diff options
| author | Matt Goins <mjgoins@openflows.com> | 2008-11-16 11:18:38 -0500 |
|---|---|---|
| committer | Matt Goins <mjgoins@openflows.com> | 2008-11-16 11:18:38 -0500 |
| commit | e7c994d6f67d380ed0de21f1500ec395eaab6640 (patch) | |
| tree | e4c81a45e2dcfdd46409beab222d122751f5f6d7 | |
| parent | 9aec501a27b51523165a05c4c4da0cc9251424e8 (diff) | |
| parent | 5d9949335aeb1dec04f530cbb3dfcac24288706a (diff) | |
Merge commit 'dkg/master'
29 files changed, 377 insertions, 65 deletions
@@ -1,4 +1,4 @@ -MonkeySphere is a system to use the OpenPGP web-of-trust to +Monkeysphere is a system to use the OpenPGP web-of-trust to authenticate and encrypt ssh connections. It is free software, developed by: @@ -7,17 +7,17 @@ It is free software, developed by: Jamie McClelland <jamie@mayfirst.org> Micah Anderson <micah@riseup.net> Matthew Goins <mjgoins@openflows.com> - Mike Castleman <mlcastle@mlcastle.net> + Mike Castleman <m@mlcastle.net> Elliot Winard <enw@caveteen.com> Ross Glover <ross@ross.mayfirst.org> Greg Lyle <greg@stealthisemail.com> -MonkeySphere is distributed in the hope that it will be useful, but +Monkeysphere is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. -MonkeySphere Copyright 2007, and are all released under the GPL, +Monkeysphere Copyright 2007, and are all released under the GPL, version 3 or later. @@ -1,4 +1,11 @@ -MONKEYSPHERE_VERSION = `head -n1 debian/changelog | sed 's/.*(\([^-]*\)-.*/\1/'` +#!/usr/bin/make -f + +# Makefile for monkeysphere + +# (c) 2008 Daniel Kahn Gillmor <dkg@fifthhorseman.net> +# Licensed under GPL v3 or later + +MONKEYSPHERE_VERSION = `head -n1 packaging/debian/changelog | sed 's/.*(\([^-]*\)-.*/\1/'` # these defaults are for debian. porters should probably adjust them # before calling make install @@ -22,7 +29,7 @@ tarball: clean debian-package: tarball tar xzf monkeysphere_$(MONKEYSPHERE_VERSION).orig.tar.gz - cp -a debian monkeysphere-$(MONKEYSPHERE_VERSION) + cp -a packaging/debian monkeysphere-$(MONKEYSPHERE_VERSION) (cd monkeysphere-$(MONKEYSPHERE_VERSION) && debuild -uc -us) rm -rf monkeysphere-$(MONKEYSPHERE_VERSION) diff --git a/changelog b/changelog new file mode 120000 index 0000000..4264fa4 --- /dev/null +++ b/changelog @@ -0,0 +1 @@ +packaging/debian/changelog
\ No newline at end of file diff --git a/doc/zimmerman/changelog b/doc/zimmerman/changelog new file mode 100644 index 0000000..e833b1e --- /dev/null +++ b/doc/zimmerman/changelog @@ -0,0 +1,19 @@ +****************************************************************************** +* * +* zimmerman system log * +* * +****************************************************************************** +* Please add new entries in reverse chronological order whenever you make * +* changes to this system (first command at top, last at bottom) * +****************************************************************************** + +2008-11-15 - micah + * aptitude update && aptitude full-upgrade + * aptitude install sks + * cd /var/lib/sks/dump ; wget -q -r -np -nd -A bz2,SHA256,asc \ + http://nynex.net/keydump/ -e robots=off + * install monkeysphere 0.21-2 package + +2008-11-15 - jamie + * aptitude install esmtp-run mailx + * edited /etc/esmtp-run, configured to relay to bulk.mayfirst.org diff --git a/debian/changelog b/packaging/debian/changelog index 300175d..3b7432b 100644 --- a/debian/changelog +++ b/packaging/debian/changelog @@ -1,13 +1,48 @@ -monkeysphere (0.20-1) UNRELEASED; urgency=low +monkeysphere (0.22~pre-1) UNRELEASED; urgency=low + + * New upstream release: + [ Jameson Rollins ] + + - added info log output when a new key is added to known_hosts file. + - added some useful output to the ssh-proxycommand for "marginal" + cases where keys are found for host but do not have full validity. + + [ Daniel Kahn Gillmor ] + + - automatically output two copies of the host's public key: one + standard ssh public key file, and the other a minimal OpenPGP key with + just the latest valid self-sig. + + -- Jameson Graef Rollins <jrollins@finestructure.net> Sun, 16 Nov 2008 03:22:08 -0500 + +monkeysphere (0.21-2) unstable; urgency=low + + * actually rmdir /var/lib/monkeysphere-* during prerm if possible. + + -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sat, 15 Nov 2008 16:36:57 -0500 + +monkeysphere (0.21-1) unstable; urgency=low + + * New upstream release: + - move debian packaging to packaging subdirectory. + * Add debian prerm script, and add debhelper lines to other install + scripts. + * Initial release to Debian (Closes: #505806) + + -- Jameson Graef Rollins <jrollins@finestructure.net> Sat, 15 Nov 2008 16:14:27 -0500 + +monkeysphere (0.20-1) unstable; urgency=low - [ Jameson Graef Rollins ] - * clean up Makefile to generate more elegant source tarballs. - [ Daniel Kahn Gillmor ] * ensure that tempdirs are properly created, bail out otherwise instead of stumbling ahead. + * minor fussing with the test script to make it cleaner. + + [ Jameson Graef Rollins ] + * clean up Makefile to generate more elegant source tarballs. + * make myself the maintainer. - -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 30 Oct 2008 15:03:23 -0400 + -- Jameson Graef Rollins <jrollins@finestructure.net> Sat, 15 Nov 2008 13:12:57 -0500 monkeysphere (0.19-1) experimental; urgency=low diff --git a/debian/compat b/packaging/debian/compat index 7f8f011..7f8f011 100644 --- a/debian/compat +++ b/packaging/debian/compat diff --git a/debian/control b/packaging/debian/control index ccc3ad2..4c836b4 100644 --- a/debian/control +++ b/packaging/debian/control @@ -1,8 +1,8 @@ Source: monkeysphere Section: net Priority: extra -Maintainer: Daniel Kahn Gillmor <dkg@fifthhorseman.net> -Uploaders: Jameson Graef Rollins <jrollins@finestructure.net> +Maintainer: Jameson Graef Rollins <jrollins@finestructure.net> +Uploaders: Daniel Kahn Gillmor <dkg@fifthhorseman.net> Build-Depends: debhelper (>= 7.0), libgnutls-dev (>= 2.4.0) Standards-Version: 3.8.0.1 Homepage: http://web.monkeysphere.info/ diff --git a/debian/copyright b/packaging/debian/copyright index 4c25286..4c25286 100644 --- a/debian/copyright +++ b/packaging/debian/copyright diff --git a/debian/monkeysphere.dirs b/packaging/debian/monkeysphere.dirs index 1f9e66b..1f9e66b 100644 --- a/debian/monkeysphere.dirs +++ b/packaging/debian/monkeysphere.dirs diff --git a/debian/monkeysphere.postinst b/packaging/debian/monkeysphere.postinst index 02d6304..8f1fe77 100755 --- a/debian/monkeysphere.postinst +++ b/packaging/debian/monkeysphere.postinst @@ -26,3 +26,10 @@ ln -sTf "$ETC"/gnupg-host.conf "$VARLIB"/gnupg-host/gpg.conf install --owner monkeysphere --group monkeysphere --mode 700 -d "$VARLIB"/gnupg-authentication # link in the gpg.conf ln -sTf "$ETC"/gnupg-authentication.conf "$VARLIB"/gnupg-authentication/gpg.conf + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/debian/monkeysphere.postrm b/packaging/debian/monkeysphere.postrm index 