summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>2009-02-21 16:09:08 -0500
committerDaniel Kahn Gillmor <dkg@fifthhorseman.net>2009-02-21 16:09:08 -0500
commitc32c51f0326fa1d27ad8aba929edcf79ffa3adda (patch)
treeb9adb83a5d05e1fcd462fa18a56be692b6ecce05
parent35559940b9ccab1df260da9da30dff5991a1778e (diff)
parent5eba4661d75f977b46c8db028c0e79241dd36d76 (diff)
merged jrollins/master
-rw-r--r--doc/TODO25
-rw-r--r--man/man8/monkeysphere-host.811
-rwxr-xr-xsrc/monkeysphere18
-rwxr-xr-xsrc/monkeysphere-host2
-rw-r--r--src/share/common17
-rw-r--r--src/share/m/ssh_proxycommand10
-rw-r--r--src/share/m/subkey_to_ssh_agent12
-rw-r--r--src/share/ma/update_users5
-rw-r--r--src/share/mh/import_key30
-rw-r--r--website/getting-started-admin.mdwn14
10 files changed, 43 insertions, 101 deletions
diff --git a/doc/TODO b/doc/TODO
index bd887d1..d365ac7 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -9,17 +9,6 @@ Handle unverified monkeysphere hosts in such a way that they're not
always removed from known_hosts file. Ask user to lsign the host
key?
-Work out the details (and describe a full use case) for assigning a
- REVOKER during monkeysphere-server gen_key -- how is this set? How
- do we export it so it's available when a second-party revocation is
- needed?
-
-Provide a friendly interactive UI for marginal or failing client-side
- hostkey verifications. Handle the common cases smoothly, and
- provide good debugging info for the unusual cases.
-
-Create ssh2openpgp or convert to full-fledged keytrans.
-
Resolve the bugs listed in openpgp2ssh(1):BUGS.
Understand and document the output of gpg --check-trustdb:
@@ -44,12 +33,6 @@ Make it easier to do domain-relative ssh host trust signatures with
Fix the order of questions when user does a tsign in gpg or gpg2.
-File bug against ssh-keygen about how "-R" option removes comments
- from known_hosts file.
-
-File bug against ssh-keygen to see if we can get it to write to hash a
- known_hosts file to/from stdout/stdin.
-
When using ssh-proxycommand, if only host keys found are expired or
revoked, then output loud warning with prompt, or fail hard.
@@ -63,14 +46,6 @@ Optimize keyserver access, particularly on monkeysphere-server
update-users -- is there a way to query the keyserver all in a
chunk?
-Create DSA authentication subkey for server during gen-key
-
-Fix behavior when add-identity-certifier fails to fetch a key from the
- keyserver.
-
-Allow server administrators to add-identity-certifier from a key in
- the filesystem (or on stdin, etc)
-
Think about packaging monkeysphere for other (non-apt-based) operating
systems. RPM-based linux systems, FreeBSD ports, and Mac OS X seem
like the most likely candidates.
diff --git a/man/man8/monkeysphere-host.8 b/man/man8/monkeysphere-host.8
index 0a9fc1b..7909b62 100644
--- a/man/man8/monkeysphere-host.8
+++ b/man/man8/monkeysphere-host.8
@@ -23,14 +23,13 @@ connection authentication.
\fBmonkeysphere-host\fP takes various subcommands:
.TP
-.B import-key FILE [NAME[:PORT]]
+.B import-key FILE NAME[:PORT]
Import a pem-encoded ssh secret host key from file FILE. If FILE
is '-', then the key will be imported from stdin. NAME[:PORT] is used
-to specify the hostname (and port) used in the user ID of the new
-OpenPGP key. If NAME is not specified, then the system
-fully-qualified domain name will be used (ie. `hostname -f'). If PORT
-is not specified, the no port is added to the user ID, which means
-port 22 is assumed. `i' may be used in place of `import-key'.
