summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormike castleman <m@mlcastle.net>2008-11-17 03:00:13 -0500
committermike castleman <m@mlcastle.net>2008-11-17 03:00:13 -0500
commit2d4d7735c039f2e8623771c5b7ead05aa85831ec (patch)
tree166c1f420d59a1c62b3f5051d79222c6a13b7ccf
parenta96625fb216143164f12191526939f4c0afcd5a9 (diff)
parentf7dfcead0281c9f6dd26908f76282efc843a7e52 (diff)
Merge commit 'web/master'
l---------changelog2
-rw-r--r--doc/zimmerman/changelog19
-rw-r--r--packaging/debian/changelog17
-rw-r--r--src/common17
-rwxr-xr-xsrc/monkeysphere-server12
-rwxr-xr-xsrc/monkeysphere-ssh-proxycommand154
-rw-r--r--website/bugs/useful_information.mdwn14
-rw-r--r--website/download.mdwn2
8 files changed, 226 insertions, 11 deletions
diff --git a/changelog b/changelog
index b9a9e21..4264fa4 120000
--- a/changelog
+++ b/changelog
@@ -1 +1 @@
-website/changelog \ No newline at end of file
+packaging/debian/changelog \ No newline at end of file
diff --git a/doc/zimmerman/changelog b/doc/zimmerman/changelog
new file mode 100644
index 0000000..e833b1e
--- /dev/null
+++ b/doc/zimmerman/changelog
@@ -0,0 +1,19 @@
+******************************************************************************
+* *
+* zimmerman system log *
+* *
+******************************************************************************
+* Please add new entries in reverse chronological order whenever you make *
+* changes to this system (first command at top, last at bottom) *
+******************************************************************************
+
+2008-11-15 - micah
+ * aptitude update && aptitude full-upgrade
+ * aptitude install sks
+ * cd /var/lib/sks/dump ; wget -q -r -np -nd -A bz2,SHA256,asc \
+ http://nynex.net/keydump/ -e robots=off
+ * install monkeysphere 0.21-2 package
+
+2008-11-15 - jamie
+ * aptitude install esmtp-run mailx
+ * edited /etc/esmtp-run, configured to relay to bulk.mayfirst.org
diff --git a/packaging/debian/changelog b/packaging/debian/changelog
index 62f021e..3b7432b 100644
--- a/packaging/debian/changelog
+++ b/packaging/debian/changelog
@@ -1,3 +1,20 @@
+monkeysphere (0.22~pre-1) UNRELEASED; urgency=low
+
+ * New upstream release:
+ [ Jameson Rollins ]
+
+ - added info log output when a new key is added to known_hosts file.
+ - added some useful output to the ssh-proxycommand for "marginal"
+ cases where keys are found for host but do not have full validity.
+
+ [ Daniel Kahn Gillmor ]
+
+ - automatically output two copies of the host's public key: one
+ standard ssh public key file, and the other a minimal OpenPGP key with
+ just the latest valid self-sig.
+
+ -- Jameson Graef Rollins <jrollins@finestructure.net> Sun, 16 Nov 2008 03:22:08 -0500
+
monkeysphere (0.21-2) unstable; urgency=low
* actually rmdir /var/lib/monkeysphere-* during prerm if possible.
diff --git a/src/common b/src/common
index 297e7f3..51b0470 100644
--- a/src/common
+++ b/src/common
@@ -639,7 +639,7 @@ process_user_id() {
;;
'uid') # user ids
if [ "$lastKey" != pub ] ; then
- log verbose " - got a user ID after a sub key?! user IDs should only follow primary keys!"
+ log verbose " ! got a user ID after a sub key?! user IDs should only follow primary keys!"
continue
fi
# if an acceptable user ID was already found, skip
@@ -652,6 +652,8 @@ process_user_id() {
if [ "$validity" = 'u' -o "$validity" = 'f' ] ; then
# mark user ID acceptable
uidOK=true
+ else
+ log debug " - unacceptable user ID validity ($validity)."
fi
else
continue
@@ -693,10 +695,12 @@ process_user_id() {
# if sub key validity is not ok, skip
if [ "$validity" != 'u' -a "$validity" != 'f' ] ; then
+ log debug " - unacceptable sub key validity ($validity)."
continue
fi
# if sub key capability is not ok, skip
if ! check_capability "$usage" $requiredCapability ; then
+ log debug " - unacceptable sub key capability ($usage)."
continue
fi
@@ -742,6 +746,7 @@ process_user_id() {
process_host_known_hosts() {
local host
local userID
+ local noKey=
local nKeys
local nKeysOK
local ok
@@ -768,8 +773,9 @@ process_host_known_hosts() {
continue
fi
- # remove the old host key line, and note if removed
- remove_line "$KNOWN_HOSTS" "$sshKey"
+ # remove any old host key line, and note if removed nothing is
+ # removed
+ remove_line "$KNOWN_HOSTS" "$sshKey" || noKey=true
# if key OK, add new host line
if [ "$ok" -eq '0' ] ; then
@@ -788,6 +794,11 @@ process_host_known_hosts() {
else
ssh2known_hosts "$host" "$sshKey" >> "$KNOWN_HOSTS"
fi
+
+ # log if this is a new key to the known_hosts file
+ if [ "$noKey" ] ; then
+ log info "* new key for $host added to known_hosts file."
