SSH host and user certificates / certs support
tsl0922
shared this idea
Hello,
The latest iOS version beta has certificates support. Though it’s still work in progress.
Click Contact Us to let us know if you are interested and we’ll provide you with the access to beta.
In the next months we are going to add the certificates support on all platforms. No exact ETA at the moment, we are just working on it now.
Thanks
16 comments
-
Burak
commented
Is there any update?
-
Ricardo Malagon
commented
Very welcome addition, certificates is a must in my bussines.
-
tsl0922
commented
Hi, how do I get access to the beta program?
-
PPC
commented
Hi !
I know, I'm part of the beta program already so I discovered that in the release notes :)
Super news for some of us.
-
Timothy Prime
commented
Me too. I would like support for user certificates and for host certificates (think known_hosts).
-
Peter
commented
I also absolutely _need_ this feature in order to use the client.
-
Peter
commented
Hi! Could you please fix this? I _NEED_ OpenSSH Certificate support in order to use this client. It appears to me that "ADMIN" in this thread does not understand the question.
-
Guillaume
commented
Being able to use SSH certificate would be very nice for large infrastructure.
https://man.openbsd.org/ssh-keygen#CERTIFICATES
https://code.facebook.com/posts/365787980419535/scalable-and-secure-access-with-ssh/
https://ef.gy/hardening-sshThank you.
-
Guillaume
commented
Being able to use SSH Certificate with Termius, is a feature I'd loved to have (even if it is only on the Premium version) !
-
Roland Gersch
commented
This would be an essential feature for me!
-
Nick Stoughton
commented
I tried a couple of different ways to do this, neither worked.
First I tried generating the key with termius, then copy-paste exporting the pubkey, signing it and copying back the id_rsa-cert.pub.
Then I generated a whole new key on my Mac, and exported the key.ppk, key.pub and key-cert.pub via iTunes. I imported the key into termius, but it does not try to use the certificate, but just the unsigned key.
Running sshd with +-d" on the server, I see:
Server listening on 0.0.0.0 port 22.
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from 172.28.106.115 port 61478 on 172.28.106.28 port 22
debug1: Client protocol version 2.0; client software version libssh2_1.7.0
debug1: no match: libssh2_1.7.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Enabling compatibility mode for protocol 2.0
debug1: permanently_set_uid: 1002/1003 [preauth]
debug1: ssh_sandbox_child: prctl(PR_SET_SECCOMP): Invalid argument [preauth]
debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256 [preauth]
debug1: kex: host key algorithm: ssh-rsa [preauth]
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none [preauth]
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none [preauth]
debug1: expecting SSH2_MSG_KEX_DH_GEX_REQUEST [preauth]
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received [preauth]
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent [preauth]
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT [preauth]
debug1: rekey after 4294967296 blocks [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: rekey after 4294967296 blocks [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user root service ssh-connection method publickey [preauth]
debug1: attempt 0 failures 0 [preauth]
debug1: userauth_pubkey: test whether pkalg/pkblob are acceptable for RSA SHA256:G521akhvfkr9s63tXZhBLy9TnNrb3VFKENeqghJYvhc [preauth]
debug1: temporarily_use_uid: 0/0 (e=0/0)
debug1: trying public key file /etc/ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug1: restore_uid: 0/0
Failed publickey for root from 172.28.106.115 port 61478 ssh2: RSA SHA256:G521akhvfkr9s63tXZhBLy9TnNrb3VFKENeqghJYvhc
debug1: userauth-request for user root service ssh-connection method keyboard-interactive [preauth]
debug1: attempt 1 failures 1 [preauth]
debug1: keyboard-interactive devs [preauth]
debug1: auth2_challenge: user=root devs= [preauth]
debug1: kbdint_alloc: devices '' [preauth]
Received disconnect from 172.28.106.115 port 61478:11: Normal Shutdown [preauth]
Disconnected from 172.28.106.115 port 61478 [preauth]
debug1: do_cleanup [preauth]
debug1: monitor_read_log: child log fd closed
debug1: do_cleanup
debug1: Killing privsep child 8191 -
casdev, please check this thread http://support.termius.com/knowledgebase/articles/660805-private-keys-import-via-itunes
-
casdev
commented
may I also suggest to rename this idea to "ssh host and user certificates / certs support" so it can be better found by other users!
-
casdev
commented
i also would like to know how to do this -> can't i present my ssh user ca signed certificate to my ssh servers with termius on IOS?
-
casdev
commented
is essential from a professional user's perspective...
please add support for ssh user certificates (id_rsa-cert.pub) as well as storing ssh host certs / public ca keys in known_hosts file! -
Петр Еньков commented
How can I import openssh keys signed with my CA server?
I have this keys:
id_rsa
id_rsa-cert.pub
id_rsa.pub