X509 based certificate authentication in OpenSSH
Jason Pyeron
jpyeron at pdinc.us
Thu Sep 22 21:09:50 AEST 2022
> -----Original Message-----
> From: Dirk-Willem van Gulik
> Sent: Thursday, September 22, 2022 3:57 AM
>
> On 22 Sep 2022, at 05:41, Jason Pyeron wrote:
>
> >> On Mon, Jun 07, 2010 at 17:04:09 -0500, Dani, Naitik wrote:
> >>> I would like to know whether OpenSSH supports x509 certificate based
> >>> authentication.
> >>
> >> No, although Roumen Petrov maintains a patch that adds such support.
> …
> > The developers have maintained a stance that the complexity of X.509
> > certificates introduces an unacceptable attack surface for sshd.
> ...
> > Is this still the case? Reading PROTOCOL.certkeys [3], the preamble has not changed since 2010.
>
> While Petrov’s patches are splendid and (for us at least) rock and rock solid - I would add that the
> infrastructure it relies on is indeed not risk free. Even if one does to consult the network for OCSP
> or CRL.
Nothing is risk free, but is there a willingness to review, revise, an implement. A philosophical question is "are there guards against such risks".
Is there a high bar, that if met would change the maintainers' minds on supporting RFC 6187?
> We got very nearly taken out through a SSH implementation by CVE-2012-0654
Like above, if there was a vulnerability in libraries used for PAM, LDAP, and other parts of the authentication chain which allowed accesses uninitialized memory locations it too could allow remote attackers to execute arbitrary code.
> (bad X.509 ca-authority cert commonly used in the energy industry).
That’s silly, do not trust external CAs for local user authentication. At the company I work for we have high, medium, and low assurance CAs - we would only ever use the high assurance CA to authenticate users. Further, our customer organizations do not use/trust external CA, have thousands or millions of users, and issues smart cards to contain private keys. These are the use cases that seem to be most relevant.
I personally feel, use by responsible organizations following documentation stating the possible kill chain so they can make an informed risk acceptance should be supported.
The unacceptable workarounds that are currently in place are to use PuttyCAC's ssh agent, scripts to monitor LDAP for new users' certificates and then update authorized keys files.
v/r,
Jason Pyeron
More information about the openssh-unix-dev
mailing list