| version 1.3, 2010/03/03 22:50:40 |
version 1.4, 2010/04/16 01:47:25 |
|
|
| system already in SSH to allow certificate-based authentication. |
system already in SSH to allow certificate-based authentication. |
| The certificates used are not traditional X.509 certificates, with |
The certificates used are not traditional X.509 certificates, with |
| numerous options and complex encoding rules, but something rather |
numerous options and complex encoding rules, but something rather |
| more minimal: a key, some identity information and usage constraints |
more minimal: a key, some identity information and usage options |
| that have been signed with some other trusted key. |
that have been signed with some other trusted key. |
| |
|
| A sshd server may be configured to allow authentication via certified |
A sshd server may be configured to allow authentication via certified |
|
|
| to specify CA keys in ~/.ssh/known_hosts. |
to specify CA keys in ~/.ssh/known_hosts. |
| |
|
| Certified keys are represented using two new key types: |
Certified keys are represented using two new key types: |
| ssh-rsa-cert-v00@openssh.com and ssh-dss-cert-v00@openssh.com that |
ssh-rsa-cert-v01@openssh.com and ssh-dss-cert-v01@openssh.com that |
| include certification information along with the public key that is used |
include certification information along with the public key that is used |
| to sign challenges. ssh-keygen performs the CA signing operation. |
to sign challenges. ssh-keygen performs the CA signing operation. |
| |
|
|
|
| New public key formats |
New public key formats |
| ---------------------- |
---------------------- |
| |
|
| The ssh-rsa-cert-v00@openssh.com and ssh-dss-cert-v00@openssh.com key |
The ssh-rsa-cert-v01@openssh.com and ssh-dss-cert-v01@openssh.com key |
| types take a similar high-level format (note: data types and |
types take a similar high-level format (note: data types and |
| encoding are as per RFC4251 section 5). The serialised wire encoding of |
encoding are as per RFC4251 section 5). The serialised wire encoding of |
| these certificates is also used for storing them on disk. |
these certificates is also used for storing them on disk. |
|
|
| |
|
| RSA certificate |
RSA certificate |
| |
|
| string "ssh-rsa-cert-v00@openssh.com" |
string "ssh-rsa-cert-v01@openssh.com" |
| |
string nonce |
| mpint e |
mpint e |
| mpint n |
mpint n |
| |
uint64 serial |
| uint32 type |
uint32 type |
| string key id |
string key id |
| string valid principals |
string valid principals |
| uint64 valid after |
uint64 valid after |
| uint64 valid before |
uint64 valid before |
| string constraints |
string critical options |
| string nonce |
string extensions |
| string reserved |
string reserved |
| string signature key |
string signature key |
| string signature |
string signature |
| |
|
| DSA certificate |
DSA certificate |
| |
|
| string "ssh-dss-cert-v00@openssh.com" |
string "ssh-dss-cert-v01@openssh.com" |
| |
string nonce |
| mpint p |
mpint p |
| mpint q |
mpint q |
| mpint g |
mpint g |
| mpint y |
mpint y |
| |
uint64 serial |
| uint32 type |
uint32 type |
| string key id |
string key id |
| string valid principals |
string valid principals |
| uint64 valid after |
uint64 valid after |
| uint64 valid before |
uint64 valid before |
| string constraints |
string critical options |
| string nonce |
string extensions |
| string reserved |
string reserved |
| string signature key |
string signature key |
| string signature |
string signature |
| |
|
| |
The nonce field is a CA-provided random bitstring of arbitrary length |
| |
(but typically 16 or 32 bytes) included to make attacks that depend on |
| |
inducing collisions in the signature hash infeasible. |
| |
|
| e and n are the RSA exponent and public modulus respectively. |
e and n are the RSA exponent and public modulus respectively. |
| |
|
| p, q, g, y are the DSA parameters as described in FIPS-186-2. |
p, q, g, y are the DSA parameters as described in FIPS-186-2. |
| |
|
| |
serial is an optional certificate serial number set by the CA to |
| |
provide an abbreviated way to refer to certificates from that CA. |
| |
If a CA does not with to number its certificates it must set this |
| |
field to zero. |
| |
|
| type specifies whether this certificate is for identification of a user |
type specifies whether this certificate is for identification of a user |
| or a host using a SSH_CERT_TYPE_... value. |
or a host using a SSH_CERT_TYPE_... value. |
| |
|
|
|
| 00:00:00. A certificate is considered valid if: |
00:00:00. A certificate is considered valid if: |
| valid after <= current time < valid before |
valid after <= current time < valid before |
| |
|
| constraints is a set of zero or more key constraints encoded as below. |
criticial options is a set of zero or more key options encoded as |
| |
