diff options
author | mike castleman <m@mlcastle.net> | 2008-11-17 03:00:13 -0500 |
---|---|---|
committer | mike castleman <m@mlcastle.net> | 2008-11-17 03:00:13 -0500 |
commit | 2d4d7735c039f2e8623771c5b7ead05aa85831ec (patch) | |
tree | 166c1f420d59a1c62b3f5051d79222c6a13b7ccf | |
parent | a96625fb216143164f12191526939f4c0afcd5a9 (diff) | |
parent | f7dfcead0281c9f6dd26908f76282efc843a7e52 (diff) |
Merge commit 'web/master'
l--------- | changelog | 2 | ||||
-rw-r--r-- | doc/zimmerman/changelog | 19 | ||||
-rw-r--r-- | packaging/debian/changelog | 17 | ||||
-rw-r--r-- | src/common | 17 | ||||
-rwxr-xr-x | src/monkeysphere-server | 12 | ||||
-rwxr-xr-x | src/monkeysphere-ssh-proxycommand | 154 | ||||
-rw-r--r-- | website/bugs/useful_information.mdwn | 14 | ||||
-rw-r--r-- | website/download.mdwn | 2 |
8 files changed, 226 insertions, 11 deletions
@@ -1 +1 @@ -website/changelog
\ No newline at end of file +packaging/debian/changelog
\ No newline at end of file diff --git a/doc/zimmerman/changelog b/doc/zimmerman/changelog new file mode 100644 index 0000000..e833b1e --- /dev/null +++ b/doc/zimmerman/changelog @@ -0,0 +1,19 @@ +****************************************************************************** +* * +* zimmerman system log * +* * +****************************************************************************** +* Please add new entries in reverse chronological order whenever you make * +* changes to this system (first command at top, last at bottom) * +****************************************************************************** + +2008-11-15 - micah + * aptitude update && aptitude full-upgrade + * aptitude install sks + * cd /var/lib/sks/dump ; wget -q -r -np -nd -A bz2,SHA256,asc \ + http://nynex.net/keydump/ -e robots=off + * install monkeysphere 0.21-2 package + +2008-11-15 - jamie + * aptitude install esmtp-run mailx + * edited /etc/esmtp-run, configured to relay to bulk.mayfirst.org diff --git a/packaging/debian/changelog b/packaging/debian/changelog index 62f021e..3b7432b 100644 --- a/packaging/debian/changelog +++ b/packaging/debian/changelog @@ -1,3 +1,20 @@ +monkeysphere (0.22~pre-1) UNRELEASED; urgency=low + + * New upstream release: + [ Jameson Rollins ] + + - added info log output when a new key is added to known_hosts file. + - added some useful output to the ssh-proxycommand for "marginal" + cases where keys are found for host but do not have full validity. + + [ Daniel Kahn Gillmor ] + + - automatically output two copies of the host's public key: one + standard ssh public key file, and the other a minimal OpenPGP key with + just the latest valid self-sig. + + -- Jameson Graef Rollins <jrollins@finestructure.net> Sun, 16 Nov 2008 03:22:08 -0500 + monkeysphere (0.21-2) unstable; urgency=low * actually rmdir /var/lib/monkeysphere-* during prerm if possible. @@ -639,7 +639,7 @@ process_user_id() { ;; 'uid') # user ids if [ "$lastKey" != pub ] ; then - log verbose " - got a user ID after a sub key?! user IDs should only follow primary keys!" + log verbose " ! got a user ID after a sub key?! user IDs should only follow primary keys!" continue fi # if an acceptable user ID was already found, skip @@ -652,6 +652,8 @@ process_user_id() { if [ "$validity" = 'u' -o "$validity" = 'f' ] ; then # mark user ID acceptable uidOK=true + else + log debug " - unacceptable user ID validity ($validity)." fi else continue @@ -693,10 +695,12 @@ process_user_id() { # if sub key validity is not ok, skip if [ "$validity" != 'u' -a "$validity" != 'f' ] ; then + log debug " - unacceptable sub key validity ($validity)." continue fi # if sub key capability is not ok, skip if ! check_capability "$usage" $requiredCapability ; then + log debug " - unacceptable sub key capability ($usage)." continue fi @@ -742,6 +746,7 @@ process_user_id() { process_host_known_hosts() { local host local userID + local noKey= local nKeys local nKeysOK local ok @@ -768,8 +773,9 @@ process_host_known_hosts() { continue fi - # remove the old host key line, and note if removed - remove_line "$KNOWN_HOSTS" "$sshKey" + # remove any old host key line, and note if removed nothing is + # removed + remove_line "$KNOWN_HOSTS" "$sshKey" || noKey=true # if key OK, add new host line if [ "$ok" -eq '0' ] ; then @@ -788,6 +794,11 @@ process_host_known_hosts() { else ssh2known_hosts "$host" "$sshKey" >> "$KNOWN_HOSTS" fi + + # log if this is a new key to the known_hosts file + if [ "$noKey" ] ; then + log info "* new key for $host added to known_hosts file." + fi fi done diff --git a/src/monkeysphere-server b/src/monkeysphere-server index e78903b..34b06b7 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -134,10 +134,10 @@ show_server_key() { # dumping to a file named ' ' so that the ssh-keygen output # doesn't claim any potentially bogus hostname(s): - tmpkey=$(mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!" - gpg_authentication "--export $fingerprint" | openpgp2ssh "$fingerprint" 2>/dev/null > "$tmpkey/ " + tmpkey=$(mktemp ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!" + gpg_authentication "--export $fingerprint" | openpgp2ssh "$fingerprint" 2>/dev/null > "$tmpkey" echo -n "ssh fingerprint: " - (cd "$tmpkey" && ssh-keygen -l -f ' ' | awk '{ print $2 }') + ssh-keygen -l -f "$tmpkey" | awk '{ print $1, $2, $4 }' rm -rf "$tmpkey" echo -n "OpenPGP fingerprint: " echo "$fingerprint" @@ -399,7 +399,11 @@ EOF (umask 077 && \ gpg_host --export-secret-key "$fingerprint" | \ openpgp2ssh "$fingerprint" > "${SYSDATADIR}/ssh_host_rsa_key") - log info "private SSH host key output to file: ${SYSDATADIR}/ssh_host_rsa_key" + log info "SSH host private key output to file: ${SYSDATADIR}/ssh_host_rsa_key" + ssh-keygen -y -f "${SYSDATADIR}/ssh_host_rsa_key" > "${SYSDATADIR}/ssh_host_rsa_key.pub" + log info "SSH host public key output to file: ${SYSDATADIR}/ssh_host_rsa_key.pub" + gpg_authentication "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" + log info "SSH host public key in OpenPGP form: ${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" } # extend the lifetime of a host key: diff --git a/src/monkeysphere-ssh-proxycommand b/src/monkeysphere-ssh-proxycommand index 6276092..b3dc562 100755 --- a/src/monkeysphere-ssh-proxycommand +++ b/src/monkeysphere-ssh-proxycommand @@ -14,13 +14,130 @@ # ProxyCommand monkeysphere-ssh-proxycommand %h %p ######################################################################## +PGRM=$(basename $0) + +SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"} +export SYSSHAREDIR +. "${SYSSHAREDIR}/common" || exit 1 + +######################################################################## +# FUNCTIONS +######################################################################## usage() { -cat <<EOF >&2 + cat <<EOF >&2 usage: ssh -o ProxyCommand="$(basename $0) %h %p" ... EOF } +log() { + echo "$@" >&2 +} + +output_no_valid_key() { + local sshKeyOffered + local userID + local type + local validity + local keyid + local uidfpr + local usage + local sshKeyGPG + local tmpkey + local sshFingerprint + local gpgSigOut + + userID="ssh://${HOSTP}" + + log "-------------------- Monkeysphere warning -------------------" + log "Monkeysphere found OpenPGP keys for this hostname, but none had full validity." + + # retrieve the actual ssh key + sshKeyOffered=$(ssh-keyscan -t rsa -p "$PORT" "$HOST" 2>/dev/null | awk '{ print $2, $3 }') + # FIXME: should we do any checks for failed keyscans, eg. host not + # found? + + # get the gpg info for userid + gpgOut=$(gpg --list-key --fixed-list-mode --with-colon \ + --with-fingerprint --with-fingerprint \ + ="$userID" 2>/dev/null) + + # find all 'pub' and 'sub' lines in the gpg output, which each + # represent a retrieved key for the user ID + echo "$gpgOut" | cut -d: -f1,2,5,10,12 | \ + while IFS=: read -r type validity keyid uidfpr usage ; do + case $type in + 'pub'|'sub') + # get the ssh key of the gpg key + sshKeyGPG=$(gpg2ssh "$keyid") + + # if one of keys found matches the one offered by the + # host, then output info + if [ "$sshKeyGPG" = "$sshKeyOffered" ] ; then + log "An OpenPGP key matching the ssh key offered by the host was found:" + log + + # get the fingerprint of the ssh key + tmpkey=$(mktemp ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX) + echo "$sshKeyGPG" > "$tmpkey" + sshFingerprint=$(ssh-keygen -l -f "$tmpkey" | \ + awk '{ print $2 }') + rm -rf "$tmpkey" + + # get the sigs for the matching key + gpgSigOut=$(gpg --check-sigs \ + --list-options show-uid-validity \ + "$keyid") + + # output the sigs, but only those on the user ID + # we are looking for + echo "$gpgSigOut" | awk ' +{ +if (match($0,"^pub")) { print; } +if (match($0,"^uid")) { ok=0; } +if (match($0,"^uid.