diff options
| author | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2008-06-19 00:13:39 -0400 |
|---|---|---|
| committer | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2008-06-19 00:13:39 -0400 |
| commit | 10d38ac8e8580322d533c3c5e1b7fad13363b7e5 (patch) | |
| tree | b3dd9d8ddadd8da76b15119f86ec8097f1b15913 | |
| parent | 18c15c1adf65d47df5b3753c99f06092d81906d0 (diff) | |
| parent | fadd814ce4351c3869e49d91b31aa5b2efc68a01 (diff) | |
Merge commit 'jrollins/master'
| -rw-r--r-- | doc/TODO | 31 | ||||
| -rw-r--r-- | doc/george/changelog | 3 | ||||
| -rw-r--r-- | etc/monkeysphere.conf | 6 | ||||
| -rw-r--r-- | src/common | 8 | ||||
| -rwxr-xr-x | src/monkeysphere | 2 | ||||
| -rwxr-xr-x | src/monkeysphere-ssh-proxycommand | 46 |
6 files changed, 73 insertions, 23 deletions
@@ -3,21 +3,19 @@ Next-Steps Monkeysphere Projects: Detail advantages of monkeysphere: detail the race conditions in ssh, and how the monkeysphere can help you reduce these threat vectors: - threat model reduction diagrams + threat model reduction diagrams. Determine how openssh handles multiple processes writing to - known_hosts file (atomic appends?) + known_hosts/authorized_keys files (lockfile, atomic appends?) Handle unknown hosts in such a way that they're not always removed from known_hosts file. Ask user to lsign the host key? -Handle multiple multiple hostnames (multiple user IDs?) when - generating host keys with gen-key. +Handle multiple hostnames (multiple user IDs?) when generating host + keys with gen-key. Make sure alternate ports are handled for known_hosts. -Add environment variables sections to man pages. - Script to import private key into ssh agent. Provide a friendly interactive UI for marginal or failing client-side @@ -56,3 +54,24 @@ Make it easier to do domain-relative ssh host trust signatures with "tsign" in gpg(1). Fix the order of questions when user does a tsign in gpg or gpg2. + +File bug against ssh-keygen about how "-R" option removes comments + from known_hosts file. + +File bug against ssh-keygen to see if we can get it to write to hash a + known_hosts file to/from stdout/stdin. + +Add environment variables sections to man pages. + +Environment variable scoping. + +Move environment variable precedence before conf file. + +When using ssh-proxycommand, if only host keys found are expired or + revoked, then output loud warning with prompt, or fail hard. + +Update monkeysphere-ssh-proxycommand man page with new keyserver + checking policy info. + +Update monkeysphere-ssh-proxycommand man page with info about + no-connect option. diff --git a/doc/george/changelog b/doc/george/changelog index 2442061..5d35355 100644 --- a/doc/george/changelog +++ b/doc/george/changelog @@ -7,6 +7,9 @@ * changes to this system * ****************************************************************************** +2008-06-18 - jrollins + * installed less, emacs; + * aptitude update && aptitude dist-upgrade 2008-06-18 - micah * debootstrap'd debian etch install diff --git a/etc/monkeysphere.conf b/etc/monkeysphere.conf index 17c1a14..f2ba4a7 100644 --- a/etc/monkeysphere.conf +++ b/etc/monkeysphere.conf @@ -15,7 +15,7 @@ # s = sign # c = certify # a = authentication -#REQUIRED_HOST_KEY_CAPABILITY="e a" +#REQUIRED_HOST_KEY_CAPABILITY="a" #REQUIRED_USER_KEY_CAPABILITY="a" # ssh known_hosts file @@ -27,3 +27,7 @@ # ssh authorized_keys file #AUTHORIZED_KEYS=~/.ssh/known_hosts + +# This overrides other environment variables +# NOTE: there is leakage +#CHECK_KEYRING=true @@ -73,7 +73,7 @@ unescape() { } # remove all lines with specified string from specified