[Bug 3790] New: RFE: Simplified SSH Key Management for Organizations with Automatic Retrieval

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Feb 18 16:39:46 AEDT 2025 

https://bugzilla.mindrot.org/show_bug.cgi?id=3790

            Bug ID: 3790
           Summary: RFE: Simplified SSH Key Management for Organizations
                    with Automatic Retrieval
           Product: Portable OpenSSH
           Version: 9.9p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: Miscellaneous
          Assignee: unassigned-bugs at mindrot.org
          Reporter: martin.de.terra at gmail.com

Managing SSH client keys in organizations remains a challenge,
especially when aiming for a seamless, user-friendly experience with
varying user skill levels.

Current solutions require either manual key distribution or complex
certificate-based authentication setups, both of which impose a
learning curve and administrative overhead. 

To enhance SSH usability while maintaining security, I propose the
following streamlined approach:

- Introduce a "key server" concept, requiring minimal client-side
configuration. Users should not be able to connect to this server
manually to reduce phishing risks. This can be one of the main sshd
servers in the organization and it should not require other software
than what comes with ssh/sshd.

- When a user attempts to connect to a server X, the SSH client first
queries the key server(s) (if configured) for an available key. If a
key exists, it is retrieved and used for authentication. The user is
authenticated to the key server using standard SSH authentication
methods.

- If no key is found, the connection falls back to default SSH behavior
(e.g., password authentication, or manually managed keys). A warning
could be provided to inform users that no key was found on the key
server (when one was configured).


- The key server can control attributes such as key strength, validity
lifetime etc.

This model would simplify administration while maintaining flexibility.
The only administrative tasks required would be:

1. Configuring (or instructing the user to configure) the client to
recognize the key server (a one-time setup).

2. Configuring and maintaining the key server wich whould not require
other separately installed software than a standard sshd setup.

All other functionality would emerge naturally with minimal
maintenance, improving usability while preserving security.

Would it be feasible to introduce such a mechanism in OpenSSH to
facilitate centralized yet user-transparent SSH key management?

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list