As described in SSH Authentication Methods article, SSH protocol doesn’t define a standard for storing SSH keys (such as X.509, used in SSL). However, like X.509 certificates, SSH key pairs also have public and private parts and use RSA or DSA algorithms. This made it possible for some SSH software vendors to add X.509 support to recent versions of their SSH products.
How is X.509 used in SSH? X.509 certificates are used as a key storage, i.e. instead of keeping SSH keys in proprietary format, the software keeps X.509 certificates. When SSH key exchange is done, the keys are taken from certificates.
The benefits of use of X.509 certificates are:
- Standard data format;
- Easier management of the keys due to presence of extra information, contained in certificates (subject name, custom extensions);
- Possibility to restrict key validity time by using Valid From and Valid To fields of the certificate;
- Possibility to revoke the certificate (i.e. claim it as no longer valid) and so to block access
There are two ways to use certificates for SSH authentication:
- Full mode. In this mode the certificate is sent to the other side and is available for the other side for validation. Note, that certificate chains are not supported.
- Key-only mode. In this mode the key pair is extracted from the certificate and used for SSH authentication.
Use of certificate in “full” mode is done as follows:
- The client sends the certificate to the server.
- The server validates the certificate following the procedure, defined for X.509 certificate validation (read "Validation of X.509 certificates" article for details).
In “key-only” mode the key pair is extracted from the certificate and used as an SSH key.