below. All such options are "critical" in the sense that an implementation |
| |
must refuse to authorise a key that has an unrecognised option. |
| |
|
| The nonce field is a CA-provided random bitstring of arbitrary length |
extensions is a set of zero or more optional extensions. These extensions |
| (but typically 16 or 32 bytes) included to make attacks that depend on |
are not critical, and an implementation that encounters one that it does |
| inducing collisions in the signature hash infeasible. |
not recognise may safely ignore it. No extensions are defined at present. |
| |
|
| The reserved field is current unused and is ignored in this version of |
The reserved field is currently unused and is ignored in this version of |
| the protocol. |
the protocol. |
| |
|
| signature key contains the CA key used to sign the certificate. |
signature key contains the CA key used to sign the certificate. |
|
|
| encoded according to the rules defined for the CA's public key algorithm |
encoded according to the rules defined for the CA's public key algorithm |
| (RFC4253 section 6.6 for ssh-rsa and ssh-dss). |
(RFC4253 section 6.6 for ssh-rsa and ssh-dss). |
| |
|
| Constraints |
Critical options |
| ----------- |
---------------- |
| |
|
| The constraints section of the certificate specifies zero or more |
The critical options section of the certificate specifies zero or more |
| constraints on the certificates validity. The format of this field |
options on the certificates validity. The format of this field |
| is a sequence of zero or more tuples: |
is a sequence of zero or more tuples: |
| |
|
| string name |
string name |
| string data |
string data |
| |
|
| The name field identifies the constraint and the data field encodes |
The name field identifies the option and the data field encodes |
| constraint-specific information (see below). All constraints are |
option-specific information (see below). All options are |
| "critical", if an implementation does not recognise a constraint |
"critical", if an implementation does not recognise a option |
| then the validating party should refuse to accept the certificate. |
then the validating party should refuse to accept the certificate. |
| |
|
| The supported constraints and the contents and structure of their |
The supported options and the contents and structure of their |
| data fields are: |
data fields are: |
| |
|
| Name Format Description |
Name Format Description |
|
|
| |
|
| permit-X11-forwarding empty Flag indicating that X11 forwarding |
permit-X11-forwarding empty Flag indicating that X11 forwarding |
| should be permitted. X11 forwarding will |
should be permitted. X11 forwarding will |
| be refused if this constraint is absent. |
be refused if this option is absent. |
| |
|
| permit-agent-forwarding empty Flag indicating that agent forwarding |
permit-agent-forwarding empty Flag indicating that agent forwarding |
| should be allowed. Agent forwarding |
should be allowed. Agent forwarding |
| must not be permitted unless this |
must not be permitted unless this |
| constraint is present. |
option is present. |
| |
|
| permit-port-forwarding empty Flag indicating that port-forwarding |
permit-port-forwarding empty Flag indicating that port-forwarding |
| should be allowed. If this constraint is |
should be allowed. If this option is |
| not present then no port forwarding will |
not present then no port forwarding will |
| be allowed. |
be allowed. |
| |
|
| permit-pty empty Flag indicating that PTY allocation |
permit-pty empty Flag indicating that PTY allocation |
| should be permitted. In the absence of |
should be permitted. In the absence of |
| this constraint PTY allocation will be |
this option PTY allocation will be |
| disabled. |
disabled. |
| |
|
| permit-user-rc empty Flag indicating that execution of |
permit-user-rc empty Flag indicating that execution of |
| ~/.ssh/rc should be permitted. Execution |
~/.ssh/rc should be permitted. Execution |
| of this script will not be permitted if |
of this script will not be permitted if |
| this constraint is not present. |
this option is not present. |
| |
|
| source-address string Comma-separated list of source addresses |
source-address string Comma-separated list of source addresses |
| from which this certificate is accepted |
from which this certificate is accepted |
| for authentication. Addresses are |
for authentication. Addresses are |
| specified in CIDR format (nn.nn.nn.nn/nn |
specified in CIDR format (nn.nn.nn.nn/nn |
| or hhhh::hhhh/nn). |
or hhhh::hhhh/nn). |
| If this constraint is not present then |
If this option is not present then |
| certificates may be presented from any |
certificates may be presented from any |
| source address. |
source address. |
| |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to PROTOCOL.certkeys CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh