SSH Certificates Security

The cluster discusses SSH host authentication security, debating the use of certificates versus traditional key fingerprints and trust-on-first-use model, and why SSH certificates are not more widely adopted like HTTPS CAs.

📉 Falling 0.4x Security

1,674

Comments

Years Active

Top Authors

#1811

Topic ID

Activity Over Time

2008

2009

2010

2011

2012

2013

2014

2015

128

2016

126

2017

2018

2019

2020

173

2021

2022

188

2023

250

2024

122

2025

173

2026

Top Contributors

tptacek (62) tialaramex (28) e12e (24) MaxBarraclough (18) EthanHeilman (12)

Keywords

CLI PubkeyAuthentication SSH MITM PKI engineering.fb FAQ RSA DNS HTTPS ssh certificates certificate key fingerprint certs server keys trust ca

Sample Comments

m_x • Sep 22, 2023 • View on HN

Aren't SSH host certificates the answer? Why are they not more widely used?

vbezhenar • Sep 2, 2025 • View on HN

ssh is terribly insecure with no way of checking server certificate fingerprint automatically. Web solved it decades ago with CA.

tptacek • Jun 4, 2021 • View on HN

SSH supports certificates (and they aren't X.509 certificates; they're simple and purpose-built for SSH) which resolves the MITM problem in both directions. It's what organizations who manage large numbers of servers use already (in particular, certificates make it easy to tie logins to SSO systems, and to keep people from holding on to long-lived SSH keys). They're great, and you should check them out.The very last thing in the world you should do is adopt something like

seszett • Nov 19, 2014 • View on HN

Quite the contrary: SSH's system means that you only have to "do your homework" when first connecting to the server. It seems I have 64 lines in my ~/.ssh/known_hosts (there are probably quite a few duplicates, because this seems high to me) and almost never have SSH tell me the key has changed and someone could be doing something nasty. When it does, I almost always know why, and when I don't then I try to contact the admin before connecting.The way certificate

kgo • Feb 1, 2011 • View on HN

No, SSH does not. Have you ever actually verified a host fingerprint? Of course not, no one does.That's the way it's supposed to work. You know the first time you logon to a server and it asks if you trust it? You're supposed to call up the server admin and get them to read off the fingerprint, or have them email it to you, or get it from some other out-of-band channel.And no-one, nowhere actually verifies host fingerprints. Even security conscious people. And what do people do when

fleitz • Mar 17, 2015 • View on HN

Yup, let's not let perfect become the enemy of good.SSH works basically this way, certs are autogenerated, the client records the key, and lets you know if it changes.And doesn't everyone recommend SSH over Telnet, despite certs mostly (never?) not being signed?

konha • Feb 24, 2024 • View on HN

Why not use ssh certificates at that point?

karmarepellent • Sep 2, 2025 • View on HN

This is incorrect. SSH certificates work just like x509 certificates in that regard. Also, with PubkeyAuthentication, there exist all kinds of ways to collect host keys before connecting to them for the first time and thus avoiding the trust-on-first-use problem. Especially in private networks where you control all the nodes.

m-a-r-c-e-l • Feb 9, 2025 • View on HN

Hey, have a look at thishttps://smallstep.com/blog/use-ssh-certificates/

bmcc • Feb 1, 2011 • View on HN

Several ssh implementations also support using certificates as hostkeys. Of course the ssh client will still need to be configured to trust the issuer but it can help with the 'first-connection-hostkey-fingerprint-verification' problem. In my experience most users will never verify the fingerprint.