PKI certificates for SSH
Introduction
SSH certificates are limited in their usefulness - a certificate can only be
signed with a single CA key, so no chains of trust can be established, and
there's no way to tie them into the global PKI. But what if 🥺?
Should I use this?
No.
How do I use this?
Generate a CSR:
openssl req -nodes -newkey rsa:2048 -keyout PRIVATEKEY.key -out MYCSR.csr
and set the CN to your username. Get it signed somehow. Copy PRIVATEKEY.key to ~/.ssh/id_badidea and run:
ssh-keygen -f ~/.ssh/id_badidea -y >~/.ssh/id_badidea.pub
Take your signed certificate and encode it to base64 - if it's PEM encoded, convert to DER first:
openssl -inform pem -in signed.crt -outform der -out signed.der
base64 <signed.der >/tmp/encoded.crt
Generate a self-signed SSH certificate that embeds the base64 encoded certificate:
ssh-keygen -I badidea -s ~/.ssh/id_badidea -n $USER -O clear -O extension:x509=$(cat /tmp/encoded.crt) ~/.ssh/id_badidea.pub
and add it to your SSH agent:
ssh-add ~/.ssh/id_badidea
On your SSH server, add an AuthorizedKeysCommand to sshd_config:
AuthorizedKeysCommand /usr/local/bin/ssh_pki -certificate %k -user %i -rootCA /etc/ssh/ssh_root_ca
where ssh_root_ca is the root of the infrastructure used to sign the X509 cert.
How it works
The ssh_pki agent examines the certificate presented to it and extracts the
X509 certificate from the extensions field. It ensures that this certificate
has a chain of trust to the configured root CA, and then extracts the
subject CN to verify that it matches the username of the account being
logged into. If everything checks out, it sends a response to the SSH daemon
telling it that the public key used to sign the SSH certificate is a
certificate authority. Since the SSH certificate is self-signed, this
results in the daemon accepting the presented certificate as evidence of
user identity.
So, should I use this?
No.
Todo
Any sort of security analysis at all. The use of CN is entirely
inappropriate here, but the only reason I wrote this is because I realised I
could.