SSH Certificates and Keys in Apple T2 On-host
- SSH certificates can be used with the Apple T2 chip on macOS as an alternative to external smart cards, authenticated with a fingerprint per session.
- The hardware-based Apple T2 chip serves as an extra security layer by creating private keys in the secure enclave.
- The CA can be stored on an external smartcard, only signing for access in a limited period, which limits exposure.
Over the past days I have been going down a deep, deep rabbit hole of SSH proxy jumping and SSH certificates combined with smartcards.
After playing around with smart cards for SSH, I recognized that not only external smart cards such as the Yubikey or Nitrokey is a possible lane to go down.
New Apple devices comes with a security chip called T2 built-in. This chip is known to host something Apple has named Secure Enclave . In the Secure Enclave you can store secret keys.
A secure enclave will not serve as an equally secure solution as with external smart cards, but it is a better balance for usability.
The T2 is permanently stored in hardware on one host only, so the access needs to be signed on a per-host basis. In such I would say the T2 and external smart cards complement each other depending on situation.
Always having the key available will bring two additional vulnerabilities:
- If compromised, the key will be logically available
- Separation of equipment and key is not possible e.g. in a travel situation
With a central pubkey directory tied to an identity (automated), the T2 can be of better use for an enterprise setup.
Setting up a Private Key in Secure Enclave
While fiddling around I found Secretive on Github .
The short and easy setup are:
$ brew cask install secretive $ echo "export SSH_AUTH_SOCK=/Users/[USERNAME]/Library/Containers/com.maxgoedjen.Secretive.SecretAgent/Data/socket.ssh" >> ~/.zshrc $ source ~/.zshrc
A keypair can now be generated in the secure enclave by opening the Secretive app and pressing the
+ (perhaps there is some way to use ssh-keygen as well?)
The public key of the curve generated on-chip is available in a container directory on disk. Check out the
Public Key Path in Secretive to find where.
Using the trick we found in our recent venture into using smart cards for signing the key, we can used PCKS#11 without compromising security . In this case I use a Nitrokey:
$ brew cask install opensc $ PKCS11_MODULE_PATH=/usr/local/lib/opensc-pkcs11.so $ ssh-keygen -D $PKCS11_MODULE_PATH -e > ca.pub $ ssh-keygen -D $PKCS11_MODULE_PATH -s ca.pub -I example -n zone-web -V +1h -z 1 id_ecdsa.pub > Enter PIN for 'OpenPGP card (User PIN)': ***** > Signed user key id_ecdsa-cert.pub: id "example" serial 1 for zone-web valid from 2020-10-14T20:26:00 to 2020-10-14T21:27:51 $ cp id_ecdsa-cert.pub ~/.ssh/
If you now try to ssh into a server using the given certificate authority as shown in the SSH-CA post , access should be granted with a fingerprint.
A Word of Caution
The T2 has some vulnerabilities shown recently. Make sure to include these in your risk assessment of using it. If you won't go down the smart card route it will still be better than storing the key on disk.
 https://support.apple.com/guide/security/secure-enclave-overview-sec59b0b31ff/web  https://github.com/maxgoedjen/secretive  https://secdiary.com/2020-10-13-ssh-ca-proxyjump.html