8f87ed3..7c0fede 100755 --- a/debian/monkeysphere.postrm +++ b/packaging/debian/monkeysphere.postrm @@ -7,7 +7,6 @@ case $1 in purge) - rmdir --ignore-fail-on-non-empty /var/lib/monkeysphere || true echo "removing monkeysphere user..." userdel monkeysphere > /dev/null || true ;; diff --git a/debian/monkeysphere.preinst b/packaging/debian/monkeysphere.preinst index 860286b..528da84 100755 --- a/debian/monkeysphere.preinst +++ b/packaging/debian/monkeysphere.preinst @@ -20,3 +20,10 @@ if [ -f "$VARLIB"/gnupg-authentication/gpg.conf -a ! -L "$VARLIB"/gnupg-authenti chown root:root "$ETC"/gpg-authentication.conf ln -s "$ETC"/gpg-authentication.conf "$VARLIB"/gnupg-authentication/gpg.conf fi + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/packaging/debian/monkeysphere.prerm b/packaging/debian/monkeysphere.prerm new file mode 100755 index 0000000..00523a1 --- /dev/null +++ b/packaging/debian/monkeysphere.prerm @@ -0,0 +1,20 @@ +#!/bin/sh -e + +# prerm script for monkeysphere + +# Author: Jameson Rollins <jrollins@fifthhorseman.net> +# Copyright 2008 + +VARLIB="/var/lib/monkeysphere" + +rm -f "$VARLIB"/gnupg-host/gpg.conf +rm -f "$VARLIB"/gnupg-authentication/gpg.conf +rmdir --ignore-fail-on-non-empty "$VARLIB"/gnupg-host +rmdir --ignore-fail-on-non-empty "$VARLIB"/gnupg-authentication + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/debian/rules b/packaging/debian/rules index cbe925d..cbe925d 100755 --- a/debian/rules +++ b/packaging/debian/rules diff --git a/packaging/freebsd/security/monkeysphere/pkg-plist b/packaging/freebsd/security/monkeysphere/pkg-plist index 04a704a..9d9d40a 100644 --- a/packaging/freebsd/security/monkeysphere/pkg-plist +++ b/packaging/freebsd/security/monkeysphere/pkg-plist @@ -13,6 +13,12 @@ etc/monkeysphere/monkeysphere.conf.sample @unexec if cmp -s %D/etc/monkeysphere/monkeysphere-server.conf.sample %D/etc/monkeysphere/monkeysphere-server.conf; then rm -f %D/etc/monkeysphere/monkeysphere-server.conf; fi etc/monkeysphere/monkeysphere-server.conf.sample @exec if [ ! -f %D/etc/monkeysphere/monkeysphere-server.conf ] ; then cp -p %D/%F %B/monkeysphere-server.conf; fi +@unexec if cmp -s %D/etc/monkeysphere/gnupg-host.conf.sample %D/etc/monkeysphere/gnupg-host.conf; then rm -f %D/etc/monkeysphere/gnupg-host.conf; fi +etc/monkeysphere/gnupg-host.conf.sample +@exec if [ ! -f %D/etc/monkeysphere/gnupg-host.conf ] ; then cp -p %D/%F %B/gnupg-host.conf; fi +@unexec if cmp -s %D/etc/monkeysphere/gnupg-authentication.conf.sample %D/etc/monkeysphere/gnupg-authentication.conf; then rm -f %D/etc/monkeysphere/gnupg-authentication.conf; fi +etc/monkeysphere/gnupg-authentication.conf.sample +@exec if [ ! -f %D/etc/monkeysphere/gnupg-authentication.conf ] ; then cp -p %D/%F %B/gnupg-authentication.conf; fi @dirrm share/doc/monkeysphere @dirrm share/monkeysphere @dirrm etc/monkeysphere @@ -742,6 +742,7 @@ process_user_id() { process_host_known_hosts() { local host local userID + local noKey= local nKeys local nKeysOK local ok @@ -768,8 +769,9 @@ process_host_known_hosts() { continue fi - # remove the old host key line, and note if removed - remove_line "$KNOWN_HOSTS" "$sshKey" + # remove any old host key line, and note if removed nothing is + # removed + remove_line "$KNOWN_HOSTS" "$sshKey" || noKey=true # if key OK, add new host line if [ "$ok" -eq '0' ] ; then @@ -788,6 +790,11 @@ process_host_known_hosts() { else ssh2known_hosts "$host" "$sshKey" >> "$KNOWN_HOSTS" fi + + # log if this is a new key to the known_hosts file + if [ "$noKey" ] ; then + log info "* new key for $host added to known_hosts file." + fi fi done diff --git a/src/monkeysphere-server b/src/monkeysphere-server index e78903b..bb26c04 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -134,10 +134,10 @@ show_server_key() { # dumping to a file named ' ' so that the ssh-keygen output # doesn't claim any potentially bogus hostname(s): - tmpkey=$(mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!" - gpg_authentication "--export $fingerprint" | openpgp2ssh "$fingerprint" 2>/dev/null > "$tmpkey/ " + tmpkey=$(mktemp ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!" + gpg_authentication "--export $fingerprint" | openpgp2ssh "$fingerprint" 2>/dev/null > "$tmpkey" echo -n "ssh fingerprint: " - (cd "$tmpkey" && ssh-keygen -l -f ' ' | awk '{ print $2 }') + ssh-keygen -l -f "$tmpkey" | awk '{ print $1, $2, $4 }' rm -rf "$tmpkey" echo -n "OpenPGP fingerprint: " echo "$fingerprint" @@ -399,7 +399,11 @@ EOF (umask 077 && \ gpg_host --export-secret-key "$fingerprint" | \ openpgp2ssh "$fingerprint" > "${SYSDATADIR}/ssh_host_rsa_key") - log info "private SSH host key output to file: ${SYSDATADIR}/ssh_host_rsa_key" + log info "SSH host private key output to file: ${SYSDATADIR}/ssh_host_rsa_key" + ssh-keygen -y -f "${SYSDATADIR}/ssh_host_rsa_key" > "${SYSDATADIR}/ssh_host_rsa_key.pub" + log info "SSH host public key output to file: ${SYSDATADIR}/ssh_host_rsa_key.pub" + gpg_authentication --export-options export-minimal --export "0x${fingerprint}!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" + log info "SSH host public key in OpenPGP form: ${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" } # extend the lifetime of a host key: diff --git a/src/monkeysphere-ssh-proxycommand b/src/monkeysphere-ssh-proxycommand index 6276092..b039844 100755 --- a/src/monkeysphere-ssh-proxycommand +++ b/src/monkeysphere-ssh-proxycommand @@ -14,13 +14,83 @@ # ProxyCommand monkeysphere-ssh-proxycommand %h %p ######################################################################## +PGRM=$(basename $0) + +SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"} +export SYSSHAREDIR +. "${SYSSHAREDIR}/common" || exit 1 + +######################################################################## +# FUNCTIONS +######################################################################## usage() { -cat <<EOF >&2 + cat <<EOF >&2 usage: ssh -o ProxyCommand="$(basename $0) %h %p" ... EOF } +log() { + echo "$@" >&2 +} + +output_no_valid_key() { + local sshKeyOffered + local userID + local type + local validity + local keyid + local uidfpr + local usage + local sshKeyGPG + local sshFingerprint + + log "OpenPGP keys with*out* full validity found for this host:" + log + + # retrieve the actual ssh key + sshKeyOffered=$(ssh-keyscan -t rsa -p "$PORT" "$HOST" 2>/dev/null | awk '{ print $2, $3 }') + + userID="ssh://${HOSTP}" + + # output gpg info for (exact) userid and store + gpgOut=$(gpg --list-key --fixed-list-mode --with-colon \ + --with-fingerprint --with-fingerprint \ + ="$userID" 2>/dev/null) + + # loop over all lines in the gpg output and process. + echo "$gpgOut" | cut -d: -f1,2,5,10,12 | \ + while IFS=: read -r type validity keyid uidfpr usage ; do + case $type in + 'pub'|'sub') + # get the ssh key of the gpg key + sshKeyGPG=$(gpg2ssh "$keyid") + + # if one of keys found matches the one offered by the + # host, then output info + if [ "$sshKeyGPG" = "$sshKeyOffered" ] ; then + + # get the fingerprint of the ssh key + tmpkey=$(mktemp ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX) + echo "$sshKeyGPG" > "$tmpkey" + sshFingerprint=$(ssh-keygen -l -f "$tmpkey" | awk '{ print $2 }') + rm -rf "$tmpkey" + + # output gpg info + gpg --check-sigs \ + --list-options show-uid-validity \ + "$keyid" >&2 + + # output ssh fingerprint + log "RSA key fingerprint is ${sshFingerprint}." + log "Falling through to standard ssh host checking." + log + fi + ;; + esac + done +} + ######################################################################## # export the monkeysphere log level @@ -35,7 +105,7 @@ HOST="$1" PORT="$2" if [ -z "$HOST" ] ; then - echo "Host not specified." >&2 + log "Host not specified." usage exit 255 fi @@ -88,6 +158,30 @@ export MONKEYSPHERE_CHECK_KEYSERVER # update the known_hosts file for the host monkeysphere update-known_hosts "$HOSTP" +# output on depending on the return of the update-known_hosts +# subcommand, which is (ultimately) the return code of the +# update_known_hosts function in common +case $? in + 0) + # acceptable host key found so continue to ssh + true + ;; + 1) + # no hosts at all found so also continue (drop through to + # regular ssh host verification) + true + ;; + 2) + # at least one *bad* host key (and no good host keys) was + # found, so output some usefull information + output_no_valid_key + ;; + *) + # anything else drop through + true + ;; +esac + # exec a netcat passthrough to host for the ssh connection if [ -z "$NO_CONNECT" ] ; then if (which nc 2>/dev/null >/dev/null); then diff --git a/tests/basic b/tests/basic index 289a1b7..5ba7a25 100755 --- a/tests/basic +++ b/tests/basic @@ -13,10 +13,11 @@ # all subcommands in this script should complete without failure: set -e +# piped commands should return the code of the first non-zero return +set -o pipefail ## make sure that the right tools are installed to run the test. the ## test has *more* requirements than plain ol' monkeysphere: - which socat || { echo "You must have socat installed to run this test." ; exit 1; } ## FIXME: other checks? @@ -53,6 +54,7 @@ ssh_test() { # kill the sshd process if it's still running kill "$SSHD_PID" + SSHD_PID= set -e @@ -86,9 +88,16 @@ cleanup() { echo "### removing temp dir..." rm -rf "$TEMPDIR" + if [ "$SSHD_PID" ] ; then + echo "### killing off lingering sshd..." + kill "$SSHD_PID" + fi + wait } +SSHD_PID= + ## setup trap trap failed_cleanup EXIT @@ -120,7 +129,6 @@ export MONKEYSPHERE_LOG_LEVEL=DEBUG export SSHD_CONFIG="$TEMPDIR"/sshd_config export SOCKET="$TEMPDIR"/ssh-socket -export SSHD_PID= # Make sure $DISPLAY is set to convince ssh and monkeysphere to fall # back on $SSH_ASKPASS. Make sure it's not set to the current actual diff --git a/utils/build-freebsd-distinfo b/utils/build-freebsd-distinfo index a333ba7..53fcd69 100755 --- a/utils/build-freebsd-distinfo +++ b/utils/build-freebsd-distinfo @@ -1,6 +1,6 @@ #!/bin/bash -VERSION=`head -n1 debian/changelog | sed 's/.*(\([^-]*\)-.*/\1/'` +VERSION=`head -n1 packaging/debian/changelog | sed 's/.*(\([^-]*\)-.*/\1/'` { echo "MD5 (monkeysphere_${VERSION}.orig.tar.gz) =" $(md5sum "monkeysphere_${VERSION}.orig.tar.gz" | cut -f1 -d\ ) diff --git a/utils/build-releasenote b/utils/build-releasenote index f7561da..522917c 100755 --- a/utils/build-releasenote +++ b/utils/build-releasenote @@ -1,6 +1,6 @@ #!/bin/bash -VERSION=`head -n1 debian/changelog | sed 's/.