What are ssh Certificates

A certificate is a digitally signed public key. Certificates from an authorized entity can be costly. Openssh supports creation of simple certificates and CA infrastructure to avoid high costs. We have two types of certificates; user certificates to authenticate users to host, server certificates to authenticate hosts to users.
Hosts that are to allow “certificate authenticated login” from users must be configured to trust Certification Authority’s public key. CA’s private key is used to sign server and user’s public key, this process results issue of the “Certificate”.

Why to use Certificates ?

First of all, using a certificate from CA removes the need of copying keys between multiple systems. You can either generate new key pairs and issue certificates or use existing public keys and issue certificates.

  • SSH key pair generation for all users and their rotation require more time.
  • Your hosts are not trusted by default. When you connect a remote server authenticity of the server is asked by a fingerprint validation.

This may be asked during a new connection request from a user or each time server changes hostname (In case of migrations). Users in that time, must compare this fingerprint with host’s public key.

But mostly users accept the fingerprint without performing this check. This may open your system to Man in-the Middle attacks.

  • Man in-the Middle attack is based on TOFU (Trust on First Use); once you accidently accept the connection the fingerprint is added into your user’s ~/.ssh/known_hosts file and you won’t be prompted to this warning on next logins. User won’t be aware of they are connecting to a “dangerous host”.
  • CA model signs with its private key, user and host public keys. So that your users and servers trust to Certification Authority. They start to exchange certificates instead of keys during login process.

Standard SSH key pairs don’t have an expiration date. They can be used untill the server is decommisioned. In the same, way nobody controls keys.

How it works?

In CA model server and client keep their current key pairs (Keys can be regenerated as well). But each host has additionally a Certificate file. Once the host get certificate, public key can also be deleted because the certificate containing public key is used in place of id_rsa.pub.

Briefly, instead of trusting authorized_keys file, servers are told to trust a certificate presented by the client during authentication process and vice-versa. Instead of trusting user’s “known_hosts” file, server trusts “host certificate” issued by CA server.

This prevents having many lines in authorized_keys and known_hosts files.

Basically, in Linux OpenSSH CA infrastructure, host’s and user’s public key must be sent to CA server. CA signs them and issues certificates. Then, these certificates must be copied in source server (user’s system) under appropriate user’s ~/.ssh/ directory. Also, host certificates must be distributed across all hosts since they will trust CA server’s signed public key (= CA server’s host certificate).