version 1.10, 2016/05/03 10:27:59 |
version 1.16, 2018/10/26 01:23:03 |
|
|
acceptance of certified host keys, by adding a similar ability to |
acceptance of certified host keys, by adding a similar ability to |
specify CA keys in ~/.ssh/known_hosts. |
specify CA keys in ~/.ssh/known_hosts. |
|
|
|
All certificate types include certification information along with the |
|
public key that is used to sign challenges. In OpenSSH, ssh-keygen |
|
performs the CA signing operation. |
|
|
Certified keys are represented using new key types: |
Certified keys are represented using new key types: |
|
|
ssh-rsa-cert-v01@openssh.com |
ssh-rsa-cert-v01@openssh.com |
|
|
ecdsa-sha2-nistp256-cert-v01@openssh.com |
ecdsa-sha2-nistp256-cert-v01@openssh.com |
ecdsa-sha2-nistp384-cert-v01@openssh.com |
ecdsa-sha2-nistp384-cert-v01@openssh.com |
ecdsa-sha2-nistp521-cert-v01@openssh.com |
ecdsa-sha2-nistp521-cert-v01@openssh.com |
|
ssh-ed25519-cert-v01@openssh.com |
|
|
These include certification information along with the public key |
Two additional types exist for RSA certificates to force use of |
that is used to sign challenges. ssh-keygen performs the CA signing |
SHA-2 signatures (SHA-256 and SHA-512 respectively): |
operation. |
|
|
|
|
rsa-sha2-256-cert-v01@openssh.com |
|
rsa-sha2-512-cert-v01@openssh.com |
|
|
|
These RSA/SHA-2 types should not appear in keys at rest or transmitted |
|
on their wire, but do appear in a SSH_MSG_KEXINIT's host-key algorithms |
|
field or in the "public key algorithm name" field of a "publickey" |
|
SSH_USERAUTH_REQUEST to indicate that the signature will use the |
|
specified algorithm. |
|
|
Protocol extensions |
Protocol extensions |
------------------- |
------------------- |
|
|
|
|
|
|
ECDSA certificate |
ECDSA certificate |
|
|
string "ecdsa-sha2-nistp256-v01@openssh.com" | |
string "ecdsa-sha2-nistp256-cert-v01@openssh.com" | |
"ecdsa-sha2-nistp384-v01@openssh.com" | |
"ecdsa-sha2-nistp384-cert-v01@openssh.com" | |
"ecdsa-sha2-nistp521-v01@openssh.com" |
"ecdsa-sha2-nistp521-cert-v01@openssh.com" |
string nonce |
string nonce |
string curve |
string curve |
string public_key |
string public_key |
|
|
|
|
valid after <= current time < valid before |
valid after <= current time < valid before |
|
|
criticial options is a set of zero or more key options encoded as |
critical options is a set of zero or more key options encoded as |
below. All such options are "critical" in the sense that an implementation |
below. All such options are "critical" in the sense that an implementation |
must refuse to authorise a key that has an unrecognised option. |
must refuse to authorise a key that has an unrecognised option. |
|
|
|
|
The reserved field is currently unused and is ignored in this version of |
The reserved field is currently unused and is ignored in this version of |
the protocol. |
the protocol. |
|
|
signature key contains the CA key used to sign the certificate. |
The signature key field contains the CA key used to sign the |
The valid key types for CA keys are ssh-rsa, ssh-dss and the ECDSA types |
certificate. The valid key types for CA keys are ssh-rsa, |
ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521. "Chained" |
ssh-dss, ssh-ed25519 and the ECDSA types ecdsa-sha2-nistp256, |
certificates, where the signature key type is a certificate type itself |
ecdsa-sha2-nistp384, ecdsa-sha2-nistp521. "Chained" certificates, where |
are NOT supported. Note that it is possible for a RSA certificate key to |
the signature key type is a certificate type itself are NOT supported. |
be signed by a DSS or ECDSA CA key and vice-versa. |
Note that it is possible for a RSA certificate key to be signed by a |
|
Ed25519 or ECDSA CA key and vice-versa. |
|
|
signature is computed over all preceding fields from the initial string |
signature is computed over all preceding fields from the initial string |
up to, and including the signature key. Signatures are computed and |
up to, and including the signature key. Signatures are computed and |
|
|
"critical", if an implementation does not recognise a option |
"critical", if an implementation does not recognise a option |
then the validating party should refuse to accept the certificate. |
then the validating party should refuse to accept the certificate. |
|
|
|
Custom options should append the originating author or organisation's |
|
domain name to the option name, e.g. "my-option@example.com". |
|
|
No critical options are defined for host certificates at present. The |
No critical options are defined for host certificates at present. The |
supported user certificate options and the contents and structure of |
supported user certificate options and the contents and structure of |
their data fields are: |
their data fields are: |
|
|
|
|
If an implementation does not recognise an extension, then it should |
If an implementation does not recognise an extension, then it should |
ignore it. |
ignore it. |
|
|
|
Custom options should append the originating author or organisation's |
|
domain name to the option name, e.g. "my-option@example.com". |
|
|
No extensions are defined for host certificates at present. The |
No extensions are defined for host certificates at present. The |
supported user certificate extensions and the contents and structure of |
supported user certificate extensions and the contents and structure of |