| version 1.7, 2010/08/04 05:40:39 |
version 1.8, 2010/08/31 11:54:45 |
|
|
| ---------- |
---------- |
| |
|
| The SSH protocol currently supports a simple public key authentication |
The SSH protocol currently supports a simple public key authentication |
| mechanism. Unlike other public key implementations, SSH eschews the |
mechanism. Unlike other public key implementations, SSH eschews the use |
| use of X.509 certificates and uses raw keys. This approach has some |
of X.509 certificates and uses raw keys. This approach has some benefits |
| benefits relating to simplicity of configuration and minimisation |
relating to simplicity of configuration and minimisation of attack |
| of attack surface, but it does not support the important use-cases |
surface, but it does not support the important use-cases of centrally |
| of centrally managed, passwordless authentication and centrally |
managed, passwordless authentication and centrally certified host keys. |
| certified host keys. |
|
| |
|
| These protocol extensions build on the simple public key authentication |
These protocol extensions build on the simple public key authentication |
| system already in SSH to allow certificate-based authentication. |
system already in SSH to allow certificate-based authentication. The |
| The certificates used are not traditional X.509 certificates, with |
certificates used are not traditional X.509 certificates, with numerous |
| numerous options and complex encoding rules, but something rather |
options and complex encoding rules, but something rather more minimal: a |
| more minimal: a key, some identity information and usage options |
key, some identity information and usage options that have been signed |
| that have been signed with some other trusted key. |
with some other trusted key. |
| |
|
| A sshd server may be configured to allow authentication via certified |
A sshd server may be configured to allow authentication via certified |
| keys, by extending the existing ~/.ssh/authorized_keys mechanism |
keys, by extending the existing ~/.ssh/authorized_keys mechanism to |
| to allow specification of certification authority keys in addition |
allow specification of certification authority keys in addition to |
| to raw user keys. The ssh client will support automatic verification |
raw user keys. The ssh client will support automatic verification of |
| of acceptance of certified host keys, by adding a similar ability |
acceptance of certified host keys, by adding a similar ability to |
| to specify CA keys in ~/.ssh/known_hosts. |
specify CA keys in ~/.ssh/known_hosts. |
| |
|
| Certified keys are represented using two new key types: |
Certified keys are represented using new key types: |
| ssh-rsa-cert-v01@openssh.com and ssh-dss-cert-v01@openssh.com that |
|
| include certification information along with the public key that is used |
|
| to sign challenges. ssh-keygen performs the CA signing operation. |
|
| |
|
| |
ssh-rsa-cert-v01@openssh.com |
| |
ssh-dss-cert-v01@openssh.com |
| |
ecdsa-sha2-nistp256-cert-v01@openssh.com |
| |
ecdsa-sha2-nistp384-cert-v01@openssh.com |
| |
ecdsa-sha2-nistp521-cert-v01@openssh.com |
| |
|
| |
These include certification information along with the public key |
| |
that is used to sign challenges. ssh-keygen performs the CA signing |
| |
operation. |
| |
|
| Protocol extensions |
Protocol extensions |
| ------------------- |
------------------- |
| |
|
|
|
| New public key formats |
New public key formats |
| ---------------------- |
---------------------- |
| |
|
| The ssh-rsa-cert-v01@openssh.com and ssh-dss-cert-v01@openssh.com key |
The certificate key types take a similar high-level format (note: data |
| types take a similar high-level format (note: data types and |
types and encoding are as per RFC4251 section 5). The serialised wire |
| encoding are as per RFC4251 section 5). The serialised wire encoding of |
encoding of these certificates is also used for storing them on disk. |
| these certificates is also used for storing them on disk. |
|
| |
|
| #define SSH_CERT_TYPE_USER 1 |
#define SSH_CERT_TYPE_USER 1 |
| #define SSH_CERT_TYPE_HOST 2 |
#define SSH_CERT_TYPE_HOST 2 |