file -remove_file_line() { +remove_line() { local file local string @@ -395,7 +395,7 @@ remove_userid() { # remove user ID from file log -n " removing user ID '$userID'... " - remove_file_line "$AUTHORIZED_USER_IDS" "^${userID}$" + remove_line "$AUTHORIZED_USER_IDS" "^${userID}$" loge "done." } @@ -416,7 +416,7 @@ process_host_known_hosts() { while read -r ok keyid ; do sshKey=$(gpg2ssh "$keyid") # remove the old host key line - remove_file_line "$KNOWN_HOSTS" "$sshKey" + remove_line "$KNOWN_HOSTS" "$sshKey" # if key OK, add new host line if [ "$ok" -eq '0' ] ; then # hash if specified @@ -449,7 +449,7 @@ process_uid_authorized_keys() { while read -r ok keyid ; do sshKey=$(gpg2ssh "$keyid") # remove the old host key line - remove_file_line "$AUTHORIZED_KEYS" "$sshKey" + remove_line "$AUTHORIZED_KEYS" "$sshKey" # if key OK, add new host line if [ "$ok" -eq '0' ] ; then ssh2authorized_keys "$userID" "$sshKey" >> "$AUTHORIZED_KEYS" diff --git a/src/monkeysphere b/src/monkeysphere index 6853f58..a6cecfd 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -115,7 +115,7 @@ AUTHORIZED_USER_IDS=${AUTHORIZED_USER_IDS:-"${MS_HOME}/authorized_user_ids"} GNUPGHOME=${GNUPGHOME:-"${HOME}/.gnupg"} KEYSERVER=${KEYSERVER:-"subkeys.pgp.net"} CHECK_KEYSERVER=${CHECK_KEYSERVER:="true"} -REQUIRED_HOST_KEY_CAPABILITY=${REQUIRED_HOST_KEY_CAPABILITY:-"e a"} +REQUIRED_HOST_KEY_CAPABILITY=${REQUIRED_HOST_KEY_CAPABILITY:-"a"} REQUIRED_USER_KEY_CAPABILITY=${REQUIRED_USER_KEY_CAPABILITY:-"a"} KNOWN_HOSTS=${KNOWN_HOSTS:-"${HOME}/.ssh/known_hosts"} AUTHORIZED_KEYS=${AUTHORIZED_KEYS:-"${HOME}/.ssh/authorized_keys"} diff --git a/src/monkeysphere-ssh-proxycommand b/src/monkeysphere-ssh-proxycommand index 4b90a0d..4cbcd51 100755 --- a/src/monkeysphere-ssh-proxycommand +++ b/src/monkeysphere-ssh-proxycommand @@ -13,9 +13,6 @@ # established. Can be added to ~/.ssh/config as follows: # ProxyCommand monkeysphere-ssh-proxycommand %h %p -HOST="$1" -PORT="$2" - usage() { cat <<EOF >&2 usage: ssh -o ProxyCommand="$(basename $0) %h %p" ... @@ -26,6 +23,14 @@ log() { echo "$@" >&2 } +if [ "$1" = '--no-connect' ] ; then + NO_CONNECT='true' + shift 1 +fi + +HOST="$1" +PORT="$2" + if [ -z "$HOST" ] ; then log "host must be specified." usage @@ -37,20 +42,39 @@ if [ -z "$PORT" ] ; then exit 1 fi -# check for the host key in the known_hosts file -hostKey=$(ssh-keygen -F "$HOST") +# set the host URI +URI="ssh://${HOST}" +if [ "$PORT" != '22' ] ; then + URI="${URI}:$PORT" +fi -# if the host key is found in the known_hosts file, -# don't check the keyserver -if [ "$hostKey" ] ; then +# if the host is in the gpg keyring... +if gpg --list-key ="${URI}" >/dev/null ; then + # do not check the keyserver CHECK_KEYSERVER="false" +# if the host is NOT in the keyring... else - CHECK_KEYSERVER="true" + # if the host key is found in the known_hosts file... + # FIXME: this only works for default known_hosts location + hostKey=$(ssh-keygen -F "$HOST") + if [ "$hostKey" ] ; then + # if the check keyserver variable is NOT set to true... + if [ "$CHECK_KEYSERVER" != 'true' ] ; then + # schedule a keyserver check for host at a later time + echo "monkeysphere update-known_hosts $HOST" | at noon + fi + # if the host key is not found in the known_hosts file... + else + # check the keyserver + CHECK_KEYSERVER="true" + fi fi export CHECK_KEYSERVER # update the known_hosts file for the host -monkeysphere update-known-hosts "$HOST" +monkeysphere update-known_hosts "$HOST" # exec a netcat passthrough to host for the ssh connection -exec nc "$HOST" "$PORT" +if [ -z "$NO_CONNECT" ] ; then + exec nc "$HOST" "$PORT" +fi |