[ssh_x509] x509v3-ssh-rsa hostkey algorithm on Cisco IOS XE

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Wed Feb 26 13:04:52 EET 2020


Hi Roumen,

> This is regression in 11.3 release. Now is corrected (code pushed to
> repository) and will be part of 12.4.2 release.
> With restored functionality X.509 host keys is verified and validated
> before check in known host file.

Thanks, with release of PKIX-SSH 12.4.2 it now correctly takes the CA
certificate from "cacertificatefile
/usr/local/pkixssh-12.4.2/etc/ca/ca-bundle.crt" config parameter and does
verify SSH server's identity using it!
>From app's logic perspective, everything is ok for me now - it doesn't
really matter where and in which format does the app store CA info, be it
known_hosts or any other file/directory, it only matters for it to be able
to use it for SSH server's identity, which v12.4.2 now correctly does :-)

The thing I'm interested in now is how does PKIX-SSH do actual cert
verification. I have a cert issued for "r1.lab.local":

openssl x509 -in ca/r1.lab.local_sub-ca.cer -noout -text | grep Subject\:
        Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd,
CN=r1.lab.local

I have simple /etc/hosts record to connect to that machine and one more
fake pointing to the same IP:

grep "lab.local" /etc/hosts
172.16.3.10     r1.lab.local
172.16.3.10     r2.lab.local


When I connect to "r1.lab.local", everything seems to be fine and it
prompts to add the host to known_hosts:

usr/local/pkixssh-12.4.2/bin/ssh -l cisco r1.lab.local
protocol identification string lack carriage return
The authenticity of host 'r1.lab.local (172.16.3.10)' can't be established.
RSA+cert key fingerprint is
SHA256:oN7i7PSY6Rl7Yngq0AjefUIeaBcJoQVG98g78pG/cMA.
Distinguished name is 'C=AU,ST=Some-State,O=Internet Widgits Pty
Ltd,CN=r1.lab.local'.
Are you sure you want to continue connecting (yes/no/[fingerprint])?

However, when I connect to the same machine by pointing PKIX-SSH to
"r2.lab.local" (from my /etc/hosts above), it doesn't present me any
warning that CN in the cert doesn't pair with the hostname I connect to:

/usr/local/pkixssh-12.4.2/bin/ssh -l cisco r2.lab.local
protocol identification string lack carriage return
The authenticity of host 'r2.lab.local (172.16.3.10)' can't be established.
RSA+cert key fingerprint is
SHA256:oN7i7PSY6Rl7Yngq0AjefUIeaBcJoQVG98g78pG/cMA.
Distinguished name is 'C=AU,ST=Some-State,O=Internet Widgits Pty
Ltd,CN=r1.lab.local'.
Are you sure you want to continue connecting (yes/no/[fingerprint])?

I obviously can compare "Distinguished name is <...> CN=r1.lab.local" in
the PKIX-SSH output to the hostname I connect to, but from my perspective
would be nicer to present a user with a more explicit warning like
"Warning: Potential Security Risk Ahead, Hostname And CN Don't Pair".

---
Sergei Fomin

On Sun, Feb 23, 2020 at 9:10 AM <ssh_x509 at roumenpetrov.info> wrote:

> ssh_x509 at roumenpetrov.info wrote:
> > Hello Sergei,
> >
> > ssh_x509 at roumenpetrov.info wrote:
> >> Hello Roumen,
> [SNIP]
> >> Am I understanding right that as of now PKIX-SSH just compares CN in the
> >> certificate that it was presented with and if there's a match, it
> >> considers
> >> that SSH server is authentic?
> >
> > This sound like regression ...
>
> This is regression in 11.3 release. Now is corrected (code pushed to
> repository) and will be part of 12.4.2 release.
> With restored functionality X.509 host keys is verified and validated
> before check in known host file.
> New model is different then previous (all pre 11.3 release) where x.509
> host key was checked first and then verified and validated.
>
> Thanks for remark,
> Roumen Petrov
>
>
> _______________________________________________
> ssh_x509 mailing list
> ssh_x509 at roumenpetrov.info
>
> https://urldefense.proofpoint.com/v2/url?u=http-3A__roumenpetrov.info_mailman_listinfo_ssh-5Fx509-5Froumenpetrov.info&d=DwICAg&c=qE8EibqjfXM-zBfebVhd4gtjNZbrDcrKYXvb1gt38s4&r=9XrQNPIWJtsaesEtcBOvbGkSS-irozw8rW8oLr9bvaY&m=RzgmrS9xPNP5ePJlFrz0bPyicPsuTifE6z5TehE-MSU&s=vrhebaFRZ012ppRjxgbT1b_KVq_rwEW__yuXxpZ1Vtc&e=
>


More information about the ssh_x509 mailing list