Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ssh signataure to step ssh inspect #700

Merged
merged 1 commit into from Jul 15, 2022
Merged

Add ssh signataure to step ssh inspect #700

merged 1 commit into from Jul 15, 2022

Conversation

maraino
Copy link
Collaborator

@maraino maraino commented Jul 15, 2022
edited

Description

This PR adds the signature and signature type to the step ssh inspect command. Fixes #699

Now a certificate will inspect as:

$ step ssh inspect mariano-cert.pub
mariano-cert.pub:
        Type: ecdsa-sha2-nistp256-cert-v01@openssh.com user certificate
        Public key: ECDSA-CERT SHA256:a8SHPBTzbkmcfAp+FWBoOj87k7wnGEG3qleXFPXz8FM
        Signing CA: ECDSA SHA256:ExpOxCvxwkeqnHuUtTR5dhsTUFgcN1QeuAYqOGE6200 (using ecdsa-sha2-nistp256)
        Key ID: "mariano@smallstep.com"
        Serial: 6770237405177342977
        Valid: from 2022-02-01T12:01:07 to 2022-02-02T04:02:07
        Principals:
                mariano@smallstep.com
        Critical Options: (none)
        Extensions:
                permit-port-forwarding
                permit-pty
                permit-user-rc
                permit-X11-forwarding
                permit-agent-forwarding
        Signature:
                00:00:00:20:62:59:41:e3:96:ab:49:95:e8:6a:1d:a5:
                9e:63:21:c5:b6:1d:66:f9:40:e8:7b:ec:c4:4c:41:c9:
                33:8e:2b:a3:00:00:00:21:00:a9:f0:ee:9c:69:5a:4f:
                a8:f3:dd:8c:88:36:92:3f:3a:70:31:fe:52:53:cf:b4:
                05:cd:a3:ba:1b:69:5b:3c:e0

The (using ecdsa-sha2-nistp256) has been added too to match the output of ssh-keygen -L -f mariano-cert.pub. Note that ssh-keygen does not display the signature.

@github-actions github-actions bot added the needs triage Waiting for discussion / prioritization by team label Jul 15, 2022
@maraino maraino marked this pull request as ready for review July 15, 2022 19:26
@maraino maraino requested a review from dopey July 15, 2022 19:27
@maraino maraino mentioned this pull request Jul 15, 2022
Closed
@maraino
Copy link
Collaborator Author

maraino commented Jul 15, 2022

The JSON format looks like this:

{
  "Type": "user",
  "KeyName": "ecdsa-sha2-nistp256-cert-v01@openssh.com",
  "KeyID": "mariano@smallstep.com",
  "KeyAlgo": "ECDSA",
  "KeyFingerprint": "SHA256:a8SHPBTzbkmcfAp+FWBoOj87k7wnGEG3qleXFPXz8FM",
  "SigningKeyAlgo": "ECDSA",
  "SigningKeyFingerprint": "SHA256:ExpOxCvxwkeqnHuUtTR5dhsTUFgcN1QeuAYqOGE6200",
  "Signature": {
    "Type": "ecdsa-sha2-nistp256",
    "Value": "AAAAIGJZQeOWq0mV6GodpZ5jIcW2HWb5QOh77MRMQckzjiujAAAAIQCp8O6caVpPqPPdjIg2kj86cDH+UlPPtAXNo7obaVs84A=="
  },
  "Serial": 6770237405177342977,
  "ValidAfter": "2022-02-01T12:01:07-08:00",
  "ValidBefore": "2022-02-02T04:02:07-08:00",
  "Principals": [
    "mariano@smallstep.com"
  ],
  "CriticalOptions": {},
  "Extensions": {
    "permit-X11-forwarding": "",
    "permit-agent-forwarding": "",
    "permit-port-forwarding": "",
    "permit-pty": "",
    "permit-user-rc": ""
  }
}

Slamdunk
Slamdunk approved these changes Jul 15, 2022
View reviewed changes
Copy link
Contributor

@Slamdunk Slamdunk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome, thank you 💪

Note that ssh-keygen does not display the signature.

Indeed this is to me a big missing from ssh-keygen 🤷

dopey
dopey approved these changes Jul 15, 2022
View reviewed changes
Copy link
Contributor

@dopey dopey left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@maraino maraino merged commit 0f51ed9 into master Jul 15, 2022
@maraino maraino deleted the ssh-signature branch July 15, 2022 21:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Slamdunk Slamdunk Slamdunk approved these changes

@dopey dopey dopey approved these changes

Assignees
No one assigned
Labels
needs triage Waiting for discussion / prioritization by team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

step ssh inspect: add Signature output
3 participants
@maraino @Slamdunk @dopey