SSH public keys

[brainstorm]

Offer the possibility to publish SSH keys to be used by third parties. Perhaps unverified, provided that other services like DNS, twitter and GitHub have been approved first.

[cjb]

Hi! Hm, looks like no-one's mentioned KBFS yet.

cp id_rsa.pub /keybase/public/cjb/authorized_keys

Then you can:

cat /keybase/public/cjb/authorized_keys # trust no-one, or
wget https://cjb.keybase.pub/authorized_keys # trust our server to trust no-one

Of course, you could write a wrapper around the wget.

This isn't a streamlined UX, but it has the same security semantics that the streamlined UX would have.

Edit: Ah, I'm wrong, @Efreak totally did mention this idea above.

[cjb]

By the way, I'm not saying that Keybase will never add a direct feature for this. But we haven't yet, and this would be a way to get the same semantics in the meantime.

[sarum9in]

What about an interface exporting all PGP subkeys with auth capability registered for user?

Pros:

• PGP keys are already supported for cross-signing, so any subkey is automatically verified.
• There are multiple tools converting OpenPGP and SSH keys in both directions.

  Cons:

• Requires user to make PGP key instead of simply adding existing SSH key.

[Cambridgeport90]

That could work … Though would be cool if Keybase could just make straight SSH keys as well as PGP ones.

From: Aleksey Filippov [mailto:notifications@github.com] Sent: Sunday, January 7, 2018 21:40 To: keybase/keybase-issues keybase-issues@noreply.github.com Cc: Katherine M. Moss KMoss@WinterHillSolutions.com; Manual manual@noreply.github.com Subject: Re: [keybase/keybase-issues] SSH public keys (#710)

What about an interface exporting all PGP subkeys with auth capability registered for user?

Pros:

• PGP keys are already supported for cross-signing, so any subkey is automatically verified.
• There are multiple tools converting OpenPGP and SSH keys in both directions.

Cons:

• Requires user to make PGP key instead of simply adding existing SSH key.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://github.com/keybase/keybase-issues/issues/710#issuecomment-355874977, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AOXGAH2zTFJGx2HhM3X_HCYXepNciBnWks5tIX_-gaJpZM4B6b_P.

[nullpixel]

I'd love to be able to use keybase just to backup ssh keys, that'd be worth adding alone

[Cambridgeport90]

Agreed!

From: Jamie Bishop [mailto:notifications@github.com] Sent: Friday, February 09, 2018 7:43 AM To: keybase/keybase-issues keybase-issues@noreply.github.com Cc: Katherine M. Moss KMoss@WinterHillSolutions.com; Manual manual@noreply.github.com Subject: Re: [keybase/keybase-issues] SSH public keys (#710)

I'd love to be able to use keybase just to backup ssh keys, that'd be worth adding alone

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://github.com/keybase/keybase-issues/issues/710#issuecomment-364423766, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AOXGAPgRXeQt2VOQqPD2j3TLbBDxifJ8ks5tTD1SgaJpZM4B6b_P.

[jrtapsell]

It would be good if the API offered a way to get the user's PGP keys converted to SSH keys, so that tools can use this to download the keys ready to use, instead of having to convert them locally, similar to this:

gpg2 --export-ssh-key <<keyid>>

[junderw]

IMO, SSH keys are supposed to be a per-device thing, so it doesn't make much sense to tie it to a keybase account... It would be better if you could tie an SSH key to a device in your keybase account and have the SSH key be revoked if the device is revoked.

GPG keyring is a per-person thing...

GPG subkeys can be used as a per-device thing... but not normally, as default settings for most apps just uses the last subkey with the needed attribute...

[Cambridgeport90]

Absolutely!

From: Jonathan Underwood [mailto:notifications@github.com] Sent: Thursday, February 15, 2018 6:18 AM To: keybase/keybase-issues keybase-issues@noreply.github.com Cc: Katherine M. Moss KMoss@WinterHillSolutions.com; Manual manual@noreply.github.com Subject: Re: [keybase/keybase-issues] SSH public keys (#710)

IMO, SSH keys are supposed to be a per-device thing, so it doesn't make much sense to tie it to a keybase account... It would be better if you could tie an SSH key to a device in your keybase account and have the SSH key be revoked if the device is revoked.

GPG keyring is a per-person thing...

GPG subkeys can be used as a per-device thing... but not normally, as default settings for most apps just uses the last subkey with the needed attribute...

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://github.com/keybase/keybase-issues/issues/710#issuecomment-365897815, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AOXGADxmWbhOf1RdKC_JB1Zm8o2CtvHoks5tVBJxgaJpZM4B6b_P.

[abacao]

I would really like to have a way to use a specific user ssh public key. for example (a random user), https://github.com/zack.keys .

In keybase I would love to have the possibility to check/download this user key that is work related so we need to be able to name the keys.

