SSH Certificates and Keys in Apple T2 On-host

Tommy
October 14 2020

Key Takeaways

  • SSH certificates can be used with the Apple T2 chip on macOS as an alternative to external smart cards, authenticated with a fingerprint per session.
  • The Mac T2 chip serves as an extra security layer by creating private keys in the secure enclave.
  • The CA can be stored on an external smartcard, only signing for access in a limited period - again limiting the exposure.

Introduction

Over the past days I have been going down a deep, deep rabbit hole of SSH proxy jumping and SSH certificates combined with smart cards.

After playing around with smart cards for SSH, I recognized that not only external smart cards such as the Yubikey or Nitrokey is a possible lane to go down.

Mac computers comes with a security chip called T2. This chip is also known to host something Apple calls Secure Enclave [1]. In the Secure Enclave you can store keys.

It will probably not serve as an equally secure solution as with external smart cards, but it is a better balance for usability.

The T2 is permanently stored in hardware on one host only, so the access needs to be signed on a per-host basis. In such I would say the T2 and external smart cards complement each other.

Always having the key available will bring two additional vulnerabilities:

  • If compromised, the key is always available logically
  • Separation of equipment and key is not possible e.g. in a travel situation

With a central pubkey directory tied to an identity (automated), the T2 can be of better use for an enterprise setup.

Setting up a Private Key in Secure Enclave

While fiddling around I found sekey on Github [2]. The project seems abandoned, but it is the secure enclave that does the heavy lifting.

The short and easy setup are:

$ brew cask install sekey
$ echo "export SSH_AUTH_SOCK=$HOME/.sekey/ssh-agent.ssh" >> ~/.zshrc
$ echo "IdentityAgent ~/.sekey/ssh-agent.ssh" >> ~/.ssh/config
$ source ~/.zshrc

A keypair can now be generated in the secure enclave by:

$ sekey --generate-keypair SSH
$ sekey --list-keys

Now export the public key of the curve generated on-chip:

$ sekey --export-key <id> > id_ecdsa.pub

Using the trick we found in our recent venture into using smart cards for signing the key, we can used PCKS#11 without compromising security [3]. In this case I use a Nitrokey:

$ brew cask install opensc
$ PKCS11_MODULE_PATH=/usr/local/lib/opensc-pkcs11.so
$ ssh-keygen -D $PKCS11_MODULE_PATH -e > ca.pub
$ ssh-keygen -D $PKCS11_MODULE_PATH -s ca.pub -I example -n zone-web -V +1h -z 1 id_ecdsa.pub
Enter PIN for 'OpenPGP card (User PIN)': 
Signed user key id_ecdsa-cert.pub: id "example" serial 1 for zone-web valid from 2020-10-14T20:26:00 to 2020-10-14T21:27:51
cp id_ecdsa-cert.pub ~/.ssh/

If you now try to ssh into a server using the given certificate authority as shown in the SSH-CA post [3], access should be granted with a fingerprint.

A Word of Caution

The T2 has some vulnerabilities shown recently [4]. Make sure to include these in your risk assessment of using it. If you won’t go down the smart card route it will still be better than storing the key on disk.

[1] https://support.apple.com/guide/security/secure-enclave-overview-sec59b0b31ff/web
[2] https://github.com/sekey/sekey
[3] https://secdiary.com/2020–10–13-ssh-ca-proxyjump.html
[4] https://inks.cybsec.network/tag/t2

Tags: #architecture #ssh #apple #t2
Read with Gemini

This blog is powered by cl-yag and Tufte CSS!