2

I need to create a SSH certificate encoded as X.509 per RFC 6187, X.509v3 Certificates for Secure Shell Authentication. Base on the ssh-keygen (1) man page and a few online tutorials I am at the point I can create the CA, sign a user identity, and save it in OpenSSH certificate format.

Here are the instructions:

  1. Create CA key

    ssh-keygen -b 4096 -t rsa -f example-com-ca -C "CA key for example.com"

  2. Create User key

    ssh-keygen -b 2048 -t rsa -f id_rsa -C jdoe@example.com

  3. Create User certificate

    ssh-keygen -s example-com-ca -n jdoe@example.com -V +52w -I example.com-user ./id_rsa.pub

The resulting certificate is OpenSSH format:

$ cat id_rsa-cert.pub
ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg0Ta
5nRrxKSB3k5sqCMH27W715uEUB54FKH44mBUMlCkAAAADAQABAAABAQDw8XuWbvSGsxyUdBY+KCfSRRz
G525MUN9/nbshWdl60ozMc4KU/Td44J8jKVq/hNHuyO7kqTaaeiO61FQmRPz3/vpmwUGEWkdhdQ5ujBj
1+X2/acnV+8Q2mXzxnvMvkcPh4T2jSXEMTJ8v5WG6cJkih+rJEbHHJF0tpxRSyxiNKfenDRRmGiyABd1
JDmkLLaNFLSSo4WeCFQ82nMi4Lod4QQMlakPgd76s6GNFflRklFWuhRadCdxrnz5e9ZMV8vDeAi+8IS8
9z+hWotYC4TVAb8is72Un6/1rwNQgWX5NcX3O1ocboJuEanFIh2QJTYq/UBwSQobH2+fXq06Qm4efAAA
AAAAAAAAAAAABAAAAEGV4YW1wbGUuY29tLXVzZXIAAAAUAAAAEGpkb2VAZXhhbXBsZS5jb20AAAAAXSv
+tAAAAABfC+ETAAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWd
lbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB
0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAAhcAAAAHc3NoLXJzYQAAAAMBAAEAAAIBAMG
bEpcMRTnu5ewWWytcQqzcnSDZbF5yRYpEyQsKTLrQmSux104OOsXQ/5ba30/li4uewK0sL7Qqb79ZCVh
9pH4dnZf6KYIEtkTV2mj4d11ZsRYMXAcBSpuua+O6CTdEGMtmWrQZ3mVUMvCy8UFqcePE/QjxgvUBYZN
jRxx+nPtbYf88AWF1/I6uwKODaPspwpwh07TTqNjmIMpvc6gTWx0RO1avzTveOEvTnapgJI0mRjUmyGX
vvncE9U0WC65kugIkZcjI/kkXBVrgYVfhDssF8bvX2cO7NQt4QH5yANWgm0HraGqmNRAPXd84vomI0gF
8W4xwC9gnfJzjheeXLUEzSXOwiZSU2ElF1kGUlYRtM59VUjsTvFxjrXA9pPtGO5RopXot1GB3Y7vxnkj
blDzSdMAeLms0jv8Um6ty9uDzmW8o5GHZudatL8CAEP6HIvLrI6zQeI8iIlLmCsNjxE8p7annldcrNsX
f8hpNeG7RPtgcU1pMmc/fc3UPBvToqnMVfjKi1n2kGYrhOiNbfcpW7nZUSfLcSZGryIYMb7IlTjsXm6v
E1rCzJKukcMuI8U3qUwRzRS/xgLF5msSOiJ9qFM/FERGa6zYvdgTV2aq/07fDedqleChMreCiYPxPp1n
DLJOBcC+nvx7tIGj05z9BJvuCfOQWVnjIjZc0tUitAAACDwAAAAdzc2gtcnNhAAACALBk/Z4b3Z4O35H
NpC91oLWJExk39tkjdgJBC7YelzfH7apA4em/rk8G219EIJ8elKifJzLze1t3bfWOx/dwUHuTfqZ/e1h
j6Q/iNDQ9Q/2ijWso1E6alSIapdGogWHCQ4IDBlWaF8xzlCACbo82js2uvSYmbbcMlXPKqLbPJwiNJt8
AhDz3/JqRqedN7tObDMgUz0O0PGkYwUXjVV77EaVpRZF3ffTvnBBw9vHSwriVOZgOk4l2iXbZU51A+QB
l8bgFj4QCGvobMul/0AV+QsQ20AqUQ/nEIM1rXuH+ki0PYVpKkXPhKf2ODkLZdmpuKZX5lM9FumkFf/s
VVPa5GsonJG5s2VVEz7L+Ed6KBaJ+kFQrXu4hDxwEUCd/y/gYSicOb7B7N0jkPaVwRoR6tb0mAXGKE44
tumvptu/AJjlB23QOgIIToARgqampzmPwAm8jbU2AU3RtWx+RZGPnJKsJPtADMZ7ByJnGY/mPoNpGqQc
H8h+tClb1Ihxhbh1RQSuJNdgNlNGJbSdsonS9/8fxyxt7ok06Z05N6dy3PLwTuub1EzKmeSwQhHLHWXA
SKILcUaMosak1ybQZz8kMMrsMMUA2ubjrtGA8oe5skhc9gbAurebO1iGg+asUSNycDXZypwl20wpMlzL
VkxXSGHIz6Cd9QsfmJtuQh4QXfFrE jdoe@example.com