I could see something like this: keybase search sshkey

This would result on the 1st key on the list or the one set as primary but I could also do the following: keybase search sshkey -work or even keybase search sshkey -verycoolproject

The "search" command could also be changed to "get" like `keybase get sshkey"

This way the user could decide to have 1 SSH key or multiple ones. When having several, we could choose the primary key like we can do in github regarding emails ;)

[LivInTheLookingGlass]

I'm not sure that I get the concerns people have with proof of ownership. Is there any reason that you could not sign the public key with your PGP key, and then sign the result with the secret key? Or vice versa, or some combination thereof? Is it just a matter of supporting a lot of ciphers?

[abacao]

I dont think anyone wants to sign public keys. If it is a user I can trust, I would like to have his/her public ssh key right from Keybase, not from another place.

[Cambridgeport90]

Same here; and that could be a way for breaking into the SSH server market as well; a way to join the advantages of Keybase with all-too-familiar server administration.

From: André Bação [mailto:notifications@github.com] Sent: Wednesday, June 20, 2018 10:30 AM To: keybase/keybase-issues keybase-issues@noreply.github.com Cc: Katherine M. Moss KMoss@WinterHillSolutions.com; Manual manual@noreply.github.com Subject: Re: [keybase/keybase-issues] SSH public keys (#710)

I dont think anyone wants to sign public keys. If it is a user I can trust, I would like to have his/her public ssh key right from Keybase, not from another place.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://github.com/keybase/keybase-issues/issues/710#issuecomment-398770405, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AOXGALdiWg8EsRDNedF4UKdhfJlXNhlAks5t-lx5gaJpZM4B6b_P.

[zimbatm]

@gappleto97 it's a convenience and standardization issue.

Right now the most convenient approach is curl https://github.com/<user>.keys >> ~/.ssh/authorized_keys. This works very well but also means that GitHub is being trusted of not injecting other keys in the response.

The most (reasonably) secure approach is to do the GPG key exchange (using Keybase), then ask the user to sign his public key and send both the public key and signature over email or chat. Then get both and verify. Then finally inject the public key in ~/.ssh/authorized_keys. And if the chat/email message is lost the operation has to be repeated for new servers.

I think that what people here are hoping for is that keybase accounts could hold (small) public files + associated signature. For example: https://keybase.io/<user>/files/<filename>. Then it would be easy to establish a filename convention and a gpg-signature verification wrapper around that. If keybase doesn't want to hold the data, URL+signature could work, so users could sign the github ssh keys at least.

[katrielalex]

@zimbatm Keybase already does that: https://keybase.pub/katrielalex/id_rsa.pub

[abacao]

@katrielalex that can work but it needs to be a standard. Check my solution on the answer of 19 of May. Basically what I think everyone wants is the same approach than github but only using keybase

[junderw]

I think people are confusing how SSH keys work.

SSH keys are not a per-person keying system. Sure a lot of devs carry around SSH keys from machine to machine, and sure a lot of devs like to share huge lists of pubkeys they use on their devices...

But essentially an SSH key is per-device.

Keybase accounts are a per-user thing, which is why PGP makes sense to add to the account. (one keyring per person, they add and revoke keys at will for varying purposes)

It would make much more sense to generate an SSH key in the background for EVERY DEVICE. Then if I want your SSH key for your PC called "workPC" I can grab that. Then you could use that to SSH into a box I am running etc. (Or maybe find a way to use the NaCl keys for SSH...???)

But tbh, this feature is pretty much covered by plopping an authorized_keys file in your public folder... so I highly doubt creating a brand new key management paradigm for SSH is even on their list of things to do...

[abacao]

@junderw On today's cloud world, a key per device is impossible to maintain. I'm managing thousands of machines and if I had one key pair for each I would go mental. 1 key per device is more secure yes but it's not the way most of the cloud users use it. With this amount of discussion, it's sad that keybase is not participating in this change of ideas.

[zimbatm]

Thanks @katrielalex, I had missed https://github.com/keybase/keybase-issues/issues/710#issuecomment-327998586 as well who already explained the capability in this same thread :blush:

In that case it doesn't look like we have to depend on Keybase to implement the project. All we need is to make a Keybase + SSH keys manifesto.

---

As a user:

• Whenever a new device is installed, generate a new SSH key-pair and append the public key to /authorized_keys on their public KBFS.
• If a device is lost or compromised, remove it's public key from /authorized_keys on their public KBFS
• Optional: add convention on the public key comment to make each key easily distinguishable

As a server:

• Whenever a user attempts to log in over SSH, pull it's /authorized_keys from the public KBFS and compare the signature against the provisioned GPG public key.
• Keep a cache from the previous login attempt in case Keybase is down
• Optional: allow per-user override of the /authorized_keys default

---

For the user, a convenience CLI could be added. For the server, a PAM module or cron job should be able to implement that.

[junderw]

@abacao You are talking about devices you would SSH INTO... (aka EC2 instances or VPSes etc)

I am talking about devices you SSH FROM... (Your laptop, your home PC)

Unless you have thousands of laptops at home for some reason.

[leifj]

Arguably the right way to do this nowadays is to run a private ssh CA