*(\([^)]*\)).*/\1/'` +VERSION=`head -n1 packaging/debian/changelog | sed 's/.*(\([^)]*\)).*/\1/'` { sed "s/__VERSION__/$VERSION/g" < utils/releasenote.header diff --git a/website/bugs/useful-information.mdwn b/website/bugs/useful-information.mdwn new file mode 100644 index 0000000..62094bb --- /dev/null +++ b/website/bugs/useful-information.mdwn @@ -0,0 +1,24 @@ +I would like to know, at INFO (default) log level, when the +monkeyspehere makes a "real" modification to my known_hosts file; that +is, when it adds or deletes a key. + +Apparently this is hard because monkeysphere is currently configured to +delete all keys and then add good keys, so a key added for the first +time seems to the monkeysphere very similar to a key re-added ten +seconds after last login. + +Still, from a UI perspective, I want to know what monkeysphere is doing. + +------ + +It looks like jrollins committed a change for reporting at INFO level +when a host key gets added by the monkeysphere: +2459fa3ea277d7b9289945748619eab1e3441e5c + +When i connect to a host whose key is not already present in my +known_hosts file, i get the following to stderr: + + ms: * new key for squeak.fifthhorseman.net added to known_hosts file. + +This doesn't fully close this bug, because we aren't notifying on key +deletion, afaict. diff --git a/website/doc.mdwn b/website/doc.mdwn index 56498e8..b60cf28 100644 --- a/website/doc.mdwn +++ b/website/doc.mdwn @@ -2,20 +2,16 @@ # Documentation # -## Dependencies ## - -Monkeysphere relies on: - - * [GnuTLS](http://gnutls.org/) version 2.4.0 or later - * [OpenSSH](http://openssh.com/) - * [GnuPG](http://gnupg.org/) - ## Getting started ## * [Downloading and installing](/download) * Getting started as a [user](/getting-started-user) * Getting started as a [server admin](/getting-started-admin) + +## Under the hood ## + * [Developing the monkeysphere](/community) + * [Technical details](/technical-details) ## References ## diff --git a/website/download.mdwn b/website/download.mdwn index 1f27fde..6d5a73f 100644 --- a/website/download.mdwn +++ b/website/download.mdwn @@ -2,10 +2,25 @@ # Downloading and Installing # +Once you've installed the packages, please see the [documentation +page](/doc) to read up on how to get started [as a regular +user](/getting-started-user) or [as a systems +administrator](/getting-started-admin). + +## Dependencies ## + +Monkeysphere relies on: + + * [GnuTLS](http://gnutls.org/) + * version 2.4 or later for general use + * [version 2.6 or later](/news/gnutls-2.6-enables-monkeysphere) to use the `monkeysphere subkey-to-ssh-agent` subcommand. + * [OpenSSH](http://openssh.com/) + * [GnuPG](http://gnupg.org/) + ## Debian ## -If you are running a Debian system, you can install Monkeysphere -by following these directions: +If you are running a [Debian](http://www.debian.org/) system, you can +install Monkeysphere by following these directions: You can add this repo to your system by putting the following lines in `/etc/apt/sources.list.d/monkeysphere.list`: @@ -13,23 +28,20 @@ You can add this repo to your system by putting the following lines in deb http://archive.monkeysphere.info/debian experimental monkeysphere deb-src http://archive.monkeysphere.info/debian experimental monkeysphere -The repository is currently signed by the Monkeysphere archive -signing key, key id EB8AF314 (fingerprint: `2E8D -D26C 53F1 197D DF40 3E61 18E6 67F1 EB8A F314`). To cryptographically +The repository is currently signed by [The Monkeysphere archive +signing key](/archive-key), key id EB8AF314 (fingerprint: `2E8D D26C +53F1 197D DF40 3E61 18E6 67F1 EB8A F314`). To cryptographically verify the packages, you'll want to [add this key to your apt configuration after verifying its integrity](/archive-key). To use the `monkeysphere subkey-to-ssh-agent` subcommand, you will -also need [version 2.6 of GnuTLS](/news/gnutls-2.6-enables-monkeysphere), -which is available in Debian experimental. - -Once you've installed the packages, you might want to read up on how -to get started [as a regular user](/getting-started-user) or [as a -systems administrator](/getting-started-admin). +also need [version 2.6 of +GnuTLS](/news/gnutls-2.6-enables-monkeysphere), which is available in +Debian experimental. ## FreeBSD ## -There is [now a FreeBSD port available](/news/FreeBSD-port-available/) +There is [now a FreeBSD port available](/news/FreeBSD-port-available) for the Monkeysphere. While the monkeysphere is not officially included in the ports tree @@ -51,44 +63,50 @@ port with: cd /usr/ports/security/monkeysphere make && make install +To use the `monkeysphere subkey-to-ssh-agent` subcommand, you will +also need [version 2.6 of +GnuTLS](/news/gnutls-2.6-enables-monkeysphere), which is [slated to be +available after the 7.1 ports slush is +over](http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/127330). + ## Source ## For those that would like to download the source directly, [the source is available](/community) via [git](http://git.or.cz/). The [latest -tarball](http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_0.19.orig.tar.gz) +tarball](http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_0.21.orig.tar.gz) is also available, and has these checksums: <pre> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -checksums for the monkeysphere 0.19 release: +checksums for the monkeysphere 0.21 release: MD5: -64c643dd0ab642bbc8814aec1718000e monkeysphere_0.19.orig.tar.gz +15fe181983565aca0fbe4c41f9f6752e monkeysphere_0.21.orig.tar.gz SHA1: -ea3c263b084d2c0b7922cd96677be192201700e4 monkeysphere_0.19.orig.tar.gz +27e915a45cdbe50a139ed4f4b13746b17c165b0f monkeysphere_0.21.orig.tar.gz SHA256: -321b77c1e10fe48ffbef8491893f5dd22842c35c11464efa7893150ce756a522 monkeysphere_0.19.orig.tar.gz +1535c3f722f5f5c1646a4981efef4a262ac7b23bf4b980c9aee11af2600eedc2 monkeysphere_0.21.orig.tar.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) -iQIVAwUBSQgMCRjmZ/HrivMUAQI2Jg//bZoSxx0Nor6uBikRGHQny8LzgUT/0kpv -xg0eRmL9kQwhGis/sdOiJ9cHykJ1ukhRiIZGfxPBdxiQbWGs9nM6147TGIDgqx6D -yYIW41dvzTRB0TwjNd7g1q6MaSiDNuU/6dD+ooM3/IiR8PDR7X8we0WhSM63KD+v -HeMsN51UMhBfeaZ06fxrjYoJCvnp0YNYJpLuvtd5tzxqJCJA2Vh5VqJMbMP/MtbY -zM/zuNXRI1mJnQZeU++IaAnimX7c7SsGjLaloZG8mapYqqY0tKJ5Yod6aeloq+i5 -wI4gZuuPcgAntD6cnPaqB1ni/d71yywme5F75zpezXGzKzDSh1J5oE6akjMi2lJE -DSOKp7zb7TvDwXxCl+vOVod81F260gPhonlTsD/LpBfPGPBdWlWP+fFchb9N/a2u -weCMhUYX1u8Jg/bHIycjoQjPEgZwCkJT9RKF1NTLyWvb4P4a3sPe+fauCMZFbTQ/ -3EYPRBY+PfIDO09XswdB5O3gq6B33ChyWJpdwlXEEHMcFt1FuezuP0avVM9/3ZNp -MkqalDrUEd65X8o+CE3KjFxjMceVdda9mz2netnoHrFMW6X3mFqE2fTldgHi1mCT -hMCqpPzY04+HOHYZ0GapR3pvedd4dwhkNYrdpckp+nJMTRfexEPH/NXDVNH/mxKg -jLoIos0SaiY= -=VUsz +iQIVAwUBSR8+7BjmZ/HrivMUAQLeKg/+JT4LCXBR/06p/w2KBd1MKqch5Qf2ryIo +mxCTWtZRgVQSeOFUJ5SXX+Tfs7VZfkV5HuahUH3NmGC6EMhYyB2olwBOOoIAqEKw +1zVyn49bowCee+gTc3QHyT0Eqgt2ARtzl3/VrHkiw2MaJN3IZXseovyL8ksnEu+u +s8fq26imtBrrucIxp4ZtHUw/h/YrJohHcJ8QQN5/UWFLug4C4aRFmnzL+oCySxAa +0au/zFxxRZE5pMhLUvRwwCwPFx2CGBz6y9lAOiDPhhUqh+Bf7JKWJzk35Dj5Tm+2 +lCIzYtfpBkuF9ehCrm8WYF5aFg+gto8Bc6IJci9J6h2npBYIG0IbWOknMZz3+Ti2 +c3EltlJjK0LKEHujDYjf9tkNAxbBdtlYuw8x925ILeK7n8xX0Jr1TDzPyAIYaogv +IVqsgnvQ489K8k06173kyrPaetyvOlU3bN1zcPdqTyCD6+eBbeCeKXO4324C8iMF +rQPW4HScOdIidqFuzHyIT7PoY4DwWMgeAVymRSEufifvRcdCvQdlC4MaxxVf5I8A +ATkD3CrY+5NZeERAGbmlu7Uz+sUk5tLUH0Q2qvjZUIQRctfr4BMheuBubsLR9yP3 +FZ4Q4kl34eU/WU7NtTmIFy7gDhLSIoeQINfYZlNEXQ7Y/RZUOEwoPI/spAXgw6De +Xpsw0wPZtcM= +=JDaA -----END PGP SIGNATURE----- </pre> diff --git a/website/features.mdwn b/website/features.mdwn new file mode 100644 index 0000000..1aabda1 --- /dev/null +++ b/website/features.mdwn @@ -0,0 +1,4 @@ +[[meta title="Features"]] + +# Features # + diff --git a/website/getting-started-user.mdwn b/website/getting-started-user.mdwn index 66378dc..5dcb0d6 100644 --- a/website/getting-started-user.mdwn +++ b/website/getting-started-user.mdwn @@ -24,7 +24,7 @@ Install the monkeysphere software on your system ------------------------------------------------ If you haven't installed monkeysphere yet, you will need to [download -and install] (/download) before continuing. +and install](/download) before continuing. Make sure that you have the GnuTLS library version 2.6 or later installed on your system. If you can't (or don't want to) upgrade to diff --git a/website/news/release-0.20-1.mdwn b/website/news/release-0.20-1.mdwn new file mode 100644 index 0000000..841369d --- /dev/null +++ b/website/news/release-0.20-1.mdwn @@ -0,0 +1,18 @@ +[[meta title="Monkeysphere 0.20-1 released!"]] + +Monkeysphere 0.20-1 has been released. + +Notes from the changelog: + +<pre> + [ Daniel Kahn Gillmor ] + * ensure that tempdirs are properly created, bail out otherwise instead + of stumbling ahead. + * minor fussing with the test script to make it cleaner. + + [ Jameson Graef Rollins ] + * clean up Makefile to generate more elegant source tarballs. + * make myself the maintainer. +</pre> + +[[Download]] it now! diff --git a/website/news/release-0.21-1.mdwn b/website/news/release-0.21-1.mdwn new file mode 100644 index 0000000..e807775 --- /dev/null +++ b/website/news/release-0.21-1.mdwn @@ -0,0 +1,10 @@ +[[meta title="Monkeysphere 0.21-1 released!"]] + +Monkeysphere 0.21-1 has been released. + +Notes from the changelog: + +<pre> +</pre> + +[[Download]] it now! diff --git a/website/technical-details.mdwn b/website/technical-details.mdwn new file mode 100644 index 0000000..902e356 --- /dev/null +++ b/website/technical-details.mdwn @@ -0,0 +1,28 @@ +[[meta title="Technical Details"]] + +# Technical Details # + +Under construction. + +## Host key verification ## + +When an ssh connection is initiated, the ssh client checks that the +host key presented by the server matches one found in the connecting +user's `known_hosts` file. If so, the ssh client allows the +connection to continue. If not, the client asks the user if they +would like to accept the host key for future session by asking the +user to verify the host key's fingerprint. + +### Adding a server to the monkeysphere ### + +Servers are "monkeysphere enabled" by generating an OpenPGP +authentication key for the server, translating the key into on ssh +key, and publishing the host key to the Web of Trust. + +### Verifying a host key ### + +## User authentication ## + +### Adding an individual to the monkeysphere ### + +### Verifying a user key ### |