+ fi
fi
done
diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index e78903b..34b06b7 100755
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -134,10 +134,10 @@ show_server_key() {
# dumping to a file named ' ' so that the ssh-keygen output
# doesn't claim any potentially bogus hostname(s):
- tmpkey=$(mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!"
- gpg_authentication "--export $fingerprint" | openpgp2ssh "$fingerprint" 2>/dev/null > "$tmpkey/ "
+ tmpkey=$(mktemp ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!"
+ gpg_authentication "--export $fingerprint" | openpgp2ssh "$fingerprint" 2>/dev/null > "$tmpkey"
echo -n "ssh fingerprint: "
- (cd "$tmpkey" && ssh-keygen -l -f ' ' | awk '{ print $2 }')
+ ssh-keygen -l -f "$tmpkey" | awk '{ print $1, $2, $4 }'
rm -rf "$tmpkey"
echo -n "OpenPGP fingerprint: "
echo "$fingerprint"
@@ -399,7 +399,11 @@ EOF
(umask 077 && \
gpg_host --export-secret-key "$fingerprint" | \
openpgp2ssh "$fingerprint" > "${SYSDATADIR}/ssh_host_rsa_key")
- log info "private SSH host key output to file: ${SYSDATADIR}/ssh_host_rsa_key"
+ log info "SSH host private key output to file: ${SYSDATADIR}/ssh_host_rsa_key"
+ ssh-keygen -y -f "${SYSDATADIR}/ssh_host_rsa_key" > "${SYSDATADIR}/ssh_host_rsa_key.pub"
+ log info "SSH host public key output to file: ${SYSDATADIR}/ssh_host_rsa_key.pub"
+ gpg_authentication "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg"
+ log info "SSH host public key in OpenPGP form: ${SYSDATADIR}/ssh_host_rsa_key.pub.gpg"
}
# extend the lifetime of a host key:
diff --git a/src/monkeysphere-ssh-proxycommand b/src/monkeysphere-ssh-proxycommand
index 6276092..b3dc562 100755
--- a/src/monkeysphere-ssh-proxycommand
+++ b/src/monkeysphere-ssh-proxycommand
@@ -14,13 +14,130 @@
# ProxyCommand monkeysphere-ssh-proxycommand %h %p
########################################################################
+PGRM=$(basename $0)
+
+SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"}
+export SYSSHAREDIR
+. "${SYSSHAREDIR}/common" || exit 1
+
+########################################################################
+# FUNCTIONS
+########################################################################
usage() {
-cat <<EOF >&2
+ cat <<EOF >&2
usage: ssh -o ProxyCommand="$(basename $0) %h %p" ...
EOF
}
+log() {
+ echo "$@" >&2
+}
+
+output_no_valid_key() {
+ local sshKeyOffered
+ local userID
+ local type
+ local validity
+ local keyid
+ local uidfpr
+ local usage
+ local sshKeyGPG
+ local tmpkey
+ local sshFingerprint
+ local gpgSigOut
+
+ userID="ssh://${HOSTP}"
+
+ log "-------------------- Monkeysphere warning -------------------"
+ log "Monkeysphere found OpenPGP keys for this hostname, but none had full validity."
+
+ # retrieve the actual ssh key
+ sshKeyOffered=$(ssh-keyscan -t rsa -p "$PORT" "$HOST" 2>/dev/null | awk '{ print $2, $3 }')
+ # FIXME: should we do any checks for failed keyscans, eg. host not
+ # found?
+
+ # get the gpg info for userid
+ gpgOut=$(gpg --list-key --fixed-list-mode --with-colon \
+ --with-fingerprint --with-fingerprint \
+ ="$userID" 2>/dev/null)
+
+ # find all 'pub' and 'sub' lines in the gpg output, which each
+ # represent a retrieved key for the user ID
+ echo "$gpgOut" | cut -d: -f1,2,5,10,12 | \
+ while IFS=: read -r type validity keyid uidfpr usage ; do
+ case $type in
+ 'pub'|'sub')
+ # get the ssh key of the gpg key
+ sshKeyGPG=$(gpg2ssh "$keyid")
+
+ # if one of keys found matches the one offered by the
+ # host, then output info
+ if [ "$sshKeyGPG" = "$sshKeyOffered" ] ; then
+ log "An OpenPGP key matching the ssh key offered by the host was found:"
+ log
+
+ # get the fingerprint of the ssh key
+ tmpkey=$(mktemp ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX)
+ echo "$sshKeyGPG" > "$tmpkey"
+ sshFingerprint=$(ssh-keygen -l -f "$tmpkey" | \
+ awk '{ print $2 }')
+ rm -rf "$tmpkey"
+
+ # get the sigs for the matching key
+ gpgSigOut=$(gpg --check-sigs \
+ --list-options show-uid-validity \
+ "$keyid")
+
+ # output the sigs, but only those on the user ID
+ # we are looking for
+ echo "$gpgSigOut" | awk '
+{
+if (match($0,"^pub")) { print; }
+if (match($0,"^uid")) { ok=0; }
+if (match($0,"^uid.*'$userID'$")) { ok=1; print; }
+if (ok) { if (match($0,"^sig")) { print; } }
+}
+' >&2
+ log
+
+ # output the other user IDs for reference
+ if (echo "$gpgSigOut" | grep "^uid" | grep -v -q "$userID") ; then
+ log "Other user IDs on this key:"
+ echo "$gpgSigOut" | grep "^uid" | grep -v "$userID" >&2
+ log
+ fi
+
+ # output ssh fingerprint
+ log "RSA key fingerprint is ${sshFingerprint}."
