How can I set up OpenSSH x. 509 for authentication?
I do not mean simply putting the public RSA key of a x.509 certificate into ~/.ssh/authorized_keys - I'm looking for a way to set up a ssh such that x.509 certificates signed by a predefined CA will automatically be granted access to the linked user account. RFC 6187 seems to suggest such a functionality, but I can't find any documentation on this, or whether it is implemented in OpenSSH at all. Here's a more elaborate description of what I want to do: A CA ("SSH-CA") is set up
This CA is used to sign user certificates with keyUsage=digitalSignature (and maybe the id-kp-secureShellClient extendedKeyUsage field)
This certificate can now be used to log in on a server. The server does not require the public key being present in the authorized_keys. Instead, it is set up to trust the SSH-CA to verify the public key and signature of the certificate (or certificate chain) and the username/UID (probably directly in the subjectAltName field, or maybe using some server-side mapping) before the usual RSA authentication takes place
So, (how) can this be achieved with OpenSSH, and if it requires a patch how can client-side modifications be kept minimal?
With OpenSSH it's not possible. As said by @TildalWave you need to use the fork from Roumen Petrov PKIXSSH. Once you have your OpenSSH x. 509 certificate you don't need to add the public key on the authorized_keys file. You need to configure two things in the server side: Add the certificate for the CA in the directory set by CACertificatePath directive in the sshd_config file (normally /etc/ssh/ca/crt, I think) with a link for the hash of the certificate. For creating the link use openssl. Supposing the CA certificate has been copied under /etc/ssh/ca/crt/ca.crt the commands will be:
cd /etc/ssh/ca/crt/
ln -s ca.crt `openssl x509 -in ca.crt -noout -hash`.0
Add the "subject" information of x509 certificate to the authorized_keys file of the user (in destination server)
Suppose the private key and the X509 certificate of the user is in ssh/id_rsa to get the subject run in the client:
openssl x509 -noout -subject -in .ssh/id_rsa
And then on the server, add this line with the prefix x509v3-sign-rsa subject= to the authorized_keys.
This line will have a content similar to this one:
x509v3-sign-rsa subject= /C=ES/ST=Pontevedra/L=Vigo/CN=testssh/emailAddress=josemanuel@ciges.net
As we can see, the authentication is really made trusting the CA for any valid x509 certificate from the user. We could generate a new certificate and it will be accepted with no intervention on the server side.