Multiple Signatures on SSH-Hostkeys

Bergner, Jan, A-SCM-CIM-SD jan.bergner at
Tue Oct 22 19:06:32 AEDT 2019

Thank you for your insights, Damien.
I think, you basically answered all my questions.
On Di, 2019-10-22 at 11:43 +1100, Damien Miller wrote:
> On Mon, 21 Oct 2019, Bergner, Jan, A-SCM-CIM-SD wrote:
> Hello, OpenSSH-wizards.
> In our company, we have looked into SSH-HostKey-signing in order to
> realize automated access without the need to accept the server's
> hostkey, manually.
> I got it to work with the HostCertificate-directive inside the
> sshd_config.
> Now, I was wondering whether it is possible to have multiple
> signatures, so I can, for example, sign the hostkey once with a
> company-internal CA to prove to my colleagues that the server belongs
> to our company and to sign again with another CA that belongs to say
> a specific project so all the servers in this project can be sure to
> talk to another project server.
> First off: typically host key certificates are made to identify a
> server
> back to some root of trust and not to implement any sort of host-
> level
> access control, which is what your mention of "project servers" makes
> me think of. If you want to control which hosts are able to connect
> to
> which other hosts, then host certificates are not the feature you're
> looking for.
That is clear to us.
We have a setup, where we deploy SSH-Keys to the systems that need
them. We only want to get rid of the manual hostkey confirmation, so we
can automate things.
So, in simple terms, we want to make a couple of SSH-clients trust a
couple of servers by default in a secure way.
> With tha being said, unfortunately, the SSH protocol is limited to
> sending a single hostkey from the the server to the client during
> connection establishment. The client gets to choose they type of the
> hostkey only.
> So having multiple signatures over the same type of host key isn't
> practical. You can specify multiple keys of the same type in
> sshd_config
> but the server will only send the first one that was specified.
I'd thought so from my own tests. Thanks for the confirmation.
> I think the best you could do at present if you want host keys signed
> by different CA is to choose different types of host key (e.g. ecdsa
> vs
> ed25519), get one type signed by one CA and the other by the other
> CA,
> and configure the clients to prefer the key type corresponding to the
> CA
> that they expect. It's not a great solution, but it would probably
> work.
Would I specify that in sshd_config with multiple HostCertificate-
statements or would I rather have multiple signed keys in one file?
(One signature each line?)
> Furthermore, I did not find out, how I would sign different hostkey-
> types. (Like RSA and ECDSA.)
> It's definitely possible to sign hostkeys of one type with a CA key
> of
> another type (just don't use DSA).
> -d
Thanks again and best regards,
Mit freundlichen Grüßen 
Jan Bergner
DevOps-Engineer | Corporate Information Management

Arvato Supply Chain Solutions
Gottlieb-Daimler-Str. 1

33428 Harsewinkel


+49 (5241) 80 - 40354
 jan.bergner at
Arvato Distribution GmbH | Sitz Harsewinkel | Amtsgericht Gütersloh HRB 2200

Geschäftsführer: Andreas Barth, Carsten Coesfeld, Frank Schirrmeister, Boris Scholz, Dr. Thorsten Winkelmann
 E-Mail und eventuelle Anlagen können vertrauliche und/oder rechtlich 
geschützte Informationen enthalten. Wenn Sie nicht der richtige Adressat
 sind oder diese E-Mail irrtümlich
 erhalten haben, informieren Sie bitte sofort den Absender und 
vernichten Sie diese E-Mail. Das unerlaubte Kopieren sowie die unbefugte
 Weitergabe dieser E-Mail sind nicht gestattet. 

More information about the openssh-unix-dev mailing list