Christopher J. Ruwe
2020-Sep-20 13:30 UTC
clarify error messages and documentation when using signed public keys
Hi, spurred by a severe mistunderstanding on my part, I found myself in a very OSI-8/PEBCAC situation. I would like to politely suggest two hopefully small alterations to make such misunderstandings more difficult and stop a misguided user much earlier. Please bear with my explanation, I try to be brief. My problem's root cause was that misunderstood what a ssh certificate actually is. Instead of staying with the concept "certificate" consisting of a public part and a key, signed by some authority or oneself (yes, that is how the word certificate is normally used), I mistook the signed public key for something alike to a token, which would _replace instead of extend_ the public/private key pair. That I managed to confuse these two concepts is entirely my own fault, having worked with token-based systems, I fear I fell into the "have a hammer, everything is a nail" trap. Once I fell into it, however, I felt encouraged by the behaviour of `ssh` and parts of the man pages, which I would like to suggest to change. First, it is actually possible to pass the certificate, which is the signed public key, with the switch `-i`. From the perspective of my misunderstanding, that made perfect sense, because, when thinking of a token, that token is a secret corresponding to the private part of the key. When calling `ssh -i <pub-signed>` and when key pairs from default locations are used to have the public part signed, the corresponding private key is still used and the login succeeds without any notice that the user is doing something wrong. Only with other, different keypairs, the login errors (missing the private key, as I now understand) with "Load key <path>: invalid format". If possible (that's breaking), I would like to suggest to alter the behaviour of `ssh` to outright refuse to accept anything which is not a secret key on `-i` and to substitute the "invalid format" message with "<path> is not a private key". If that is considered to harsh, I would like to ask for a warning with a message as above instead of ssh silently succeeding with a login. The second change I would like to suggest concerns the man page SSH-KEYGEN(1). There the section CERTIFICATES states that> [...] Certificates consist of a public key, some identity > information, zero or more principal (user or host) names and a set > of options that are signed by a Certification Authority (CA) key. > Clients or servers may then trust only the CA key and verify its > signature on a certificate rather than trusting many user/host keys.The wording "only the CA key [...] rather than" reinforced my misunderstanding that the secret part is replaced. I would like to suggest to rephrase that line to state something like "In an otherwise normal public/private key pair exchange, clients or servers may then trust any public key, provided it has been signed by a trusted CA, and verify it's signature on a certificate fingerprint, instead of trusting a set of individual user/host keys configured on a single host." I believe with these changes, a misguided user would be stopped much earlier and, equipped with clearer error or warning messages, would graps conceptual misunderstandings faster. Thank you for your patience and consideration. Cheers, -- Christopher
Christopher J. Ruwe
2020-Sep-20 17:56 UTC
clarify error messages and documentation when using signed public keys
On Sun, 2020-09-20 at 15:30 +0200, Christopher J. Ruwe wrote:> "In an otherwise normal public/private key pair exchange, clients or > servers may then trust any public key, provided it has been signed > by a trusted CA, and verify it's signature on a certificate > fingerprint, instead of trusting a set of individual user/host keys > configured on a single host."Sorry to have muddled that up again. It's not the fingerprint on which the verification is done, it's the certificate. So it should be "In an otherwise normal public/private key pair exchange, clients or servers may then trust any public key, provided it has been signed by a trusted CA, and verify it's signature on the certificate of the CA, instead of trusting a set of individual user/host keys configured on a single host." Please excuse the noise. -- Christopher
Brian Candler
2020-Sep-20 19:48 UTC
clarify error messages and documentation when using signed public keys
On 20/09/2020 18:56, Christopher J. Ruwe wrote:> "In an otherwise normal public/private key pair exchange, clients or > servers may then trust any public key, provided it has been signed by > a trusted CA, and verify it's [sic] signature on the certificate of the CA,There is no signature "on the certificate of the CA", because unlike X509, the SSH CA doesn't have a self-signed certificate - just a public/private key pair. The signature is *on* the user (or host) certificate, and this signature is made *by* the CA.? You can verify the signature using the public key of the CA.