Usage of @cert-authority in known host files

[roshh]

I have set up a known hosts file that contains a @cert-authority entry and am unable to use it to connect to an ssh server that uses a HostCertificate signed by that CA. I have not found an example or test that work with such a known hosts file. Is this currently possible at all and can an example be added?

Details on my scenario

When I load the known hosts file via

sshClient = new SSHClient();
sshClient.useCompression();
sshClient.loadKnownHosts();
sshClient.connect("localhost", 2222);

The host key is not accepted with the exception

net.schmizz.sshj.transport.TransportException: [HOST_KEY_NOT_VERIFIABLE] Could not verify ssh-rsa host key with fingerprint 90:a4:9d:0a:21:6b:eb:f5:7d:3c:5f:b1:cf:da:03:18 for localhost on port 2222
at net.schmizz.sshj.transport.KeyExchanger.verifyHost(KeyExchanger.java:201)
at net.schmizz.sshj.transport.KeyExchanger.handle(KeyExchanger.java:359)
at net.schmizz.sshj.transport.TransportImpl.handle(TransportImpl.java:493)
at net.schmizz.sshj.transport.Decoder.decode(Decoder.java:104)
at net.schmizz.sshj.transport.Decoder.received(Decoder.java:172)
at net.schmizz.sshj.transport.Reader.run(Reader.java:60)

From what I understood sshj can read a known_hosts file that contains a line starting with a @cert-authority-marker but then would compare the lines CA public key with the server's non-matching public key in OpenSSHKnownHosts.AbstractEntry.verify(PublicKey key).
Adding my own HostKeyVerifier gives me the hostname, port and an java.security.PublicKey but not the CA cert I need to implement a custom validation.

content of ~/.ssh/known_hosts:

@cert-authority [localhost]:2222 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsEamTbDPVcaFV9pcoof3OUY9TdCLnhwujR7BxfPCZegZNgirCZ+JvBSVpflaHeMOqSrTl4tyAdyEvr9qBWtS0Ui7rXJtjuPzWcFzMw1O5LW694g6A3NU37/oahdgDv256dDA8LFYaHQ4pF5KnZl8VYQMJmc3+dfS18YnZdOOUztiqCLh1YP+iMOO0oFrl7TrDBWx7GAPZss1Kfk8bAsq0OUHtMKCc0Ipybec8FXcYkWQrbDeF3kwjRx/lt+VmTmc5jhRU585V7U7tgyQ3vArFqLlaR0/N9n1orQKhy7rdcS+ZZMVpVx3f3nBu/4YkqLq9PYkl0H5ILPQ3eUS+AA57 CA@test

The ssh server I used is an Ubuntu Xenial machine with the following setup:
/etc/ssh/sshd_config (HostKey and HostCertificate are at the bottom):

Port 22
Protocol 2
UsePrivilegeSeparation yes

KeyRegenerationInterval 3600
ServerKeyBits 1024

SyslogFacility AUTH
LogLevel INFO

LoginGraceTime 120
PermitRootLogin yes
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes

IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no

ChallengeResponseAuthentication no

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes

AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

UsePAM yes
UseDNS no
HostKey /etc/ssh/test_server
HostCertificate /etc/ssh/test_server-cert.pub

Using "ssh root@localhost -p 2222 -v" on linux is able to read my known_hosts entry and can connect without asking for verification:

OpenSSH_7.3p1 Ubuntu-1, OpenSSL 1.0.2g 1 Mar 2016
[...]
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to localhost [127.0.0.1] port 2222.
debug1: Connection established.
debug1: identity file [...]
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.3p1 Ubuntu-1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4
debug1: match: OpenSSH_7.2p2 Ubuntu-4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to localhost:2222 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-rsa-cert-v01@openssh.com
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host certificate: ssh-rsa-cert-v01@openssh.com SHA256:ibdVQZQWXjBIPQqIUOvJ7E+BKBxoQond8hhSm/GHEGA, serial 0 ID "Test Server Key signed by Test CA" CA ssh-rsa SHA256:cdwUfhqVd9YW24GRAQ2rWbBzWB7WiqP2/Q4XwxCddGs valid from 2016-11-22T12:08:00 to 2021-11-16T12:09:44
debug1: Host '[localhost]:2222' is known and matches the RSA-CERT host certificate.
debug1: Found CA key in /home/[...]/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key:[...]
debug1: Next authentication method: password
root@localhost's password:
debug1: Authentication succeeded (password).
Authenticated to localhost ([127.0.0.1]:2222).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Sending environment.
debug1: Sending env [...]
Welcome to Ubuntu 16.04 LTS (GNU/Linux 4.4.0-21-generic x86_64)

• Documentation: https://help.ubuntu.com/

[hierynomus]

Thanks for the ticket. This has indeed not been implemented. I'll see whether I can free up some time somewhere soon to fix this. It makes sense to add it :)

[xundeenergie]

ssh-certificates would be really a great improvrment!!!

[dkocher]

Looks like this was resolved with #703.

[hierynomus]

Closing this as this was fixed with #703