*'$userID'$")) { ok=1; print; } +if (ok) { if (match($0,"^sig")) { print; } } +} +' >&2 + log + + # output the other user IDs for reference + if (echo "$gpgSigOut" | grep "^uid" | grep -v -q "$userID") ; then + log "Other user IDs on this key:" + echo "$gpgSigOut" | grep "^uid" | grep -v "$userID" >&2 + log + fi + + # output ssh fingerprint + log "RSA key fingerprint is ${sshFingerprint}." + + # this whole process is in a "while read" + # subshell. the only way to get information out + # of the subshell is to change the return code. + # therefore we return 1 here to indicate that a + # matching gpg key was found for the ssh key + # offered by the host + return 1 + fi + ;; + esac + done + + # if no key match was made (and the "while read" subshell returned + # 1) output how many keys were found + if (($? != 1)) ; then + log "None of the found keys matched the key offered by the host." + log "Run the following command for more info about the found keys:" + log "gpg --check-sigs --list-options show-uid-validity =${userID}" + # FIXME: should we do anything extra here if the retrieved + # host key is actually in the known_hosts file and the ssh + # connection will succeed? Should the user be warned? + # prompted? + fi + + log "-------------------- ssh continues below --------------------" +} + ######################################################################## # export the monkeysphere log level @@ -35,7 +152,7 @@ HOST="$1" PORT="$2" if [ -z "$HOST" ] ; then - echo "Host not specified." >&2 + log "Host not specified." usage exit 255 fi @@ -88,6 +205,39 @@ export MONKEYSPHERE_CHECK_KEYSERVER # update the known_hosts file for the host monkeysphere update-known_hosts "$HOSTP" +# output on depending on the return of the update-known_hosts +# subcommand, which is (ultimately) the return code of the +# update_known_hosts function in common +case $? in + 0) + # acceptable host key found so continue to ssh + true + ;; + 1) + # no hosts at all found so also continue (drop through to + # regular ssh host verification) + true + ;; + 2) + # at least one *bad* host key (and no good host keys) was + # found, so output some usefull information + output_no_valid_key + ;; + *) + # anything else drop through + true + ;; +esac + +# FIXME: what about the case where monkeysphere successfully finds a +# valid key for the host and adds it to the known_hosts file, but a +# different non-monkeysphere key for the host already exists in the +# known_hosts, and it is this non-ms key that is offered by the host? +# monkeysphere will succeed, and the ssh connection will succeed, and +# the user will be left with the impression that they are dealing with +# a OpenPGP/PKI host key when in fact they are not. should we use +# ssh-keyscan to compare the keys first? + # exec a netcat passthrough to host for the ssh connection if [ -z "$NO_CONNECT" ] ; then if (which nc 2>/dev/null >/dev/null); then diff --git a/website/bugs/useful_information.mdwn b/website/bugs/useful_information.mdwn index 0750354..62094bb 100644 --- a/website/bugs/useful_information.mdwn +++ b/website/bugs/useful_information.mdwn @@ -8,3 +8,17 @@ time seems to the monkeysphere very similar to a key re-added ten seconds after last login. Still, from a UI perspective, I want to know what monkeysphere is doing. + +------ + +It looks like jrollins committed a change for reporting at INFO level +when a host key gets added by the monkeysphere: +2459fa3ea277d7b9289945748619eab1e3441e5c + +When i connect to a host whose key is not already present in my +known_hosts file, i get the following to stderr: + + ms: * new key for squeak.fifthhorseman.net added to known_hosts file. + +This doesn't fully close this bug, because we aren't notifying on key +deletion, afaict. diff --git a/website/download.mdwn b/website/download.mdwn index e67d0dc..6d5a73f 100644 --- a/website/download.mdwn +++ b/website/download.mdwn @@ -75,7 +75,7 @@ For those that would like to download the source directly, [the source is available](/community) via [git](http://git.or.cz/). The [latest -tarball](http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_.orig.tar.gz) +tarball](http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_0.21.orig.tar.gz) is also available, and has these checksums: <pre> |