Hostbased authentication and certificates

[Damien Miller]

On Mon, 19 Apr 2010, Iain Morgan wrote:

> Hi,
> 
> Based on some experimentation with 5.4p1 and a cursory examination of
> the source code, it doesn't look like hostbased authentication takes
> advantage of certificates other than to authenticate the server. Is that
> correct?

Correct, I haven't implemented certificate authentication in hostbased
mostly because I wasn't quite sure of how it should flow. I have only
ever used hostbased auth for testing, so I'm not so familiar with how
people use it in the real world and didn't feel comfortable in designing
extensions to it.

> In cluster environments, hostbased authentication is still useful but
> the size of the ssh_known_hosts file can become unwieldy in large
> clusters. As an example, a few months back a colleague mentioned that in
> some cases where the node being logged into was under a high load, the
> login grace time had expired before the ssh_known_hosts file had been
> fully parsed.
> 
> In cases where compute nodes use the same boot image and thus have the
> same host keys, some reduction in the size of the ssh_known_hosts file
> can be accomplished by using globbing. This assumes a regular naming
> pattern for hosts, which is probably the case in a large cluster. An
> appealing alternative would be to use host certificates with hostbased
> authentication, but support for that does not seem to be present.
> 
> Are there any plans to add such support, or are there technical or
> security reasons to not do so?

I don't have any plans to implement it, but I don't have any objections
either. If you can come up with a good proposal as to how certs could
fit into hostbased then it wouldn't be much to implement it and I'd
probably be happy to do it.

-d