Blink: SSH certificate support?

It seems that libssh2 does not currently support certification auth. libssh2/libssh2#289

I've looked at the source and seemingly confirmed it. I looked into other places and it seems like that's an proprietary extension (ssh.com's words) which OpenSSH created that only supports OpenSSL certificates for host and user based authentication.

It seems like maybe Blink should be using OpenSSL. Is there a reason I'm not seeing that blink isn't using it?

Came here to put a +1 on this. I've been following this guide to improve my SSH security practices by using signed host and user certificates. Been following this guide: https://gravitational.com/blog/how-to-ssh-properly/

Sadly, I find out that Blink and libssh2 don't support this. Kind of sad I have everything working and signed except my iPad is going to need a special exception.

@Apreche I'm not sure I quite understand the security advantages to using PKI instead of standard key auth for SSH, particularly for small / home networks. Are you using an HSM to store your CA signing key? If not, what makes this a superior solution?

(Edit: don't mean to derail the feature request, so if this goes on longer than desired I'm happy to take it offline in Discord or something.)

I'm not knowledgeable enough with regards to encryption or security to comment on the security advantages or disadvantages. However, I can discuss why it's attractive to me just for the handful of servers I personally manage.

The main reason is that it changes how known_hosts are handled. The usual pattern is you get the unknown host prompt when you connect, and you have to give it the old eyeball test to make sure it's really the right host. Then your known_hosts file builds up over time with lines to identify the hosts you connect to. If that file is lost, you are back to square one.

With signed certs, the host cert is proof that the host is who they say they are. You have one known_hosts file with the host_ca.pub in it, and you are good to go. If a new host is launched, you can immediately SSH to it and you already "know" it without a prompt!

The second advantage is if you have more users coming and going. The way I used to do things is I had to manage authorized_keys files on each host. With certificate signing, a user gets their user keys signed by the user_ca and they can immediately connect to all hosts they have permission for. No need to go around putting their pub key on every single host.

For removing users I presume you wait for their cert to expire and don't issue a new one for them. Either that, or rotate the user_ca key and only sign new certs for the current users.

I'm personally not using a HSM, but I am storing the signing keys on a pair of normal old USB sticks that are stored in separate safe places.

Lastly, while right now I am only using this method for my personal systems, it's not out of the question that my employer might want to do things this way as well, and that I might want to use Blink in an emergency. I don't always have my work laptop, but I am rarely without an iOS device.

Thanks!

@Apreche I made my comment because of the same guide. I am thinking that maybe implementing PKI at least for OpenSSH devices is good enough and then using an OpenSSH device you can add the iPad key to AuthorizedKeys as needed. It might be what I end up doing.

@sbromberger I primarily use my iPad to give my employer/manager peace of mind that I can access servers we run in AWS. We have ~40-60 which AWS places a key in the AuthorizedKeys for us. PKI is nice because it prevents me copying the keys and instead focusing on signing the public keys. It also lets me know the servers are legit (via HostKeys) given that Auto Scale Groups are routinely updated/scaled and so the servers I need to access change regularly.

In a small or home network it's overkill, but probably a good place to practice.

@Apreche and @0xCMP - thanks to both of you for the explanation of your use cases. I understand the reasons better now.

I agree,

It would be great to have ssh certificate support.

Most of the time, I have a 802.1X with eap-tls to connect device to the network.
It's more convenient to use the certificate than the host key that is generated in the device.

It improve the security because certificate have a lifespan.
it's more convenient to have : host_ca.pub as stated by others.