|
|
| string signature key |
string signature key |
| string signature |
string signature |
| |
|
| |
ECDSA certificate |
| |
|
| |
string "ecdsa-sha2-nistp256@openssh.com" | |
| |
"ecdsa-sha2-nistp384@openssh.com" | |
| |
"ecdsa-sha2-nistp521@openssh.com" |
| |
string nonce |
| |
string curve |
| |
string public_key |
| |
uint64 serial |
| |
uint32 type |
| |
string key id |
| |
string valid principals |
| |
uint64 valid after |
| |
uint64 valid before |
| |
string critical options |
| |
string extensions |
| |
string reserved |
| |
string signature key |
| |
string signature |
| |
|
| The nonce field is a CA-provided random bitstring of arbitrary length |
The nonce field is a CA-provided random bitstring of arbitrary length |
| (but typically 16 or 32 bytes) included to make attacks that depend on |
(but typically 16 or 32 bytes) included to make attacks that depend on |
| inducing collisions in the signature hash infeasible. |
inducing collisions in the signature hash infeasible. |
|
|
| |
|
| p, q, g, y are the DSA parameters as described in FIPS-186-2. |
p, q, g, y are the DSA parameters as described in FIPS-186-2. |
| |
|
| |
curve and public key are respectively the ECDSA "[identifier]" and "Q" |
| |
defined in section 3.1 of RFC5656. |
| |
|
| serial is an optional certificate serial number set by the CA to |
serial is an optional certificate serial number set by the CA to |
| provide an abbreviated way to refer to certificates from that CA. |
provide an abbreviated way to refer to certificates from that CA. |
| If a CA does not wish to number its certificates it must set this |
If a CA does not wish to number its certificates it must set this |
|
|
| "valid after" and "valid before" specify a validity period for the |
"valid after" and "valid before" specify a validity period for the |
| certificate. Each represents a time in seconds since 1970-01-01 |
certificate. Each represents a time in seconds since 1970-01-01 |
| 00:00:00. A certificate is considered valid if: |
00:00:00. A certificate is considered valid if: |
| valid after <= current time < valid before |
|
| |
|
| |
valid after <= current time < valid before |
| |
|
| criticial options is a set of zero or more key options encoded as |
criticial options is a set of zero or more key options encoded as |
| below. All such options are "critical" in the sense that an implementation |
below. All such options are "critical" in the sense that an implementation |
| must refuse to authorise a key that has an unrecognised option. |
must refuse to authorise a key that has an unrecognised option. |
|
|
| the protocol. |
the protocol. |
| |
|
| signature key contains the CA key used to sign the certificate. |
signature key contains the CA key used to sign the certificate. |
| The valid key types for CA keys are ssh-rsa and ssh-dss. "Chained" |
The valid key types for CA keys are ssh-rsa, ssh-dss and the ECDSA types |
| |
ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521. "Chained" |
| certificates, where the signature key type is a certificate type itself |
certificates, where the signature key type is a certificate type itself |
| are NOT supported. Note that it is possible for a RSA certificate key to |
are NOT supported. Note that it is possible for a RSA certificate key to |
| be signed by a DSS CA key and vice-versa. |
be signed by a DSS or ECDSA CA key and vice-versa. |
| |
|
| signature is computed over all preceding fields from the initial string |
signature is computed over all preceding fields from the initial string |
| up to, and including the signature key. Signatures are computed and |
up to, and including the signature key. Signatures are computed and |
| encoded according to the rules defined for the CA's public key algorithm |
encoded according to the rules defined for the CA's public key algorithm |
| (RFC4253 section 6.6 for ssh-rsa and ssh-dss). |
(RFC4253 section 6.6 for ssh-rsa and ssh-dss, RFC5656 for the ECDSA |
| |
types). |
| |
|
| Critical options |
Critical options |
| ---------------- |
---------------- |
![[BACK]](/icons/back.gif){kind=icon}
Return to PROTOCOL.certkeys CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh