IAP Desktop Using ECDSA keys for SSH public key authentication in IAP Desktop 2.23

By default, IAP Desktop uses the rsa-ssh public key signature algorithm when authenticating to a Linux VM. rsa-ssh is ubiquitous and still commonly used – but it still relies on SHA1, which led the OpenSSH team to deprecate it a while ago:

It is now possible to perform chosen-prefix attacks against the SHA-1 hash algorithm for less than USD$50K. For this reason, we will be disabling the "ssh-rsa" public key signature algorithm that depends on SHA-1 by default in a near-future release.

The successors to rsa-ssh are rsa-sha2-512 and rsa-sha2-256. These algorithms still use an RSA key pair, but use the more modern SHA2 hashing algorithm. Transitioning from rsa-ssh to rsa-sha2-512 or rsa-sha2-256 is typically straightforward as we can continue to use the same RSA key.

But not all SSH clients and libraries support rsa-sha2-512 and rsa-sha2-256 yet. One of the libraries that still lacks support is libssh2, which is the library IAP Desktop relies on. This has started to become an issue for some IAP Desktop users who have configured their VMs to reject rsa-ssh – to meet FIPS compliance requirements, or simply to raise the security bar.

Adding ECDSA support

IAP Desktop 2.23 now provides a solution to this issue by letting you switch from RSA to ECDSA encryption. You can now choose the type of key to use in the Options dialog:


Regardless which option you choose, IAP Desktop automatically creates a key using CryptoNG and stores it in the Microsoft Software Key Storage Provider. If you’re curious, you can list the SSH keys created by IAP Desktop by running the following command:

certutil -csp "Microsoft Software Key Storage Provider" -key -user | findstr IAPDESKTOP_

In an enterprise environment, you can go one step further and configure a group policy setting to force IAP Desktop to always use a certain key type and signature algorithm:


A note on EdDSA/Ed25519

Now that IAP Desktop supports ECDSA, you might be wondering whether support for EdDSA/Ed25519 will follow soon. Unfortunately, that’s unlikely: While libssh2 supports Ed25519, CryptoNG doesn’t. And because IAP Desktop relies on CryptoNG for key storage, that means Ed25519 support won’t come anytime soon, or at least not before Windows adds support for it.

You can find the source code and all releases of IAP Desktop on the project’s GitHub page.

Any opinions expressed on this blog are Johannes' own. Refer to the respective vendor’s product documentation for authoritative information.
« Back to home