+to specify the fully-qualified hostname (and port) used in the user ID
+of the new OpenPGP key. If PORT is not specified, the no port is
+added to the user ID, which means port 22 is assumed. `i' may be used
+in place of `import-key'.
.TP
.B show-key
Output information about host's OpenPGP and SSH keys. `s' may be used
diff --git a/src/monkeysphere b/src/monkeysphere
index a65cef6..0d8f4ff 100755
--- a/src/monkeysphere
+++ b/src/monkeysphere
@@ -12,6 +12,8 @@
# or later.
########################################################################
+set -e
+
PGRM=$(basename $0)
SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"}
@@ -27,9 +29,6 @@ DATE=$(date -u '+%FT%T')
# unset some environment variables that could screw things up
unset GREP_OPTIONS
-# default return code
-RETURN=0
-
# set the file creation mask to be only owner rw
umask 077
@@ -87,9 +86,11 @@ check_gpg_sec_key_id() {
echo "$gpgSecOut" | cut -d: -f5
;;
*)
- echo "Multiple primary secret keys found:" | log error
- echo "$gpgSecOut" | cut -d: -f5 | log error
- echo "Please specify which primary key to use." | log error
+ echo "Multiple primary secret keys found:"
+ for key in $(echo "$gpgSecOut" | cut -d: -f5) ; do
+ echo " $key"
+ done
+ echo "Please specify which primary key to use."
failure
;;
esac
@@ -203,13 +204,11 @@ case $COMMAND in
# those hosts
if [ "$1" ] ; then
update_known_hosts "$@"
- RETURN="$?"
# otherwise, if no hosts are specified, process every host
# in the user's known_hosts file
else
process_known_hosts
- RETURN="$?"
fi
;;
@@ -219,7 +218,6 @@ case $COMMAND in
# process authorized_user_ids file
process_authorized_user_ids "$AUTHORIZED_USER_IDS"
- RETURN="$?"
;;
'import-subkey'|'i')
@@ -255,5 +253,3 @@ case $COMMAND in
Type '$PGRM help' for usage."
;;
esac
-
-exit "$RETURN"
diff --git a/src/monkeysphere-host b/src/monkeysphere-host
index efa48cd..540a8ab 100755
--- a/src/monkeysphere-host
+++ b/src/monkeysphere-host
@@ -54,7 +54,7 @@ usage: $PGRM <subcommand> [options] [args]
Monkeysphere host admin tool.
subcommands:
- import-key (i) FILE [NAME[:PORT]] import existing ssh key to gpg
+ import-key (i) FILE NAME[:PORT] import existing ssh key to gpg
show-key (s) output all host key information
publish-key (p) publish host key to keyserver
set-expire (e) [EXPIRE] set host key expiration
diff --git a/src/share/common b/src/share/common
index 653d58b..5e0cb6a 100644
--- a/src/share/common
+++ b/src/share/common
@@ -586,8 +586,8 @@ gpg2authorized_keys() {
# FIXME: need to figure out how to retrieve all matching keys
# (not just first N (5 in this case))
gpg_fetch_userid() {
+ local returnCode=0
local userID
- local returnCode
if [ "$CHECK_KEYSERVER" != 'true' ] ; then
return 0
@@ -626,6 +626,7 @@ gpg_fetch_userid() {
#
# expects global variable: "MODE"
process_user_id() {
+ local returnCode=0
local userID
local requiredCapability
local requiredPubCapability
@@ -657,10 +658,10 @@ process_user_id() {
# output gpg info for (exact) userid and store
gpgOut=$(gpg --list-key --fixed-list-mode --with-colon \
--with-fingerprint --with-fingerprint \
- ="$userID" 2>/dev/null)
+ ="$userID" 2>/dev/null) || returnCode="$?"
