-rsa hostkey algorithm, but not for
> x509v3-ssh-rsa.
I'm not sure what you mean by CA.

>   I've tried couple options in known_hosts to make it to
> work, but no luck:
>
>      @cert-authority *.lab.local x509v3-sign-rsa
> Issuer:C=AU,ST=Some-State,O=Internet Widgits Pty Ltd
>      @cert-authority *.lab.local x509v3-sign-rsa <Public Key of the CA that
> signed cert for SSH server in ssh-rsa format>
Let me quote lines from my "known host" that match host-keys generated 
in regression tests:
xxxx x509v3-ecdsa-sha2-nistp256 Subject:C=XX,ST=World,O=SSH Test Team 
cyrillic-АБВ-Яабв-я greek-ΑΒΓ-Ωαβγ-ω,OU=SSH Testers cyrillic-АБВ-Яабв-я 
greek-ΑΒΓ-Ωαβγ-ω-2,OU=SSH Testers cyrillic-АБВ-Яабв-я 
greek-ΑΒΓ-Ωαβγ-ω-1,OU=SSH Testers cyrillic-АБВ-Яабв-я 
greek-ΑΒΓ-Ωαβγ-ω-3,CN=localhost ECDSA(nistp256)(rsa_sha1)
xxxx x509v3-ecdsa-sha2-nistp384 Subject:C=XX,ST=World,O=SSH Test Team 
cyrillic-АБВ-Яабв-я greek-ΑΒΓ-Ωαβγ-ω,OU=SSH Testers cyrillic-АБВ-Яабв-я 
greek-ΑΒΓ-Ωαβγ-ω-2,OU=SSH Testers cyrillic-АБВ-Яабв-я 
greek-ΑΒΓ-Ωαβγ-ω-1,OU=SSH Testers cyrillic-АБВ-Яабв-я 
greek-ΑΒΓ-Ωαβγ-ω-3,CN=localhost ECDSA(nistp384)(rsa_sha1)
xxxx x509v3-ecdsa-sha2-nistp521 Subject:C=XX,ST=World,O=SSH Test Team 
cyrillic-АБВ-Яабв-я greek-ΑΒΓ-Ωαβγ-ω,OU=SSH Testers cyrillic-АБВ-Яабв-я 
greek-ΑΒΓ-Ωαβγ-ω-2,OU=SSH Testers cyrillic-АБВ-Яабв-я 
greek-ΑΒΓ-Ωαβγ-ω-1,OU=SSH Testers cyrillic-АБВ-Яабв-я 
greek-ΑΒΓ-Ωαβγ-ω-3,CN=localhost ECDSA(nistp521)(rsa_sha1)
xxxx x509v3-sign-rsa Subject:C=XX,ST=World,O=SSH Test Team 
cyrillic-АБВ-Яабв-я greek-ΑΒΓ-Ωαβγ-ω,OU=SSH Testers cyrillic-АБВ-Яабв-я 
greek-ΑΒΓ-Ωαβγ-ω-2,OU=SSH Testers cyrillic-АБВ-Яабв-я 
greek-ΑΒΓ-Ωαβγ-ω-1,OU=SSH Testers cyrillic-АБВ-Яабв-я 
greek-ΑΒΓ-Ωαβγ-ω-3,CN=localhost RSA(rsa_sha1)
local10022 x509v3-sign-dss Subject:C=XX,ST=World,O=SSH Test Team 
cyrillic-АБВ-Яабв-я greek-ΑΒΓ-Ωαβγ-ω,OU=SSH Testers cyrillic-АБВ-Яабв-я 
greek-ΑΒΓ-Ωαβγ-ω-2,OU=SSH Testers cyrillic-АБВ-Яабв-я 
greek-ΑΒΓ-Ωαβγ-ω-1,OU=SSH Testers cyrillic-АБВ-Яабв-я 
greek-ΑΒΓ-Ωαβγ-ω-3,CN=localhost DSA(rsa_sha1)

and part from ~/.ssh/config
Host xxxx
     #StrictHostKeyChecking no
     HostName ....
     Port ....
     HostKeyAlias xxxx
     CheckHostIp no
     ControlPath none


>> This is due to inherited functionality from ssh.com, then openssh and
>> then pkis-ssh: pub-format or DN (new). DER or PEM encoded X.509
>> certificate is not supported directly yet.
> Yeah, noted that. Do you have any plans to integrate such functionality
> into PKIX-SSH?
Low priority.  Note the word directly!

