ssh: Host certificate principals

Tags: til ssh

When an ssh client connects to a target server, it authenticates the server before authenticating itself to that server. The known hosts configuration file, ~/.ssh/known_hosts, is the usual way to specify valid keys/certificates for host names. The man sshd section SSH_KNOWN_HOSTS FILE FORMAT explains how it looks for hosts:

When ssh(1) is authenticating a server, this will be the host name given by the user, the value of the ssh(1) HostkeyAlias if it was specified, or the canonical server hostname if the ssh(1) CanonicalizeHostname option was used.

With certificate based ssh authentication the client checks that the provided server certificate matches what it expects for that server:

signed by a trusted (host) certificate authority
not expired
a principal matching the host being connected to

This last one is interesting because it means the principals must be one the following:

Host name given by the user
HostkeyAlias (if it was specified)
Canonical server hostname (if the CanonicalizeHostname option was used)

Published on: 23 Jun 2025