This is where I am having trouble. I don't see a ssh-keygen (1) option to write the certificate in X.509 format. I prefer PEM encoding, but I can probably work with ASN.1/DER encoding.

How does one write the certificate in X.509 format?

A related question is at Alternatives to SSH x509 logon.

Community
  • 1
jww
  • 11,918
  • 44
  • 119
  • 208

2 Answers2

4

OpenSSH does not support X.509 – it can neither generate such certificates nor consume them. (OpenSSH CAs are something entirely different, and there is no standard OpenSSH CA ⇆ X.509 translation specified. Besides the format, they intentionally don't support many PKI features like multi-level CA hierarchy, while being able to carry OpenSSH-specific "key options" and other metadata that doesn't have corresponding X.509 extensions.)

You probably want Roumen Petrov's PKIX-SSH, which is an actively maintained OpenSSH fork with extensive X.509 PKI support, including the RFC 6187 x509v3-* formats.

If you must generate an authorized_keys entry for an existing X.509 certificate, without having the necessary tools, the format is relatively simple and can be done by hand via any programming language. The authorized_keys data is always based on SSHv2 packet format (where each 'string' is implicitly preceded by uint32be indicating its length); the first item is always a string with the pubkey type itself; the remainder is as documented in page 5.

(The 'certificate' field holds DER-encoded data, but note that PEM encoding is literally just Base64 around the same ASN.1 DER, with "begin/end" headers slapped on.)

Community
  • 1
u1686_grawity
  • 426,297
  • 64
  • 894
  • 966
  • Thanks. It is amazing OpenSSH does not support world wide standards in 2019... – jww Jul 15 '19 at 05:18
  • 2
    Being an approved IETF RFC doesn't make it a world-wide standard. Being a standard doesn't make it a _mandatory_ standard. Very few SSHv2 clients in fact support X.509, even outside the open-source world. – u1686_grawity Jul 15 '19 at 05:18
  • I think your are the first person I've encountered who takes the position IETF does not publish world wide standards. I'd like to hear more... Do you claim they don't publish standards; or they only publish local and regional standards? – jww Jul 15 '19 at 16:05
  • I claim none of the above. You deliberately misinterpret what I say, and I'm not going to "discuss" this further. – u1686_grawity Jul 15 '19 at 20:31
0

I have been struggling with authentication via SSH using X509 certificates, and after some time I have understood it and tested with success.

In case it's useful for anyone I have written a post explaining the full process on a blog I have just deployed (in a quick & dirty way, the blog is simple and not very pretty, but useful).

You can read a full description of the test in the article "OpenSSH with X509 certificates HOW TO".

Regards.

Ciges
  • 111
  • 4