# if the gpg query return code is not 0, return 1
- if [ "$?" -ne 0 ] ; then
+ if [ "$returnCode" -ne 0 ] ; then
log verbose " no primary keys found."
return 1
fi
@@ -890,6 +891,7 @@ process_host_known_hosts() {
# update the known_hosts file for a set of hosts listed on command
# line
update_known_hosts() {
+ local returnCode=0
local nHosts
local nHostsOK
local nHostsBAD
@@ -919,9 +921,9 @@ update_known_hosts() {
for host ; do
# process the host
- process_host_known_hosts "$host"
+ process_host_known_hosts "$host" || returnCode="$?"
# note the result
- case "$?" in
+ case "$returnCode" in
0)
nHostsOK=$((nHostsOK+1))
;;
@@ -1043,6 +1045,7 @@ process_uid_authorized_keys() {
# update the authorized_keys files from a list of user IDs on command
# line
update_authorized_keys() {
+ local returnCode=0
local userID
local nIDs
local nIDsOK
@@ -1072,10 +1075,10 @@ update_authorized_keys() {
for userID ; do
# process the user ID, change return code if key not found for
# user ID
- process_uid_authorized_keys "$userID"
+ process_uid_authorized_keys "$userID" || returnCode="$?"
# note the result
- case "$?" in
+ case "$returnCode" in
0)
nIDsOK=$((nIDsOK+1))
;;
diff --git a/src/share/m/ssh_proxycommand b/src/share/m/ssh_proxycommand
index bd09588..abe068d 100644
--- a/src/share/m/ssh_proxycommand
+++ b/src/share/m/ssh_proxycommand
@@ -18,6 +18,7 @@
# "marginal case" ouput in the case that there is not a full
# validation path to the host
output_no_valid_key() {
+ local returnCode=0
local sshKeyOffered
local userID
local type
@@ -112,11 +113,11 @@ EOF
fi
;;
esac
- done
+ done || returnCode="$?"
# if no key match was made (and the "while read" subshell returned
# 1) output how many keys were found
- if (($? != 1)) ; then
+ if (( returnCode != 1 )) ; then
cat <<EOF | log info
None of the found keys matched the key offered by the host.
Run the following command for more info about the found keys:
@@ -200,12 +201,13 @@ fi
CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=$CHECK_KEYSERVER}
# update the known_hosts file for the host
-update_known_hosts "$HOSTP"
+local returnCode=0
+update_known_hosts "$HOSTP" || returnCode="$?"
# output on depending on the return of the update-known_hosts
# subcommand, which is (ultimately) the return code of the
# update_known_hosts function in common
-case $? in
+case "$returnCode" in
0)
# acceptable host key found so continue to ssh
true
diff --git a/src/share/m/subkey_to_ssh_agent b/src/share/m/subkey_to_ssh_agent
index 818f4f7..7fb2fdb 100644
--- a/src/share/m/subkey_to_ssh_agent
+++ b/src/share/m/subkey_to_ssh_agent
@@ -14,11 +14,11 @@
# try to add all authentication subkeys to the agent
subkey_to_ssh_agent() {
- local sshaddresponse
+ local sshaddresponse=0
local secretkeys
local authsubkeys
local workingdir
- local keysuccess
+ local keysuccess=0
local subkey
local publine
local kname
@@ -38,8 +38,7 @@ For more details, see:
# and if it looks like it's running, but we can't actually talk to
# it, bail out:
- ssh-add -l >/dev/null
- sshaddresponse="$?"
+ ssh-add -l >/dev/null || sshaddresponse="$?"
if [ "$sshaddresponse" = "2" ]; then
failure "Could not connect to ssh-agent"
fi
@@ -100,8 +99,7 @@ You might want to 'monkeysphere gen-subkey'"
passphrase_prompt "Enter passphrase for key $kname: " "$workingdir/passphrase"
wait %2
- fi
- keysuccess="$?"
