diff options
author | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2009-02-21 16:09:08 -0500 |
---|---|---|
committer | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2009-02-21 16:09:08 -0500 |
commit | c32c51f0326fa1d27ad8aba929edcf79ffa3adda (patch) | |
tree | b9adb83a5d05e1fcd462fa18a56be692b6ecce05 | |
parent | 35559940b9ccab1df260da9da30dff5991a1778e (diff) | |
parent | 5eba4661d75f977b46c8db028c0e79241dd36d76 (diff) |
merged jrollins/master
-rw-r--r-- | doc/TODO | 25 | ||||
-rw-r--r-- | man/man8/monkeysphere-host.8 | 11 | ||||
-rwxr-xr-x | src/monkeysphere | 18 | ||||
-rwxr-xr-x | src/monkeysphere-host | 2 | ||||
-rw-r--r-- | src/share/common | 17 | ||||
-rw-r--r-- | src/share/m/ssh_proxycommand | 10 | ||||
-rw-r--r-- | src/share/m/subkey_to_ssh_agent | 12 | ||||
-rw-r--r-- | src/share/ma/update_users | 5 | ||||
-rw-r--r-- | src/share/mh/import_key | 30 | ||||
-rw-r--r-- | website/getting-started-admin.mdwn | 14 |
10 files changed, 43 insertions, 101 deletions
@@ -9,17 +9,6 @@ Handle unverified monkeysphere hosts in such a way that they're not always removed from known_hosts file. Ask user to lsign the host key? -Work out the details (and describe a full use case) for assigning a - REVOKER during monkeysphere-server gen_key -- how is this set? How - do we export it so it's available when a second-party revocation is - needed? - -Provide a friendly interactive UI for marginal or failing client-side - hostkey verifications. Handle the common cases smoothly, and - provide good debugging info for the unusual cases. - -Create ssh2openpgp or convert to full-fledged keytrans. - Resolve the bugs listed in openpgp2ssh(1):BUGS. Understand and document the output of gpg --check-trustdb: @@ -44,12 +33,6 @@ Make it easier to do domain-relative ssh host trust signatures with Fix the order of questions when user does a tsign in gpg or gpg2. -File bug against ssh-keygen about how "-R" option removes comments - from known_hosts file. - -File bug against ssh-keygen to see if we can get it to write to hash a - known_hosts file to/from stdout/stdin. - When using ssh-proxycommand, if only host keys found are expired or revoked, then output loud warning with prompt, or fail hard. @@ -63,14 +46,6 @@ Optimize keyserver access, particularly on monkeysphere-server update-users -- is there a way to query the keyserver all in a chunk? -Create DSA authentication subkey for server during gen-key - -Fix behavior when add-identity-certifier fails to fetch a key from the - keyserver. - -Allow server administrators to add-identity-certifier from a key in - the filesystem (or on stdin, etc) - Think about packaging monkeysphere for other (non-apt-based) operating systems. RPM-based linux systems, FreeBSD ports, and Mac OS X seem like the most likely candidates. diff --git a/man/man8/monkeysphere-host.8 b/man/man8/monkeysphere-host.8 index 0a9fc1b..7909b62 100644 --- a/man/man8/monkeysphere-host.8 +++ b/man/man8/monkeysphere-host.8 @@ -23,14 +23,13 @@ connection authentication. \fBmonkeysphere-host\fP takes various subcommands: .TP -.B import-key FILE [NAME[:PORT]] +.B import-key FILE NAME[:PORT] Import a pem-encoded ssh secret host key from file FILE. If FILE is '-', then the key will be imported from stdin. NAME[:PORT] is used -to specify the hostname (and port) used in the user ID of the new -OpenPGP key. If NAME is not specified, then the system -fully-qualified domain name will be used (ie. `hostname -f'). If PORT -is not specified, the no port is added to the user ID, which means -port 22 is assumed. `i' may be used in place of `import-key'. +to specify the fully-qualified hostname (and port) used in the user ID +of the new OpenPGP key. If PORT is not specified, the no port is +added to the user ID, which means port 22 is assumed. `i' may be used +in place of `import-key'. .TP .B show-key Output information about host's OpenPGP and SSH keys. `s' may be used diff --git a/src/monkeysphere b/src/monkeysphere index a65cef6..0d8f4ff 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -12,6 +12,8 @@ # or later. ######################################################################## +set -e + PGRM=$(basename $0) SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"} @@ -27,9 +29,6 @@ DATE=$(date -u '+%FT%T') # unset some environment variables that could screw things up unset GREP_OPTIONS -# default return code -RETURN=0 - # set the file creation mask to be only owner rw umask 077 @@ -87,9 +86,11 @@ check_gpg_sec_key_id() { echo "$gpgSecOut" | cut -d: -f5 ;; *) - echo "Multiple primary secret keys found:" | log error - echo "$gpgSecOut" | cut -d: -f5 | log error - echo "Please specify which primary key to use." | log error + echo "Multiple primary secret keys found:" + for key in $(echo "$gpgSecOut" | cut -d: -f5) ; do + echo " $key" + done + echo "Please specify which primary key to use." failure ;; esac @@ -203,13 +204,11 @@ case $COMMAND in # those hosts if [ "$1" ] ; then update_known_hosts "$@" - RETURN="$?" # otherwise, if no hosts are specified, process every host # in the user's known_hosts file else process_known_hosts - RETURN="$?" fi ;; @@ -219,7 +218,6 @@ case $COMMAND in # process authorized_user_ids file process_authorized_user_ids "$AUTHORIZED_USER_IDS" - RETURN="$?" ;; 'import-subkey'|'i') @@ -255,5 +253,3 @@ case $COMMAND in Type '$PGRM help' for usage." ;; esac - -exit "$RETURN" diff --git a/src/monkeysphere-host b/src/monkeysphere-host index efa48cd..540a8ab 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -54,7 +54,7 @@ usage: $PGRM <subcommand> [options] [args] Monkeysphere host admin tool. subcommands: - import-key (i) FILE [NAME[:PORT]] import existing ssh key to gpg + import-key (i) FILE NAME[:PORT] import existing ssh key to gpg show-key (s) output all host key information publish-key (p) publish host key to keyserver set-expire (e) [EXPIRE] set host key expiration diff --git a/src/share/common b/src/share/common index 653d58b..5e0cb6a 100644 --- a/src/share/common +++ b/src/share/common @@ -586,8 +586,8 @@ gpg2authorized_keys() { # FIXME: need to figure out how to retrieve all matching keys # (not just first N (5 in this case)) gpg_fetch_userid() { + local returnCode=0 local userID - local returnCode if [ "$CHECK_KEYSERVER" != 'true' ] ; then return 0 @@ -626,6 +626,7 @@ gpg_fetch_userid() { # # expects global variable: "MODE" process_user_id() { + local returnCode=0 local userID local requiredCapability local requiredPubCapability @@ -657,10 +658,10 @@ process_user_id() { # output gpg info for (exact) userid and store gpgOut=$(gpg --list-key --fixed-list-mode --with-colon \ --with-fingerprint --with-fingerprint \ - ="$userID" 2>/dev/null) + ="$userID" 2>/dev/null) || returnCode="$?" # if the gpg query return code is not 0, return 1 - if [ "$?" -ne 0 ] ; then + if [ "$returnCode" -ne 0 ] ; then log verbose " no primary keys found." return 1 fi @@ -890,6 +891,7 @@ process_host_known_hosts() { # update the known_hosts file for a set of hosts listed on command # line update_known_hosts() { + local returnCode=0 local nHosts local nHostsOK local nHostsBAD @@ -919,9 +921,9 @@ update_known_hosts() { for host ; do # process the host - process_host_known_hosts "$host" + process_host_known_hosts "$host" || returnCode="$?" # note the result - case "$?" in + case "$returnCode" in 0) nHostsOK=$((nHostsOK+1)) ;; @@ -1043,6 +1045,7 @@ process_uid_authorized_keys() { # update the authorized_keys files from a list of user IDs on command # line update_authorized_keys() { + local returnCode=0 local userID local nIDs local nIDsOK @@ -1072,10 +1075,10 @@ update_authorized_keys() { for userID ; do # process the user ID, change return code if key not found for # user ID - process_uid_authorized_keys "$userID" + process_uid_authorized_keys "$userID" || returnCode="$?" # note the result - case "$?" in + case "$returnCode" in 0) nIDsOK=$((nIDsOK+1)) ;; diff --git a/src/share/m/ssh_proxycommand b/src/share/m/ssh_proxycommand index bd09588..abe068d 100644 --- a/src/share/m/ssh_proxycommand +++ b/src/share/m/ssh_proxycommand @@ -18,6 +18,7 @@ # "marginal case" ouput in the case that there is not a full # validation path to the host output_no_valid_key() { + local returnCode=0 local sshKeyOffered local userID local type @@ -112,11 +113,11 @@ EOF fi ;; esac - done + done || returnCode="$?" # if no key match was made (and the "while read" subshell returned # 1) output how many keys were found - if (($? != 1)) ; then + if (( returnCode != 1 )) ; then cat <<EOF | log info None of the found keys matched the key offered by the host. Run the following command for more info about the found keys: @@ -200,12 +201,13 @@ fi CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=$CHECK_KEYSERVER} # update the known_hosts file for the host -update_known_hosts "$HOSTP" +local returnCode=0 +update_known_hosts "$HOSTP" || returnCode="$?" # output on depending on the return of the update-known_hosts # subcommand, which is (ultimately) the return code of the # update_known_hosts function in common -case $? in +case "$returnCode" in 0) # acceptable host key found so continue to ssh true diff --git a/src/share/m/subkey_to_ssh_agent b/src/share/m/subkey_to_ssh_agent index 818f4f7..7fb2fdb 100644 --- a/src/share/m/subkey_to_ssh_agent +++ b/src/share/m/subkey_to_ssh_agent @@ -14,11 +14,11 @@ # try to add all authentication subkeys to the agent subkey_to_ssh_agent() { - local sshaddresponse + local sshaddresponse=0 local secretkeys local authsubkeys local workingdir - local keysuccess + local keysuccess=0 local subkey local publine local kname @@ -38,8 +38,7 @@ For more details, see: # and if it looks like it's running, but we can't actually talk to # it, bail out: - ssh-add -l >/dev/null - sshaddresponse="$?" + ssh-add -l >/dev/null || sshaddresponse="$?" if [ "$sshaddresponse" = "2" ]; then failure "Could not connect to ssh-agent" fi @@ -100,8 +99,7 @@ You might want to 'monkeysphere gen-subkey'" passphrase_prompt "Enter passphrase for key $kname: " "$workingdir/passphrase" wait %2 - fi - keysuccess="$?" + fi || keysuccess="$?" rm -f "$workingdir/$kname" done @@ -112,5 +110,5 @@ You might want to 'monkeysphere gen-subkey'" # FIXME: sort out the return values: we're just returning the # success or failure of the final authentication subkey in this # case. What if earlier ones failed? - exit "$keysuccess" + return "$keysuccess" } diff --git a/src/share/ma/update_users b/src/share/ma/update_users index 092d108..bfefc31 100644 --- a/src/share/ma/update_users +++ b/src/share/ma/update_users @@ -93,8 +93,8 @@ for uname in $unames ; do # process authorized_user_ids file, as monkeysphere user su_monkeysphere_user \ - ". ${SYSSHAREDIR}/common; process_authorized_user_ids $TMP_AUTHORIZED_USER_IDS" - RETURN="$?" + ". ${SYSSHAREDIR}/common; process_authorized_user_ids $TMP_AUTHORIZED_USER_IDS" \ + || RETURN="$?" else log debug "not processing authorized_user_ids." fi @@ -154,4 +154,5 @@ for uname in $unames ; do rm -rf "$TMPLOC" done +return $RETURN } diff --git a/src/share/mh/import_key b/src/share/mh/import_key index c545388..f7c69c3 100644 --- a/src/share/mh/import_key +++ b/src/share/mh/import_key @@ -26,39 +26,13 @@ if [ -z "$sshKeyFile" ] ; then failure "Must specify ssh key file to import, or specify '-' for stdin." fi -# use the default hostname if not specified +# fail if hostname not specified if [ -z "$hostName" ] ; then - hostName=$(hostname -f) || failure "Could not determine hostname." - # test that the domain is not obviously illegitimate - domain=${foo##*.} - case $domain in - 'local'|'localdomain') - failure "Host domain '$domain' is not legitimate. Aborting key import." - ;; - esac - # test that there are at least two parts - if (( $(echo "$hostName" | tr . ' ' | wc -w) < 2 )) ; then - failure "Host name '$hostName' is not legitimate. Aborting key import." - fi + failure "You must specify a fully-qualified domain name for use in the host certificate user ID." fi userID="ssh://${hostName}" -if [ "$PROMPT" = "true" ] ; then - cat <<EOF -The ssh key will be imported and an OpenPGP certificate for this host -will be generated with the following user ID: - $userID -EOF - read -p "Are you sure you would like to create certificate? [Y/n] " OK; OK=${OK:-Y} - if [ "${OK/y/Y}" != 'Y' ] ; then - failure "ssh key not imported." - fi -else - log debug "importing key without prompting." -fi - - # create host home mkdir -p "${MHDATADIR}" mkdir -p "${GNUPGHOME_HOST}" diff --git a/website/getting-started-admin.mdwn b/website/getting-started-admin.mdwn index 6bdd166..ca44956 100644 --- a/website/getting-started-admin.mdwn +++ b/website/getting-started-admin.mdwn @@ -22,19 +22,13 @@ To begin, you must first import an ssh host key. This assumes that you have the ssh server installed, and that you have generated a host RSA key. Once that has been done, import the key: - # monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key + # monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key server.example.net This will generate an OpenPGP certificate for the server. The primary user ID for this certificate will be the ssh service URI for the host, -which by default is based on the output of `hostname -f` -(eg. `ssh://server.example.net`). If the name determined from -`hostname -f` is not the name you want to have in the service URI, -then you can provide one manually: - - # monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key host.example.net - -The hostname you provide should probably be a fully qualified domain -name for the host in order for your users to find it. +(eg. `ssh://server.example.net`). Remember that the name you provide +here should probably be a fully qualified domain name for the host in +order for your users to find it. Now you can display information about the host key's certificate with the 'show-key' command: |