Hello.
I am trying to play through the following test scenario about
certificate revocation on Ubuntu 18.04, which has OpenSSH of this version:
OpenSSH_7.6p1 Ubuntu-4, OpenSSL 1.0.2n 7 Dec 2017
1. A CA key is created
ssh-keygen -t ed25519 -f ca
2. The CA public key is added to ~/.ssh/authorized_keys on some server:
cert-authority ssh-ed25519 AAAA...e ca@yoga
3. A user key is created on a different laptop:
ssh-keygen -t ed25519 -f user
4. The CA gets user.pub, signs the user key and applies restrictions,
then transfers user-cert.pub back to the user's laptop
ssh-keygen -s ca -I user -V 20180906:20180908 -O clear -O permit-pty user
(yes I know, at this point the CA has made a mistake of not specifying
the unique serial, but still there is a unique ID supplied with "-I
user", so nothing fatal)
5. The CA destroys its copy of the user.pub and user-cert.pub files,
because a guide (e.g. https://ef.gy/hardening-ssh) says it is a good idea.
6. The user logs in using the certificate:
ssh -o IdentitiesOnly=yes -o
PubkeyAcceptedKeyTypes=ssh-ed25519-cert-v01@xxxxxxxxxxx -i user remote-host
Up to this point, everything works fine.
7. The user's laptop is stolen, the passphrase guessed, and now the
thief is the only person who has access to the user's private key,
public key and the certificate. The thief logs into the server. Now the
admin needs to revoke the certificate (and ideally the certified key
itself, just in case), based on the available information in the logs.
In the log, with the default verbosity level, there are lines like this:
Sep 6 16:11:07 test-5-9v sshd[13415]: Accepted publickey for user from
2001:470:<remaining-octets-hidden> port 53104 ssh2: ED25519-CERT ID user
(serial 0) CA ED25519 SHA256:pN9HcOzg1nDWEpui9Yzjm24kfh6mHWf4ihHVaW4HKe8
I.e. nothing except the id and the serial about the certificate or the
key itself. The SHA256 fingerprint is that of the CA public key.
At the DEBUG verbosity level, there is also a line that says the SHA256
fingerprint of the user's (not CA) key:
Sep 6 17:02:03 test-5-9v sshd[13997]: debug1: userauth_pubkey: test
whether pkalg/pkblob are acceptable for ED25519-CERT
SHA256:KdBhCunApB01QV7kw/+FsS/BAfnFxpaKCbPVQrzGmrc [preauth]
OK, so the CA needs to revoke a certificate with ID "user" (let's
suppose it is unique), or key hash SHA256:KdBh..., and no other kind of
hash is known.
The SHA256 hash is useless, because (at least according to the
documentation) "ssh-keygen -k" only accepts SHA1 hashes. So let's try
the ID.
echo 'id: user' | ssh-keygen -k -f revoked_keys -s ca /dev/stdin
OK, after transferring the result to the server and setting the
RevokedKeys option in sshd_config, it works. But, as an admin, I would
also like to revoke the key itself (not only the certificate) where I
can. And I don't have any information to do so - is it because my wish
is something unreasonable?
If my wish is reasonable, please, in the next versions of OpenSSH:
1. If the user uses a certificate, also log the key fingerprint at the
default (not debug) verbosity level.
2. Make sure that the logged fingerprint is something that can be
understood by "ssh-keygen -k".
--
Alexander E. Patrakov
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev