Securing SSH with OpenPGP or PIV

OpenSSH is one of the most widely used utilities suites based on the SSH protocol, which provides a secure channel over an unsecured network in a client-server architecture. Securing communication with remote systems via SSH can be done by using key-based authentication with the user’s key residing on a physical YubiKey. The user’s SSH key data on the YubiKey can be secured using OpenPGP and/or PIV. Typically, deployment considerations or the particular use case will dictate which application to use.

If you use the OpenPGP option for SSH, the same key will be used for both authentication and signing. Git, which uses GnuPG, exemplifies this approach in that it uses a single public key both to authenticate an SSH connection used to access the repository—for example, when pushing commits—and for verifying the signatures on those commits. Because the SSH communication is done through the GnuPG agent, the OpenPGP option is more complicated than PIV to set up. However, developers who use Git to sign their commits typically choose the OpenPGP path because they already have it up and running.

The PIV option is easier for those who have no reason to use the same key for both authentication and signing. The PIV option also offers the ability to authenticate/communicate with the YubiKey through the PKCS#11 interface using the opensc-pkcs11 module, or Yubico’s own ykcs11 module, which is a lighter software package than the OpenSC software.

As of OpenSSH 8.2p1, FIDO Credentials may also be used to secure SSH, using both Non-Discoverable and (with OpenSSH 8.3) Discoverable credentials. While this is currently supported only on Linux and MacOS, FIDO credentials offer an easy to register and use experience for users on both secured and public endpoints. Read about using FIDO credentials to secure SSH here.

OpenPGP

OpenPGP keys are managed on the OpenPGP function of the YubiKey. OpenPGP for SSH supports a more direct flow between the user and their key management, making it ideal for independent or open source developers who want to ensure they maintain control over their SSH keys.

Instructions for setting up SSH with OpenPGP and the YubiKey are available here: SSH Authentication

Advantages to OpenPGP

  • OpenPGP makes it simple to manage keys on a single local machine controlled by the user. Using the OpenPGP software, users control the details of a certificate, including the key algorithm size and type, expiration date, associated user information and other details. The private key remains under the user’s control, as it exists only on the machine used to generate it and/or on the secure element of the YubiKey itself.

  • Furthermore, OpenPGP makes it easy to share the corresponding public key, enabling the OpenPGP key to be used for more than just SSH. A common scenario is to use the same key for authenticating into an SSH session, for Git code signing and for email encryption. Since Windows, Linux, and MacOS all support OpenPGP, an OpenPGP key on a YubiKey can also enable SSH authentication across all platforms as well.

Drawbacks to OpenPGP

  • If the YubiKey holding the OpenPGP key becomes unavailable, you lose access. Mitigate this risk by backing up the private key securely.

  • In larger organizations, OpenPGP’s ability to run outside of a larger framework can also make it difficult to apply security policies uniformly; therefore it is not commonly used for centrally managed authentication. Without a central authority enforcing a standard set of rules during key generation, users can generate weak keys and/or set inappropriate expiration dates. Mitigate this risk by providing training and documentation, and exhort users to read the documentation.

  • Credential management services and certificate authorities have not added native support for OpenPGP credentials because:

    • OpenPGP does not have the framework to support a credential authority and therefore certificate-based authentication is not supported.

    • OpenPGP on a smart card YubiKey is limited to a single masterkey (split into 3 sub-keys).

PIV

The YubiKey stores and manages RSA and EC asymmetric keys within the PIV application, enabling authentication to a server through OpenSSH using the public key authentication method and the PKCS#11 interface. This method is widely used in large enterprises for credential management.

Instructions for setting up SSH with PIV and the YubiKey are available here: SSH User Certificates.

Advantages to PIV

Using PIV for SSH enables a centrally managed PKI framework to be extended to the management of credentials used to secure a remote access connection. A large organization can take advantage of the features PIV offers to create a uniform, process-driven YubiKey implementation:

  • Standardized security policies can be uniformly enforced across the organization.

  • Issuing keys from a central location permits managed account recovery: a lost YubiKey need not result in loss of access.

  • Many machine-based authentication methods use asymmetric keys—extending them to YubiKeys adds an additional layer of security.

  • Wide support for the PKCS#11 interface opens up a large number of options for managing asymmetric keys on a YubiKey.

  • Because the YubiKey’s PIV application allows for multiple keys to be loaded and used, the SSH use case can be added to existing YubiKey-supported functions such as Windows Login or network access.

Drawbacks to PIV

  • There is no chain validation. Unlike the case with X.509 certificates, wherein a certificate chain is used to verify the authenticity of a key, with the OpenSSH public key authentication method, each public key must be individually imported into the server and marked as an authorized key.

  • To deny access, keys must be individually revoked.

FIDO2

Staring with 8.2p1, OpenSSH has added support for registering and authenticating with FIDO2 Credentials. With support for both Discoverable and Non-Discoverable Credentials, OpenSSH allows for the uses of both Security Keys and YubiKeys, including the YubiKey Bio keys. FIDO2 credentials allow for a streamlined experience with the registration and authentication of YubiKeys.

Instructions for setting up SSH with FIDO2 and the YubiKey are available here: Securing SSH with FIDO2

Advantages to FIDO2

  • FIDO2 allows for the direct generation of keys within the YubiKey itself, removing the need for a PKI framework or other applications for the generation of keys. OpenSSH directly interfaces with the FIDO2 function on the YubiKey, allowing it to select the key algorithm, as well as generating both discoverable as well as non-discoverable credentials.

  • With the support for both discoverable and non-discoverable FIDO2 credentials, FIDO2 allows SSH options for both local, secured endpoints with expedited ease of uses in addition to public open endpoints where credentials should remain on the YubiKey.

Drawbacks to FIDO2

  • Windows does not yet support FIDO2 on SSH as of the last update to this page.

  • FIDO2 is based around a decentralized deployment, with no central server issuing or revoking keys. Keys must be individually deleted to revoke access in the event of lost or stolen YubiKeys.