version 1.3, 2010/03/03 22:50:40 |
version 1.4, 2010/04/16 01:47:25 |
|
|
system already in SSH to allow certificate-based authentication. |
system already in SSH to allow certificate-based authentication. |
The certificates used are not traditional X.509 certificates, with |
The certificates used are not traditional X.509 certificates, with |
numerous options and complex encoding rules, but something rather |
numerous options and complex encoding rules, but something rather |
more minimal: a key, some identity information and usage constraints |
more minimal: a key, some identity information and usage options |
that have been signed with some other trusted key. |
that have been signed with some other trusted key. |
|
|
A sshd server may be configured to allow authentication via certified |
A sshd server may be configured to allow authentication via certified |
|
|
to specify CA keys in ~/.ssh/known_hosts. |
to specify CA keys in ~/.ssh/known_hosts. |
|
|
Certified keys are represented using two new key types: |
Certified keys are represented using two new key types: |
ssh-rsa-cert-v00@openssh.com and ssh-dss-cert-v00@openssh.com that |
ssh-rsa-cert-v01@openssh.com and ssh-dss-cert-v01@openssh.com that |
include certification information along with the public key that is used |
include certification information along with the public key that is used |
to sign challenges. ssh-keygen performs the CA signing operation. |
to sign challenges. ssh-keygen performs the CA signing operation. |
|
|
|
|
New public key formats |
New public key formats |
---------------------- |
---------------------- |
|
|
The ssh-rsa-cert-v00@openssh.com and ssh-dss-cert-v00@openssh.com key |
The ssh-rsa-cert-v01@openssh.com and ssh-dss-cert-v01@openssh.com key |
types take a similar high-level format (note: data types and |
types take a similar high-level format (note: data types and |
encoding are as per RFC4251 section 5). The serialised wire encoding of |
encoding are as per RFC4251 section 5). The serialised wire encoding of |
these certificates is also used for storing them on disk. |
these certificates is also used for storing them on disk. |
|
|
|
|
RSA certificate |
RSA certificate |
|
|
string "ssh-rsa-cert-v00@openssh.com" |
string "ssh-rsa-cert-v01@openssh.com" |
|
string nonce |
mpint e |
mpint e |
mpint n |
mpint n |
|
uint64 serial |
uint32 type |
uint32 type |
string key id |
string key id |
string valid principals |
string valid principals |
uint64 valid after |
uint64 valid after |
uint64 valid before |
uint64 valid before |
string constraints |
string critical options |
string nonce |
string extensions |
string reserved |
string reserved |
string signature key |
string signature key |
string signature |
string signature |
|
|
DSA certificate |
DSA certificate |
|
|
string "ssh-dss-cert-v00@openssh.com" |
string "ssh-dss-cert-v01@openssh.com" |
|
string nonce |
mpint p |
mpint p |
mpint q |
mpint q |
mpint g |
mpint g |
mpint y |
mpint y |
|
uint64 serial |
uint32 type |
uint32 type |
string key id |
string key id |
string valid principals |
string valid principals |
uint64 valid after |
uint64 valid after |
uint64 valid before |
uint64 valid before |
string constraints |
string critical options |
string nonce |
string extensions |
string reserved |
string reserved |
string signature key |
string signature key |
string signature |
string signature |
|
|
|
The nonce field is a CA-provided random bitstring of arbitrary length |
|
(but typically 16 or 32 bytes) included to make attacks that depend on |
|
inducing collisions in the signature hash infeasible. |
|
|
e and n are the RSA exponent and public modulus respectively. |
e and n are the RSA exponent and public modulus respectively. |
|
|
p, q, g, y are the DSA parameters as described in FIPS-186-2. |
p, q, g, y are the DSA parameters as described in FIPS-186-2. |
|
|
|
serial is an optional certificate serial number set by the CA to |
|
provide an abbreviated way to refer to certificates from that CA. |
|
If a CA does not with to number its certificates it must set this |
|
field to zero. |
|
|
type specifies whether this certificate is for identification of a user |
type specifies whether this certificate is for identification of a user |
or a host using a SSH_CERT_TYPE_... value. |
or a host using a SSH_CERT_TYPE_... value. |
|
|
|
|
00:00:00. A certificate is considered valid if: |
00:00:00. A certificate is considered valid if: |
valid after <= current time < valid before |
valid after <= current time < valid before |
|
|
constraints is a set of zero or more key constraints encoded as below. |
criticial options is a set of zero or more key options encoded as |