+
+ # this whole process is in a "while read"
+ # subshell. the only way to get information out
+ # of the subshell is to change the return code.
+ # therefore we return 1 here to indicate that a
+ # matching gpg key was found for the ssh key
+ # offered by the host
+ return 1
+ fi
+ ;;
+ esac
+ done
+
+ # if no key match was made (and the "while read" subshell returned
+ # 1) output how many keys were found
+ if (($? != 1)) ; then
+ log "None of the found keys matched the key offered by the host."
+ log "Run the following command for more info about the found keys:"
+ log "gpg --check-sigs --list-options show-uid-validity =${userID}"
+ # FIXME: should we do anything extra here if the retrieved
+ # host key is actually in the known_hosts file and the ssh
+ # connection will succeed? Should the user be warned?
+ # prompted?
+ fi
+
+ log "-------------------- ssh continues below --------------------"
+}
+
########################################################################
# export the monkeysphere log level
@@ -35,7 +152,7 @@ HOST="$1"
PORT="$2"
if [ -z "$HOST" ] ; then
- echo "Host not specified." >&2
+ log "Host not specified."
usage
exit 255
fi
@@ -88,6 +205,39 @@ export MONKEYSPHERE_CHECK_KEYSERVER
# update the known_hosts file for the host
monkeysphere update-known_hosts "$HOSTP"
+# output on depending on the return of the update-known_hosts
+# subcommand, which is (ultimately) the return code of the
+# update_known_hosts function in common
+case $? in
+ 0)
+ # acceptable host key found so continue to ssh
+ true
+ ;;
+ 1)
+ # no hosts at all found so also continue (drop through to
+ # regular ssh host verification)
+ true
+ ;;
+ 2)
+ # at least one *bad* host key (and no good host keys) was
+ # found, so output some usefull information
+ output_no_valid_key
+ ;;
+ *)
+ # anything else drop through
+ true
+ ;;
+esac
+
+# FIXME: what about the case where monkeysphere successfully finds a
+# valid key for the host and adds it to the known_hosts file, but a
+# different non-monkeysphere key for the host already exists in the
+# known_hosts, and it is this non-ms key that is offered by the host?
+# monkeysphere will succeed, and the ssh connection will succeed, and
+# the user will be left with the impression that they are dealing with
+# a OpenPGP/PKI host key when in fact they are not. should we use
+# ssh-keyscan to compare the keys first?
+
# exec a netcat passthrough to host for the ssh connection
if [ -z "$NO_CONNECT" ] ; then
if (which nc 2>/dev/null >/dev/null); then
diff --git a/website/bugs/useful_information.mdwn b/website/bugs/useful_information.mdwn
index 0750354..62094bb 100644
--- a/website/bugs/useful_information.mdwn
+++ b/website/bugs/useful_information.mdwn
@@ -8,3 +8,17 @@ time seems to the monkeysphere very similar to a key re-added ten
seconds after last login.
Still, from a UI perspective, I want to know what monkeysphere is doing.
+
+------
+
+It looks like jrollins committed a change for reporting at INFO level
+when a host key gets added by the monkeysphere:
+2459fa3ea277d7b9289945748619eab1e3441e5c
+
+When i connect to a host whose key is not already present in my
+known_hosts file, i get the following to stderr:
+
+ ms: * new key for squeak.fifthhorseman.net added to known_hosts file.
+
+This doesn't fully close this bug, because we aren't notifying on key
+deletion, afaict.
diff --git a/website/download.mdwn b/website/download.mdwn
index e67d0dc..6d5a73f 100644
--- a/website/download.mdwn
+++ b/website/download.mdwn
@@ -75,7 +75,7 @@ For those that would like to download the source directly, [the source
is available](/community) via [git](http://git.or.cz/).
The [latest
-tarball](http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_.orig.tar.gz)
+tarball](http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_0.21.orig.tar.gz)
is also available, and has these checksums:
<pre>