Question about host certificates

Iain Morgan imorgan at nas.nasa.gov
Fri Mar 19 10:49:55 EST 2010


On Thu, Mar 18, 2010 at 17:55:02 -0500, Damien Miller wrote:
> On Thu, 18 Mar 2010, Iain Morgan wrote:
> 
> > Hi,
> > 
> > I'm experimenting with host certificates in 5.4p1 and seem to have hit a
> > usability issue. I've generated a host certificate, added the
> > HostCertificate option to the sshd_config and restarted sshd. I've
> > replaced the system's ssh_known_hosts file with one that has a single
> > entry of the form:
> > 
> > @cert-authority *.example.domain ssh-rsa ...
> > 
> > This works provided that I use the host's FQDn when I ssh to it. If I
> > use an unqualified name, the connection is made but the certificate
> > verification fails. I suppose an entry like
> > 
> > @cert-authority *,*.example.domain ssh-rsa ...
> > 
> > would work, but it doesn't seem prudent. How are you supposed to specify
> > that the cert-authority is for the local domain? It seem like the name
> > of the target host should be resolved to a FQDN prior to checking
> > whether or not the cert-authority is applicable.
> > 
> > I know this issue _could_ be addressed by listing the unqualified name
> > as well as the globbed domain name, but that doesn't seem like a very
> > scalable solution.
> 
> Yes, it would be good if we could get feedback from the resolver as to
> which effective FQDN was used for resolution so we could canonicalise the
> name without an unsafe reverse lookup step. I haven't yet looked into
> how to do this.
> 
> Two more alternatives: have some way of expressing wildcards that match
> only unqualified domains (e.g. rtr-syd-*[^.]*) or allow CIDR address
> matching in the host list so you could specify something like:
> 
> @cert-authority 10.0.0.0/8 ssh-rsa ...
> 
> Though we would need to think through the consequences first.
> 
> -d

Right. Of the two alternatives you mention, I would prefer the CIDR
approach. 

On a related topic, I notice that when key_cert_check_authority() is
called from sshconnect.c the principal is not cheked. Shouldn't the list
of principals for a host cert be the various names (qualified and,
perhaps, unqualified) by which the host is known and shouldn't that list
be checked to confirm that the cert belongs to the right host?

-- 
Iain Morgan


More information about the openssh-unix-dev mailing list