Home / server / Questions / 1168850
Accepted
Joel Coel
Asked: 2024-12-14 02:02:37 +0800 CST

Use public CA wildcard certificate for initial ssh connection

  • 772

Let's say my organization has a domain example.com and a server running a recent version of Ubuntu with the name myserver.example.com. Let's also say I'm on a Windows machine able to reach the server on port 22. I want to use putty to ssh to this server.

The first time I connect I'll see a warning message like this:

putty message: the host key is not cached for this server

From here I can either connect once and continue to see the error in the future, accept the host key so it will be trusted in the future, or cancel, since I can't validate the identity of the server for certain.

Now let's say I also have a wildcard certificate for *.example.com issued by a major publicly-trusted CA such as DigiCert, Comodo, GlobalSign, etc, and with myserver.example.com in the subject alternative name (SAN) list.

How could I go about installing the certificate to the server so it is used for the ssh connection signature (not user authentication — that will be separate!) and trusted by the client computer, so this warning does not display? What attributes need to be included with the certificate that might not be included out of the box?

ubuntu

3 Answers

  1. Best Answer

    It seems you desire a PKI for SSH:

    How could I go about installing the certificate to the server so it is used for the initial ssh connection (not user authentication — that will be separate!) and trusted by the client computer, so this warning does not display?

    The problem is that OpenSSH can't use X.509 PKI. RFC 6187 declares the way to support that, but stock OpenSSH doesn't implement it. There exist unofficial builds by Roumen Petrov that include such support, and these can actually use X.509 certificates.

    Instead, OpenSSH defines its own ad-hoc form of PKI, see man ssh-keygen for details.

    My most "magical" experience with this, however, was DNSSEC as a PKI and SSHFP DNS RRs to publish keys. In that case conforming clients will not ask this, exactly as you want. PuTTY doesn't support it; built-in OpenSSH client feature of Windows does though (since Windows 10 and Windows Server 2016, AFAIK). But, as @dave_thompson_085 mentioned in their comment, good luck setting it up with Windows workstation; I've never tried it, my workstations are all Linux.

    In a practical sense, the most affordable and easy way is to distribute host keys and/or SSH PKI's signing key to clients using configuration management system like Ansible.

    • 8

  2. I see one indirect way of not-too-manually bootstrapping from an HTTPS cert to PuTTY:

    1. have your webserver serve (over HTTPS) the host's SSH public key(s). The simple way is to copy either the .pub file(s) or just the blob value(s) from /etc/ssh to some appropriate place in your web data. Depending on your server and config it may be possible to have the server access the /etc/ssh file directly, but doing this without sufficient care may create vulnerabilities that allow important secret data to be leaked, and I wouldn't take the chance.

    2. use any HTTPS tool on your client to verifiably download that .pub value(s) -- recent Windows has curl standard, practically any Windows has PowerShell Invoke-Webrequest or vbscript XMLHTTP.

    3. run putty (at least once) with -hostkey x containing the desired publickey blob, or run plink -batch -hostkey x and a dummy command which should update the registry similarly

    • 6

  3. You can't. Ssh does not use TLS. The default security model is trust on first use.

    What you can do is publish the key.

    • 3