| ▲ | dlenski 8 hours ago |
| SSH is an incredibly versatile and useful tool, but many things about the protocol are poorly designed, including its essentially made-up-as-you-go-along wire formats for authentication negotiation, key exchange, etc. In 2024-2025, I did a survey of millions of public keys on the Internet, gathered from SSH servers and users in addition to TLS hosts, and discovered—among other problems—that it's incredibly easy to misuse SSH keys in large part because they're stored "bare" rather than encapsulated into a certificate format that can provide some guidance as to how they should be used and for what purposes they should be trusted: https://cryptographycaffe.sandboxaq.com/posts/survey-public-.... |
|
| ▲ | dotwaffle 7 hours ago | parent | next [-] |
| That's the point, though. An SSH key gives authentication, not authorization. Generally a certificate is a key signed by some other mutually trusted authority, which SSH explicitly tried to avoid. |
| |
| ▲ | simonjgreen 5 hours ago | parent | next [-] | | SSH does support certificate based auth, and it’s a great upgrade to grant yourself if you are responsible for a multi human single user system. It grants revocation, short lifetime, and identity metadata for auditing, all with vanilla tooling that doesn’t impose things on the target system. | | |
| ▲ | waynesonfire 4 hours ago | parent [-] | | > multi human single user system A rather niche use-case to promote certificate auth... I'd add the killer-app feature is not having to manage authorized_keys. |
| |
| ▲ | _bernd 3 hours ago | parent | prev [-] | | You can also sign ssh host keys with an ssh ca. See ssh_config and ssh-keygen man-pages... |
|
|
| ▲ | Charon77 8 hours ago | parent | prev [-] |
| What good does certificate format do? Certainly won't make people not reuse it the same way. > where the affected users might be surprised or alarmed to learn that it is possible to link these real-world identities. I feel like it's obvious that ssh public keys publically identifies me, and if I don't want that, I can make different keys for different sites. |
| |
| ▲ | bauruine 7 hours ago | parent [-] | | ssh by default sends all your public keys to a server. Yes you can limit some keys to specific hosts but it's very easy to dox yourself. | | |
| ▲ | grey-area 6 hours ago | parent | next [-] | | Doesn’t it try one key at a time rather than send all? | | |
| ▲ | bauruine 6 hours ago | parent | next [-] | | True but a server that wants to "deanonymize" you can just reject each key till he has all the default keys and the ones you added to your ssh agent. You can try it yourself [0] returns all the keys you send and even shows you your github username if one of the keys is used there. [0] ssh whoami.filippo.io | | |
| ▲ | grey-area 5 hours ago | parent [-] | | Nice, tried it out. This wording is incorrect though: "Did you know that ssh sends all your public keys to any server it tries to authenticate to?" It should be may send, because in the majority of cases it does not in fact send all your public keys. |
| |
| ▲ | rwmj 4 hours ago | parent | prev | next [-] | | Modern sshd limits the number of retries. I have 5 or 6 keys and end up DoSing myself sometimes. | | |
| ▲ | grepfru_it 24 minutes ago | parent [-] | | This thread made me realize why fail2ban keeps banning me after one failed password entry :lightbulb: |
| |
| ▲ | unsnap_biceps 6 hours ago | parent | prev [-] | | It does, and there's typically a maximum number of attempts (MaxAuthTries defaults to 6 IIRC) before the server just rejects the connection attempt. | | |
| ▲ | 84634E1A607A 5 hours ago | parent [-] | | Yep, but this is server-side setting. Were I a sniffer, I would set this to 10000 and now I can correlate keys. |
|
| |
| ▲ | ulrikrasmussen 7 hours ago | parent | prev | next [-] | | I had never thought about that. Seems like an easy problem to fix by sending salted hashes instead. | | |
| ▲ | unsnap_biceps 6 hours ago | parent [-] | | The server matches your purposed public key with one in the authorized keys file. If you don't want to expose your raw public key to the server, you'll need to generate and send the hashed key format into the authorized keys file, which at that point is the same as just generating a new purpose built key, no? Am I missing something? |
| |
| ▲ | est 6 hours ago | parent | prev [-] | | so it's good practice to store key in non-default location and use ~/.ssh/config to point the path for each host? | | |
| ▲ | 9dev 6 hours ago | parent | next [-] | | What a great case of "you're holding it wrong!" I need to add individual configuration to every host I ever want to connect to before connecting to avoid exposing all public keys on my device? What if I mistype and contact a server not my own by accident? This is just an awfully designed feature, is all. | | |
| ▲ | est 5 hours ago | parent [-] | | > add individual configuration to every host I ever want to connect Are you AI? You can wildcard match hosts in ssh config. You generally have less than a dozen of keys and it's not that difficult to manage. | | |
| ▲ | kemotep 3 hours ago | parent [-] | | I have over a dozen ssh keys (one for each service and duplicates for each yubikey) and other than the 1 time I setup .ssh/config it just works. I have the setting to only send that specific host’s identity configured or else I DoS myself with this many keys trying to sign into a computer sitting next to me on my desk through ssh. Like I can’t imagine complaining about adding 5 lines to a config file whenever you set up a new service to ssh onto. And you can effectively copy and paste 90% of those 5 short lines, just needing to edit the hostname and key file locations. |
|
| |
| ▲ | wasmitnetzen 5 hours ago | parent | prev | next [-] | | I would say it's best practice to use a key agent backed by a password manager. | |
| ▲ | geocar 6 hours ago | parent | prev [-] | | Specifically to use a different key for each host. |
|
|
|