+ fi || keysuccess="$?"
rm -f "$workingdir/$kname"
done
@@ -112,5 +110,5 @@ You might want to 'monkeysphere gen-subkey'"
# FIXME: sort out the return values: we're just returning the
# success or failure of the final authentication subkey in this
# case. What if earlier ones failed?
- exit "$keysuccess"
+ return "$keysuccess"
}
diff --git a/src/share/ma/update_users b/src/share/ma/update_users
index 092d108..bfefc31 100644
--- a/src/share/ma/update_users
+++ b/src/share/ma/update_users
@@ -93,8 +93,8 @@ for uname in $unames ; do
# process authorized_user_ids file, as monkeysphere user
su_monkeysphere_user \
- ". ${SYSSHAREDIR}/common; process_authorized_user_ids $TMP_AUTHORIZED_USER_IDS"
- RETURN="$?"
+ ". ${SYSSHAREDIR}/common; process_authorized_user_ids $TMP_AUTHORIZED_USER_IDS" \
+ || RETURN="$?"
else
log debug "not processing authorized_user_ids."
fi
@@ -154,4 +154,5 @@ for uname in $unames ; do
rm -rf "$TMPLOC"
done
+return $RETURN
}
diff --git a/src/share/mh/import_key b/src/share/mh/import_key
index c545388..f7c69c3 100644
--- a/src/share/mh/import_key
+++ b/src/share/mh/import_key
@@ -26,39 +26,13 @@ if [ -z "$sshKeyFile" ] ; then
failure "Must specify ssh key file to import, or specify '-' for stdin."
fi
-# use the default hostname if not specified
+# fail if hostname not specified
if [ -z "$hostName" ] ; then
- hostName=$(hostname -f) || failure "Could not determine hostname."
- # test that the domain is not obviously illegitimate
- domain=${foo##*.}
- case $domain in
- 'local'|'localdomain')
- failure "Host domain '$domain' is not legitimate. Aborting key import."
- ;;
- esac
- # test that there are at least two parts
- if (( $(echo "$hostName" | tr . ' ' | wc -w) < 2 )) ; then
- failure "Host name '$hostName' is not legitimate. Aborting key import."
- fi
+ failure "You must specify a fully-qualified domain name for use in the host certificate user ID."
fi
userID="ssh://${hostName}"
-if [ "$PROMPT" = "true" ] ; then
- cat <<EOF
-The ssh key will be imported and an OpenPGP certificate for this host
-will be generated with the following user ID:
- $userID
-EOF
- read -p "Are you sure you would like to create certificate? [Y/n] " OK; OK=${OK:-Y}
- if [ "${OK/y/Y}" != 'Y' ] ; then
- failure "ssh key not imported."
- fi
-else
- log debug "importing key without prompting."
-fi
-
-
# create host home
mkdir -p "${MHDATADIR}"
mkdir -p "${GNUPGHOME_HOST}"
diff --git a/website/getting-started-admin.mdwn b/website/getting-started-admin.mdwn
index 6bdd166..ca44956 100644
--- a/website/getting-started-admin.mdwn
+++ b/website/getting-started-admin.mdwn
@@ -22,19 +22,13 @@ To begin, you must first import an ssh host key. This assumes that
you have the ssh server installed, and that you have generated a host
RSA key. Once that has been done, import the key:
- # monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key
+ # monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key server.example.net
This will generate an OpenPGP certificate for the server. The primary
user ID for this certificate will be the ssh service URI for the host,
-which by default is based on the output of `hostname -f`
-(eg. `ssh://server.example.net`). If the name determined from
-`hostname -f` is not the name you want to have in the service URI,
-then you can provide one manually:
-
- # monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key host.example.net
-
-The hostname you provide should probably be a fully qualified domain
-name for the host in order for your users to find it.
+(eg. `ssh://server.example.net`). Remember that the name you provide
+here should probably be a fully qualified domain name for the host in
+order for your users to find it.
Now you can display information about the host key's certificate with
the 'show-key' command: