summaryrefslogtreecommitdiff
path: root/src/share/mh
diff options
context:
space:
mode:
authorJameson Graef Rollins <jrollins@finestructure.net>2009-02-01 13:08:46 -0500
committerJameson Graef Rollins <jrollins@finestructure.net>2009-02-01 13:23:30 -0500
commit0ae461de6b7bf10d3b085dfd9a5d6d29ffd29116 (patch)
tree9c870e437f06207013d9a6ec0d7b554c35e58612 /src/share/mh
parent89e447e2001c0406fab6d2e6ca300a19d492435b (diff)
some general fixes:
- fix some references to old function names - move fingerprint_server_key to be fingerprint_host_key - update diagnostic scripts
Diffstat (limited to 'src/share/mh')
-rw-r--r--src/share/mh/add_hostname2
-rw-r--r--src/share/mh/diagnostics35
-rw-r--r--src/share/mh/extend_key2
-rw-r--r--src/share/mh/gen_key4
-rw-r--r--src/share/mh/import_key4
-rw-r--r--src/share/mh/publish_key2
-rw-r--r--src/share/mh/revoke_hostname2
7 files changed, 13 insertions, 38 deletions
diff --git a/src/share/mh/add_hostname b/src/share/mh/add_hostname
index 10d5f58..267f109 100644
--- a/src/share/mh/add_hostname
+++ b/src/share/mh/add_hostname
@@ -27,7 +27,7 @@ fi
userID="ssh://${1}"
-fingerprint=$(fingerprint_server_key)
+fingerprint=$(fingerprint_host_key)
# match to only ultimately trusted user IDs
tmpuidMatch="u:$(echo $userID | gpg_escape)"
diff --git a/src/share/mh/diagnostics b/src/share/mh/diagnostics
index 7e76da6..96065e6 100644
--- a/src/share/mh/diagnostics
+++ b/src/share/mh/diagnostics
@@ -50,7 +50,7 @@ fi
echo "Checking host GPG key..."
if (( "$keysfound" < 1 )); then
echo "! No host key found."
- echo " - Recommendation: run 'monkeysphere-server gen-key'"
+ echo " - Recommendation: run 'monkeysphere-host gen-key' or 'monkeysphere-host import-key'"
problemsfound=$(($problemsfound+1))
elif (( "$keysfound" > 1 )); then
echo "! More than one host key found?"
@@ -64,11 +64,11 @@ else
if [ "$expire" ]; then
if (( "$expire" < "$curdate" )); then
echo "! Host key is expired."
- echo " - Recommendation: extend lifetime of key with 'monkeysphere-server extend-key'"
+ echo " - Recommendation: extend lifetime of key with 'monkeysphere-host extend-key'"
problemsfound=$(($problemsfound+1))
elif (( "$expire" < "$warndate" )); then
echo "! Host key expires in less than $warnwindow:" $(advance_date $(( $expire - $curdate )) seconds +%F)
- echo " - Recommendation: extend lifetime of key with 'monkeysphere-server extend-key'"
+ echo " - Recommendation: extend lifetime of key with 'monkeysphere-host extend-key'"
problemsfound=$(($problemsfound+1))
fi
fi
@@ -97,7 +97,7 @@ else
# FIXME: recommend a way to resolve this
problemsfound=$(($problemsfound+1))
elif (( "$expire" < "$warndate" )); then
- echo "! User ID '$uid' expires in less than $warnwindow:" $(advance_date $(( $expire - $curdate )) seconds +%F)
+ echo "! User ID '$uid' expires in less than $warnwindow:" $(advance_date $(( $expire - $curdate )) seconds +%F)
# FIXME: recommend a way to resolve this
problemsfound=$(($problemsfound+1))
fi
@@ -149,35 +149,10 @@ fi
# directories housing them, etc (what should those values be? can
# we make them as minimal as possible?)
-# FIXME: look to see that the ownertrust rules are set properly on the
-# authentication keyring
-
-# FIXME: make sure that at least one identity certifier exists
-
-# FIXME: look at the timestamps on the monkeysphere-generated
-# authorized_keys files -- warn if they seem out-of-date.
-
-# FIXME: check for a cronjob that updates monkeysphere-generated
-# authorized_keys?
-
-echo
-echo "Checking for MonkeySphere-enabled public-key authentication for users ..."
-# Ensure that User ID authentication is enabled:
-if ! grep -q "^AuthorizedKeysFile[[:space:]]\+${SYSDATADIR}/authorized_keys/%u$" "$sshd_config"; then
- echo "! $sshd_config does not point to monkeysphere authorized keys."
- echo " - Recommendation: add a line to $sshd_config: 'AuthorizedKeysFile ${SYSDATADIR}/authorized_keys/%u'"
- problemsfound=$(($problemsfound+1))
-fi
-if badauthorizedkeys=$(grep -i '^AuthorizedKeysFile' "$sshd_config" | grep -v "^AuthorizedKeysFile[[:space:]]\+${SYSDATADIR}/authorized_keys/%u$") ; then
- echo "! $sshd_config refers to non-monkeysphere authorized_keys files:"
- echo "$badauthorizedkeys"
- echo " - Recommendation: remove the above AuthorizedKeysFile lines from $sshd_config"
- problemsfound=$(($problemsfound+1))
-fi
if [ "$problemsfound" -gt 0 ]; then
echo "When the above $problemsfound issue"$(if [ "$problemsfound" -eq 1 ] ; then echo " is" ; else echo "s are" ; fi)" resolved, please re-run:"
- echo " monkeysphere-server diagnostics"
+ echo " monkeysphere-host expert diagnostics"
else
echo "Everything seems to be in order!"
fi
diff --git a/src/share/mh/extend_key b/src/share/mh/extend_key
index ccbaf0e..d03b89a 100644
--- a/src/share/mh/extend_key
+++ b/src/share/mh/extend_key
@@ -15,7 +15,7 @@
extend_key() {
-local fpr=$(fingerprint_server_key)
+local fpr=$(fingerprint_host_key)
local extendTo="$1"
# get the new expiration date
diff --git a/src/share/mh/gen_key b/src/share/mh/gen_key
index c0445db..a73d85e 100644
--- a/src/share/mh/gen_key
+++ b/src/share/mh/gen_key
@@ -24,7 +24,7 @@ local fingerprint
# check for presense of secret key
# FIXME: is this the proper test to be doing here?
-fingerprint_server_key >/dev/null \
+fingerprint_host_key >/dev/null \
&& failure "An OpenPGP host key already exists."
# get options
@@ -83,7 +83,7 @@ log verbose "generating host key..."
echo "$keyParameters" | gpg_host --batch --gen-key
# find the key fingerprint of the newly generated key
-fingerprint=$(fingerprint_server_key)
+fingerprint=$(fingerprint_host_key)
# translate the private key to ssh format, and export to a file
# for sshs usage.
diff --git a/src/share/mh/import_key b/src/share/mh/import_key
index 0f16d27..e7b713f 100644
--- a/src/share/mh/import_key
+++ b/src/share/mh/import_key
@@ -20,7 +20,7 @@ local userID
# check for presense of secret key
# FIXME: is this the proper test to be doing here?
-fingerprint_server_key >/dev/null \
+fingerprint_host_key >/dev/null \
&& failure "An OpenPGP host key already exists."
# get options
@@ -72,7 +72,7 @@ log verbose "importing ssh key..."
pem2openpgp "$userID" "$keyExpire" < "$sshKey" | gpg_host --import)
# find the key fingerprint of the newly converted key
-fingerprint=$(fingerprint_server_key)
+fingerprint=$(fingerprint_host_key)
# export host ownertrust to authentication keyring
log verbose "setting ultimate owner trust for host key..."
diff --git a/src/share/mh/publish_key b/src/share/mh/publish_key
index b7ab01d..988b450 100644
--- a/src/share/mh/publish_key
+++ b/src/share/mh/publish_key
@@ -21,7 +21,7 @@ if [ ${OK/y/Y} != 'Y' ] ; then
fi
# find the key fingerprint
-fingerprint=$(fingerprint_server_key)
+fingerprint=$(fingerprint_host_key)
# publish host key
# FIXME: need to define how to do this
diff --git a/src/share/mh/revoke_hostname b/src/share/mh/revoke_hostname
index b519cf6..06b5810 100644
--- a/src/share/mh/revoke_hostname
+++ b/src/share/mh/revoke_hostname
@@ -38,7 +38,7 @@ fi
userID="ssh://${1}"
-fingerprint=$(fingerprint_server_key)
+fingerprint=$(fingerprint_host_key)
# match to only ultimately trusted user IDs
tmpuidMatch="u:$(echo $userID | gpg_escape)"