openssh unix dev - Sep 2022 - X509 based certificate authentication in OpenSSH

Recent posts here [1] and one of my engineers brought up certificate
authentication topics at the same time, sorry for the necromancing.
> -----Original Message----- [2]
> From: Iain Morgan
> Sent: Monday, June 7, 2010 7:23 PM
> 
> On Mon, Jun 07, 2010 at 17:04:09 -0500, Dani, Naitik wrote:
> > Hello,
> >
> > I would like to know whether OpenSSH supports x509 certificate based
> > authentication.
> 
> No, although Roumen Petrov maintains a patch that adds such support.
I assume this is referring to RFC 6187.

<snip/>
> The developers have maintained a stance that the complexity of X.509
> certificates introduces an unacceptable attack surface for sshd.
Is this still the case? Reading PROTOCOL.certkeys [3], the preamble has not
changed since 2010.

What could possibly allow for discussion on this topic (goal is to add RFC 6187
support and NOT fork - tired of being brow beat with but commercial versions do
it)?
> Instead, they have recently implemented an alternative certificate
> format which is much simpler to parse and thus introduces less risk. See
> the various man pages in OpenSSH 5.5 for more information.
Respectfully,


Jason Pyeron

1:
https://lists.mindrot.org/pipermail/openssh-unix-dev/2022-September/040400.html
2: https://lists.mindrot.org/pipermail/openssh-unix-dev/2010-June/028702.html
3: https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.certkeys

--
Jason Pyeron  | Architect
PD Inc        | Certified SBA 8(a)
10 w 24th St  | Certified SBA HUBZone
Baltimore, MD | CAGE Code: 1WVR6
 
.mil: jason.j.pyeron.ctr at mail.mil
.com: jpyeron at pdinc.us
tel : 202-741-9397

On 22 Sep 2022, at 05:41, Jason Pyeron <jpyeron at pdinc.us> wrote:
>> On Mon, Jun 07, 2010 at 17:04:09 -0500, Dani, Naitik wrote:
>>> I would like to know whether OpenSSH supports x509 certificate
based
>>> authentication.
>> 
>> No, although Roumen Petrov maintains a patch that adds such support.
?
> The developers have maintained a stance that the complexity of X.509
> certificates introduces an unacceptable attack surface for sshd.
...
> Is this still the case? Reading PROTOCOL.certkeys [3], the preamble has not
changed since 2010.
While Petrov?s patches are splendid and (for us at least) rock and rock solid -
I would add that the infrastructure it relies on is indeed not risk free. Even
if one does to consult the network for OCSP or CRL.

We got very nearly taken out through a SSH implementation by CVE-2012-0654 (bad
X.509 ca-authority cert commonly used in the energy industry).

Dw.

On Wed, 21 Sep 2022, Jason Pyeron wrote:
> Recent posts here [1] and one of my engineers brought up certificate
authentication topics at the same time, sorry for the necromancing.
> 
> > -----Original Message----- [2]
> > From: Iain Morgan
> > Sent: Monday, June 7, 2010 7:23 PM
> > 
> > On Mon, Jun 07, 2010 at 17:04:09 -0500, Dani, Naitik wrote:
> > > Hello,
> > >
> > > I would like to know whether OpenSSH supports x509 certificate
based
> > > authentication.
> > 
> > No, although Roumen Petrov maintains a patch that adds such support.
> 
> I assume this is referring to RFC 6187.
> 
> <snip/>
> 
> > The developers have maintained a stance that the complexity of X.509
> > certificates introduces an unacceptable attack surface for sshd.
>
> Is this still the case? Reading PROTOCOL.certkeys [3], the preamble
> has not changed since 2010.
Yes, still the case. X.509 and the associated PKI are too syntactically,
semantically and operationally complex for us to trust.
> What could possibly allow for discussion on this topic (goal is to
> add RFC 6187 support and NOT fork - tired of being brow beat with but
> commercial versions do it)?
We don't have any desire to support X.509 certificates in OpenSSH,
sorry.

-d