Some wishes regarding revoked keys

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hello.

I am trying to play through the following test scenario about certificate revocation on Ubuntu 18.04, which has OpenSSH of this version:
OpenSSH_7.6p1 Ubuntu-4, OpenSSL 1.0.2n  7 Dec 2017

1. A CA key is created
ssh-keygen -t ed25519 -f ca

2. The CA public key is added to ~/.ssh/authorized_keys on some server:
cert-authority ssh-ed25519 AAAA...e ca@yoga

3. A user key is created on a different laptop:
ssh-keygen -t ed25519 -f user

4. The CA gets user.pub, signs the user key and applies restrictions, then transfers user-cert.pub back to the user's laptop
ssh-keygen -s ca -I user -V 20180906:20180908 -O clear -O permit-pty user
(yes I know, at this point the CA has made a mistake of not specifying the unique serial, but still there is a unique ID supplied with "-I user", so nothing fatal)

5. The CA destroys its copy of the user.pub and user-cert.pub files, because a guide (e.g. https://ef.gy/hardening-ssh) says it is a good idea.

6. The user logs in using the certificate:
ssh -o IdentitiesOnly=yes -o PubkeyAcceptedKeyTypes=ssh-ed25519-cert-v01@xxxxxxxxxxx -i user remote-host

Up to this point, everything works fine.

7. The user's laptop is stolen, the passphrase guessed, and now the thief is the only person who has access to the user's private key, public key and the certificate. The thief logs into the server. Now the admin needs to revoke the certificate (and ideally the certified key itself, just in case), based on the available information in the logs.

In the log, with the default verbosity level, there are lines like this:

Sep  6 16:11:07 test-5-9v sshd[13415]: Accepted publickey for user from 2001:470:<remaining-octets-hidden> port 53104 ssh2: ED25519-CERT ID user (serial 0) CA ED25519 SHA256:pN9HcOzg1nDWEpui9Yzjm24kfh6mHWf4ihHVaW4HKe8

I.e. nothing except the id and the serial about the certificate or the key itself. The SHA256 fingerprint is that of the CA public key.

At the DEBUG verbosity level, there is also a line that says the SHA256 fingerprint of the user's (not CA) key:

Sep  6 17:02:03 test-5-9v sshd[13997]: debug1: userauth_pubkey: test whether pkalg/pkblob are acceptable for ED25519-CERT SHA256:KdBhCunApB01QV7kw/+FsS/BAfnFxpaKCbPVQrzGmrc [preauth]

OK, so the CA needs to revoke a certificate with ID "user" (let's suppose it is unique), or key hash SHA256:KdBh..., and no other kind of hash is known.

The SHA256 hash is useless, because (at least according to the documentation) "ssh-keygen -k" only accepts SHA1 hashes. So let's try the ID.

echo 'id: user' | ssh-keygen -k -f revoked_keys -s ca /dev/stdin

OK, after transferring the result to the server and setting the RevokedKeys option in sshd_config, it works. But, as an admin, I would also like to revoke the key itself (not only the certificate) where I can. And I don't have any information to do so - is it because my wish is something unreasonable?

If my wish is reasonable, please, in the next versions of OpenSSH:

1. If the user uses a certificate, also log the key fingerprint at the default (not debug) verbosity level.

2. Make sure that the logged fingerprint is something that can be understood by "ssh-keygen -k".

--
Alexander E. Patrakov

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux