summaryrefslogtreecommitdiff
path: root/src/monkeysphere-server
diff options
context:
space:
mode:
authorMicah Anderson <micah@riseup.net>2008-08-13 00:31:11 -0400
committerMicah Anderson <micah@riseup.net>2008-08-13 00:31:11 -0400
commit4d54f1d8b9a3d9ee4e6bd0b0d9fdccb99e6a6245 (patch)
treea32b14857aec35b524ccc486a7c7799b3c3c58d7 /src/monkeysphere-server
parent0e27af63f34c5bb75cef059fc9d76887251c1517 (diff)
parent68a626b30117bb7c40e3e3eedb8139f1085b8ca2 (diff)
Merge commit 'dkg/master'
Diffstat (limited to 'src/monkeysphere-server')
-rwxr-xr-xsrc/monkeysphere-server21
1 files changed, 17 insertions, 4 deletions
diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index 1e5f209..3ca0656 100755
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -32,7 +32,7 @@ RETURN=0
########################################################################
usage() {
-cat <<EOF
+ cat <<EOF
usage: $PGRM <subcommand> [options] [args]
MonkeySphere server admin tool.
@@ -468,14 +468,14 @@ diagnostics() {
fi
# propose changes needed for sshd_config (if any)
- if ! grep -q "^HostKey ${VARLIB}/ssh_host_rsa_key$" /etc/ssh/sshd_config; then
+ if ! grep -q "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$" /etc/ssh/sshd_config; then
echo "! /etc/ssh/sshd_config does not point to the monkeysphere host key (${VARLIB}/ssh_host_rsa_key)."
echo " - Recommendation: add a line to /etc/ssh/sshd_config: 'HostKey ${VARLIB}/ssh_host_rsa_key'"
fi
- if badhostkeys=$(grep '^HostKey' | grep -q -v "^HostKey ${VARLIB}/ssh_host_rsa_key$") ; then
+ if badhostkeys=$(grep -i '^HostKey' | grep -q -v "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$") ; then
echo "! /etc/sshd_config refers to some non-monkeysphere host keys:"
echo "$badhostkeys"
- echo "- Recommendation: remove the above HostKey lines from /etc/ssh/sshd_config"
+ echo " - Recommendation: remove the above HostKey lines from /etc/ssh/sshd_config"
fi
fi
fi
@@ -489,6 +489,19 @@ diagnostics() {
# FIXME: make sure that at least one identity certifier exists
+ echo "Checking for MonkeySphere-enabled public-key authentication for users ..."
+ # Ensure that User ID authentication is enabled:
+ if ! grep -q "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$" /etc/ssh/sshd_config; then
+ echo "! /etc/ssh/sshd_config does not point to monkeysphere authorized keys."
+ echo " - Recommendation: add a line to /etc/ssh/sshd_config: 'AuthorizedKeysFile ${VARLIB}/authorized_keys/%u'"
+ fi
+ if badauthorizedkeys=$(grep -i '^AuthorizedKeysFile' | grep -q -v "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$") ; then
+ echo "! /etc/sshd_config refers to non-monkeysphere authorized_keys files:"
+ echo "$badauthorizedkeys"
+ echo " - Recommendation: remove the above AuthorizedKeysFile lines from /etc/ssh/sshd_config"
+ fi
+
+
}
# retrieve key from web of trust, import it into the host keyring, and