|
below. All such options are "critical" in the sense that an implementation |
|
must refuse to authorise a key that has an unrecognised option. |
|
|
The nonce field is a CA-provided random bitstring of arbitrary length |
extensions is a set of zero or more optional extensions. These extensions |
(but typically 16 or 32 bytes) included to make attacks that depend on |
are not critical, and an implementation that encounters one that it does |
inducing collisions in the signature hash infeasible. |
not recognise may safely ignore it. No extensions are defined at present. |
|
|
The reserved field is current unused and is ignored in this version of |
The reserved field is currently unused and is ignored in this version of |
the protocol. |
the protocol. |
|
|
signature key contains the CA key used to sign the certificate. |
signature key contains the CA key used to sign the certificate. |
|
|
encoded according to the rules defined for the CA's public key algorithm |
encoded according to the rules defined for the CA's public key algorithm |
(RFC4253 section 6.6 for ssh-rsa and ssh-dss). |
(RFC4253 section 6.6 for ssh-rsa and ssh-dss). |
|
|
Constraints |
Critical options |
----------- |
---------------- |
|
|
The constraints section of the certificate specifies zero or more |
The critical options section of the certificate specifies zero or more |
constraints on the certificates validity. The format of this field |
options on the certificates validity. The format of this field |
is a sequence of zero or more tuples: |
is a sequence of zero or more tuples: |
|
|
string name |
string name |
string data |
string data |
|
|
The name field identifies the constraint and the data field encodes |
The name field identifies the option and the data field encodes |
constraint-specific information (see below). All constraints are |
option-specific information (see below). All options are |
"critical", if an implementation does not recognise a constraint |
"critical", if an implementation does not recognise a option |
then the validating party should refuse to accept the certificate. |
then the validating party should refuse to accept the certificate. |
|
|
The supported constraints and the contents and structure of their |
The supported options and the contents and structure of their |
data fields are: |
data fields are: |
|
|
Name Format Description |
Name Format Description |
|
|
|
|
permit-X11-forwarding empty Flag indicating that X11 forwarding |
permit-X11-forwarding empty Flag indicating that X11 forwarding |
should be permitted. X11 forwarding will |
should be permitted. X11 forwarding will |
be refused if this constraint is absent. |
be refused if this option is absent. |
|
|
permit-agent-forwarding empty Flag indicating that agent forwarding |
permit-agent-forwarding empty Flag indicating that agent forwarding |
should be allowed. Agent forwarding |
should be allowed. Agent forwarding |
must not be permitted unless this |
must not be permitted unless this |
constraint is present. |
option is present. |
|
|
permit-port-forwarding empty Flag indicating that port-forwarding |
permit-port-forwarding empty Flag indicating that port-forwarding |
should be allowed. If this constraint is |
should be allowed. If this option is |
not present then no port forwarding will |
not present then no port forwarding will |
be allowed. |
be allowed. |
|
|
permit-pty empty Flag indicating that PTY allocation |
permit-pty empty Flag indicating that PTY allocation |
should be permitted. In the absence of |
should be permitted. In the absence of |
this constraint PTY allocation will be |
this option PTY allocation will be |
disabled. |
disabled. |
|
|
permit-user-rc empty Flag indicating that execution of |
permit-user-rc empty Flag indicating that execution of |
~/.ssh/rc should be permitted. Execution |
~/.ssh/rc should be permitted. Execution |
of this script will not be permitted if |
of this script will not be permitted if |
this constraint is not present. |
this option is not present. |
|
|
source-address string Comma-separated list of source addresses |
source-address string Comma-separated list of source addresses |
from which this certificate is accepted |
from which this certificate is accepted |
for authentication. Addresses are |
for authentication. Addresses are |
specified in CIDR format (nn.nn.nn.nn/nn |
specified in CIDR format (nn.nn.nn.nn/nn |
or hhhh::hhhh/nn). |
or hhhh::hhhh/nn). |
If this constraint is not present then |
If this option is not present then |
certificates may be presented from any |
certificates may be presented from any |
source address. |
source address. |
|
|