Discussion
Jan-Piet Mens
thomashabets2: Every couple of months someone re-discovers SSH certificates, and blogs about them.I'm guilty of it too. My blog post from 15 years ago is nowhere near as good as OP's post, but if I though me of 15 years ago lived up to my standards of today, I'd be really disappointed: https://blog.habets.se/2011/07/OpenSSH-certificates.html
Thom2000: Sadly services such as Github don't support these so it's mostly good for internal infrastructure.
linsomniac: In our dev/stg environment we reinstall half our machines every morning (largely to test our machine setup automation), and SSH host certificates make that so much nicer than having to persist host keys or remove/replace them in known_hosts. Highly recommended.
kaoD: I've known SSH certs for a while but never went through the effort of migrating away from keys. I'm very frustrated about manually managing my SSH keys across my different servers and devices though.I assume you gathered a lot of thoughts over these 15 years.Should I invest in making the switch?
ibotty: Yes. Caveat: It might not really be worth it if all your infrastructure is managed by these newfangled infrastructure-as-code-things that are quick to roll out (OpenShift/OKD, Talos, etc.) and you have only one repo to change SSH keys (single cluster or single repo for all clusters).There are some serious security benefits for larger organizations but it does not sound as if you are part of one.
lights0123: They do, for Enterprise customers only: https://docs.github.com/en/enterprise-cloud@latest/organizat...They've rolled their host key one time, so there's little reason for them to use it on the host side.
thomashabets2: If your use case is such that you are frustrated about managing keys, host or user keys, then yes it does sound like SSH certs would help you. E.g. when you have many users, servers, or high enough cartesian product of the two.In environment where they don't cause frustration they're not worth it.Not really more to it than that, from my point of view.
papyDoctor: Another useful feature of SSH certificates is that you can sign a user’s public key to grant them access to a remote machine for a limited time and as a specific remote user.
Tepix: The author lists all the advantes of CA certificates, yet doesn't list the disadvantages. OTOH, all the many steps required to set it up make the disadvantages rather obvious.Also, I've never had a security issue due to TOFU, have you?
adrian_b: TOFU is convenient, but not necessary.Choosing to use TOFU is a distinct choice from the choice of using the keys generated by SSH, instead of using certificates.If you do not want to use TOFU, for extra security, you just have to pair the computers by copying between them the corresponding public keys through a secure channel, e.g. by using a USB memory.Using certificates does not add any simplification or any extra security.For real security, you still must pair the communicating computers by copying between them the corresponding certificates, through a secure channel, e.g. a USB memory.When you use for HTTPS the certificates that have come with your Internet browser, you trust that the installer package for the browser has come to that computer through a secure channel from the authority that has created the certificates. This is usually an assumption much more far fetched than the assumption that you can trust TOFU between computers under your control.
otabdeveloper4: You will have to manage your SSH CA certificates instead of your keys.The workflows SSH CA's are extremely janky and insecure.
jcalvinowens: You can also address TOFU to some extent using SSHFP DNS records.Openssh supports checking the DNSSEC signature in the client, in theory, but it's a configure option and I'm not sure if distros build with it.
jsiepkes: On top of that you would need something to secure DNS. Like DNSSEC or at the very least use DNS with TLS or DNS over HTTP. None of these are typically enabled by default.
bobo56539: With the recent wave of npm hacks stealing private keys, I wanted to limit key's lifetimes.I've set up a couple of yubikeys as SSH CAs on hosts I manage. I use them to create short lived certs (say 24h) at the start of the day. This way i only have to enter the yubikey pin once a day.I could not find an easy way to limit maximum certificate lifetime in openssh, except for using the AuthorizedPrincipalCommand, which feels very fragile.Does anyone else have any experience with a similar setup? How do you limit cert max lifetime?
akerl_: > Also, I've never had a security issue due to TOFU, have you?This is a bit like suggesting you've never been in a car crash, so seat belts must not be worth considering.Do you feel that beyond the obvious and documented work in setting them up, there are disadvantages to using SSH certificates?
adrian_b: Certificates provide extra features, like revocation.However, if you do not need the extra features provided by certificates, using SSH-generated keys is strictly equivalent with using certificates and it requires less work.TOFU is neither necessary nor recommended, it is just a convenience feature, to be used when security may be lax.The secure way to use SSH is to never use TOFU but to pair the user and the server by copying the public keys between the 2 computers through a secure channel, e.g. either by using a USB memory or by sending the public keys through already existing authenticated encrypted links that pass through other computers.When using certificates, a completely identical procedure must be used. After certificates are generated, like also after SSH keys are generated, the certificates must be copied to the client computer and the server computer through secure channels.
gkoz: Are you pairing computers by copying certificates to visit this site?