There are utilities that could help user to convert a X.509 certificate 
into used formats.
Also I forgot to mention "plain" public key format.

Actually know host and authorized keys support  3 formats:
1) X.509 certificate blob
... x509v3-sign-dss MIIIMDCCB5mgAwIBAgIJIAQCFgkGAAARMA0.......

2) X.509 distinguished name
... x509v3-sign-dss Subject:C=XX,ST=World,O=SSH Test Team 
cyrillic-АБВ-Яабв-я greek-ΑΒΓ-Ωαβγ-ω,OU=SSH Testers cyrillic-АБВ-Яабв-я 
greek-ΑΒΓ-Ωαβγ-ω-2,OU=SSH Testers cyrillic-АБВ-Яабв-я 
greek-ΑΒΓ-Ωαβγ-ω-1,OU=SSH Testers cyrillic-АБВ-Яабв-я 
greek-ΑΒΓ-Ωαβγ-ω-3,CN=localhost DSA(rsa_sha1)

3) public key blob
ssh-dss AAAAB3NzaC1kc3MAAACBAKI3WoVJ9jlZJt.....


Hint for 3)
after make check go to tests/CA/ and run following commands:
$ F=`mktemp`
$ openssl x509 -in testid_eccnistp384-dsa.crt -pubkey -noout > $F
$ ssh-keygen -i -f $F -m PKCS8
$ cat testid_eccnistp384.pub
Note output from command 3 and 4.

Hint for 1)
$ (printf 'x509v3-ecdsa-sha2-nistp384 ' ; openssl x509 -in 
testid_eccnistp384-rsa_sha1.crt -outform DER | base64 -w 10000 )
$ cat testid_eccnistp384-rsa_sha1.pub
Is there a difference?
Let check them:
$ (printf 'x509v3-ecdsa-sha2-nistp384 ' ; openssl x509 -in 
testid_eccnistp384-rsa_sha1.crt -outform DER | base64 -w 10000 ) | diff 
-u - testid_eccnistp384-rsa_sha1.pub

Hint for 2)
No! ;)
Please see commands in README.x509v3.


Remark: There is no difference between x509v3-sign-rsa and 
x509v3-ssh-rsa and x509v3-rsa2048-sha256 in context of known host or 
authorized keys.
Similar for x509v3-sign-dss or x509v3-ssh-dss. And this is mentioned in 
README.x509v3



> For GNU/Linux implementation, there's SSH CA that does well
> for ssh-rsa (and some others like ecdsa-sha2-nistp256), but for
Dunno what you talking about.
X.509 certificates are not only for single CA
You could manage multiple CA.
The X.509 certificate store is setup by options CACertificateFile, 
CACertificatePath and on client side
in addition UserCACertificateFile and UserCACertificatePath.

Those options are so common, i.e. similar in all programs  that use 
X.509 store based on OpenSSL
( https://roumenpetrov.info/domino_CA/ ) -  OpenSSL, Apache , PKIX-SSH, 
curl and etc.
For more details see manual page verify(1) .

Also PKIX-SSH manuals describe other options revocation lists , OCSP , 
use of ldap to store certificates and crls .


> x509v3-ssh-rsa that is the only one implemented in Cisco IOS it doesn't
> work as a scale, as current trust on a per-host (per SSH server) isn't any
> more scalable compared to per-host trust with ssh-rsa.
Not clear. I cannot  see difference.


Right now I'm not sure what is issue.


You could use client option StrictHostKeyChecking set to ask for first 
connection.
If after confirmation host key will be store in know host.


Perhaps we could review some configuration steps again.


> ---
> Sergei Fomin

[SNIP]

Regards,
Roumen Petrov




More information about the ssh_x509 mailing list