After the great collaboration last time, where we tested one of their IdPs, WAYF—the Danish Identity Federation for Research and Higher Education—contacted us again to conduct a security analysis of one of their new projects: an SSH certificate authority written in Go.
In the following, we summarize the findings of this security analysis and provide the full report to the public.
What Are SSH Certificates
SSH certificates are a powerful yet often underutilized mechanism for securing access to servers. Unlike traditional SSH keys, which require manual distribution and rotation, SSH certificates allow a central certificate authority (CA) to sign public keys, granting them temporary authentication capabilities.
In corporate and educational environments, managing access securely and efficiently is a constant challenge. SSH certificates simplify this by providing a scalable and centrally managed authentication system. Instead of maintaining a sprawling collection of long-lived SSH keys across multiple users and machines, an organization can issue time-bound SSH certificates that automatically expire, reducing the risk of unauthorized access from compromised or forgotten keys. The shorter the validity period of an SSH certificate, the lower the risk exposure. If a certificate is compromised, its impact is limited to its short lifespan. This is especially important in high-security environments where minimizing attack surfaces is critical.
Fast-expiring certificates encourage frequent authentication renewal, ensuring that only actively authorized users retain access. To avoid operational friction, it's helpful to integrate SSH certificate issuance with an automated workflow, ideally tied to an identity provider (IdP). This way, users can obtain fresh certificates seamlessly as needed, based on their role and policies set by the organization. This eliminates the overhead of manual key management while maintaining a robust security posture.
WAYF SSH CA
WAYF (Where Are You From) is Denmark's Identity Federation for Research and Higher Education, and is in operation since 2008. Currently, it facilitates approximately 22 million logins annually from 1.6 million unique users. The network includes around 60 identity providers (IdPs), such as Danish universities and the national ID system for citizens and employees, along with over 550 service providers (SPs). [1]
SSH CA developed by WAYF is a tool used to issue SSH certificates based on an identity provided via single sign-on (SSO). Universities and other institutions can use the system to grant authorized members access to their servers. The general concept is as follows:
- The user chooses a certificate authority (CA) they want to obtain a certificate from.
- The user authenticates themselves using an IdP trusted by the SSH CA.
- The user provides an SSH public key to the SSH CA.
- The SSH CA signs the public key with the desired CA and returns the SSH certificate to the user.
- The user can use this SSH certificate to connect to a server that supports it and trusts the issuing CA.
WAYF’s SSH CA is written in Go and the source code can be found on their GitHub page.
Results of Our Analysis
Our security inspection consisted of a theoretical threat analysis as well as a practical penetration test and a code review. During our analysis we identified 14 potential security threats. Three of these threats lead to weaknesses which were later addressed in the penetration test; two rated as Critical and one rated as High. Additionally, we gave a recommendation to further improve the security of the system.
The two weaknesses rated as Critical both describe a method in which an attacker could obtain an SSH certificate with the identity of a victim for their public keys – one time using a flaw in SSH CA and one time exploiting a flaw in an IdP used with SSH CA (MyAccessID). The weakness rated as High describes a denial-of-service (DoS) attack, in which an attacker could block access to the SSH CA for other users using simultaneous HTTP connections.
WAYF and MyAccessID followed our recommendations and implemented countermeasures for every identified weakness, as well as the recommendation. We conducted a retest and can confirm that all identified weaknesses were successfully fixed.
The public security analysis report of WAYF’s SSH CA contains all analyzed threats, the detected weaknesses, our recommendations, and further security evaluations we performed during our penetration test.
More Security and Transparency with Open Penetration Tests
We want to thank WAYF—and especially the lead developer Mads Freek Petersen—for the excellent cooperation during the whole security analysis and process of mitigating the weaknesses.
We highlight their commitment to security and transparency proven by developing open-source software and agreeing to publish this penetration test report.
We also want to thank MyAccessID for the good cooperation while reporting and fixing one of the weaknesses.
Our Experts Develop the Optimal Solution for You
SSH – Certificates – OpenID Connect
Does your application perform cryptographic operations or involve complex single sign-on and federation scenarios?
Are you wondering how to securely implement and use cryptographic primitives or the OpenID Connect protocol?
We will be glad to advise you; contact us for a no-obligation initial consultation.
Thus, we are at your side with the following services and solutions:
IT Security Consulting | Training | Penetration Tests
Don't hesitate and find your way to secure authentication with us.
We look forward to supporting you with your projects.
Your Contact for Penetration Tests
Prof. Dr. Marcus Niemietz
marcus.niemietz@hackmanit.de