wiki:OpenPGPandSSH

Version 2 (modified by dkg, 6 years ago) (diff)

--

  1. Using OpenPGP certificates with SSH connections
    1. Goals
    2. Overview
    3. Simplifying Assumptions
    4. Validating the User
    5. Authenticating the Server
    6. Key revocation
    7. Key transitions
    8. Other Work

Using OpenPGP certificates with SSH connections

This page tries to document a proposal for using OpenPGP certificates with SSH connections.

Goals

  • Use all free software
  • Use OpenPGP certificates for authentication in both directions (client->server and server->client)
  • Authorization should use User IDs, not keys
  • Key revocation/transition should be straightforward and effective without explicit notification of individual hosts or users
  • End users and server administrators should be able to choose who they trust to properly identify other entities during authentication
  • Any implementation should be cleanly interoperable with a non-OpenPGP-capable SSH implementation
  • Minimize the amount of patching of upstream sources. Ideally, people should be able to use this framework with the existing tools

Overview

OpenSSH provides a functional way for management of explicit RSA keys (without certification of any type). The basic idea of this project is to create a framework that uses GPG's keyring manipulation capabilities and public keyservers to generate files that OpenSSH will accept and handle without complaint.

Both entities in an OpenSSH connection thus have the responsibility to explicitly designate who they trust to identify others. They can explicitly indicate this trust relationship with traditional GPG keyring trust indicators. No modification is made to the SSH protocol on the wire, which continues to use raw RSA public keys.

Simplifying Assumptions

These assumptions might not be necessary, but we'll humor them for the sake of a clean implementation at the moment.

  • Only use RSA keys, since RSA is known to work with both OpenSSH and GPG.
  • This framework will use a specialized keyring for each entity, so that explicit trust relationships mapped here don't necessarily overflow into other OpenPGP-covered domains.
  • A redundant set of public keyservers is available for both client and server to access (both query and upload) at will.

Validating the User

The server's job when a connection is created is to authenticate an incoming request, and to verify that the authenticated entity is authorized to connect.

Authenticating the Server

When initiating a connection, a user needs to verify that she is actually connecting to the specific host she expects it to be.

Key revocation

How does key revocation work? How can we be sure that a revoked key is no longer accepted within a reasonable period of time after the revocation takes place?

Key transitions

Say a user or a host needs to change keys. How can a new key be adopted smoothly without explicit notification of all the relevant hosts?

Other Work

  • openssh-gpg is a (relatively stale) attempt to do something similar