Signing ssh host certificate makes ssh-audit give "fail" messages

[rwv37]

I just used step ssh certificate to sign a couple host *.pub files (one RSA and one ED25519). I then changed sshd_config to use the signed certs via HostCertificate, stop/started sshd, and ran ssh-audit. I had previously had sshd_config set up such that ssh-audit had no complaints, but now:

(key) [email protected] (4096-bit cert/256-bit ecdsa-sha2-nistp256 CA) -- [fail] CA key uses elliptic curves that are suspected as being backdoored by the U.S. National Security Agency
(key) [email protected] (4096-bit cert/256-bit ecdsa-sha2-nistp256 CA) -- [fail] CA key uses elliptic curves that are suspected as being backdoored by the U.S. National Security Agency
(key) [email protected] (256-bit cert/256-bit ecdsa-sha2-nistp256 CA) -- [fail] CA key uses elliptic curves that are suspected as being backdoored by the U.S. National Security Agency
(rec) [email protected]    -- key algorithm to change (increase modulus size to 3072 bits or larger)
(rec) [email protected]    -- key algorithm to change (increase modulus size to 3072 bits or larger)
(rec) [email protected]     -- key algorithm to remove

I then used step ssh inspect to check the signed certificates, and it looks to me like they were indeed signed with that algorithm. Example (the other is similar):

Signing CA: ECDSA _SHA256:(...) (using ecdsa-sha2-nistp256)

I then reread the step ssh certificate documentation, but nothing jumped out at me as perhaps being a way to specify the signing algorithm to be used. Is there such a way? If so, how? Thanks.

[tashian]

Yes, we use ecdsa-sha2-nistp256 by default because we believe it's the best option for most people.

While step ssh certificate doesn't support a flag for specifying a different key type, you can choose other key types by generating the key pair first using ssh-keygen, then signing the certificate using step ssh certificate --sign and passing in the public key you just generated:

ssh-keygen -t rsa -b 3072 -f ./sshtest
step ssh certificate --sign [email protected] sshtest.pub
step ssh inspect sshtest-cert.pub
sshtest-cert.pub:
        Type: [email protected] user certificate
        Public key: RSA-CERT SHA256:66ZNXR+HC2L93Hd/WR00E6j3FDyohpKdwYGd6k0EpZc
        Signing CA: RSA SHA256:6atLquoiBrYSnvnVSUX9z800w7C+koDeYHzU/Xd7XX8 (using rsa-sha2-256)
        Key ID: "[email protected]"
        Serial: 11122699921763091483
        Valid: from 2024-06-10T13:52:35 to 2024-06-11T05:53:35
        Principals:
                carl
                [email protected]
        Critical Options: (none)
        Extensions:
                permit-X11-forwarding
                permit-agent-forwarding
                permit-port-forwarding
                permit-pty
                permit-user-rc
        Signature:
                6e:c8:eb:d8:d0:46:42:6d:33:bb:2f:33:c1:3e:6b:a3:
                ...

(Note, for this example I used a PKI configured with an RSA key pair for the SSH user CA. I did this by creating a PKI using step ca init --ssh, then manually replacing the SSH CA key files that were generated, again using keys created with ssh-keygen.)

Hope this helps.