move src/subcommands to srv/share, and add common file to src/share (update Makefile as well)

9 files changed, 0 insertions, 652 deletions

diff --git a/src/subcommands/mh/add_hostname b/src/subcommands/mh/add_hostname
deleted file mode 100644
index 10d5f58..0000000
--- a/src/subcommands/mh/add_hostname
+++ /dev/null
@@ -1,73 +0,0 @@
-# -*-shell-script-*-
-# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
-
-# Monkeysphere host add-hostname subcommand
-#
-# The monkeysphere scripts are written by:
-# Jameson Rollins <jrollins@finestructure.net>
-# Jamie McClelland <jm@mayfirst.org>
-# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-#
-# They are Copyright 2008-2009, and are all released under the GPL,
-# version 3 or later.
-
-# add hostname user ID to server key
-
-add_hostname() {
-
-local userID
-local fingerprint
-local tmpuidMatch
-local line
-local adduidCommand
-
-if [ -z "$1" ] ; then
-    failure "You must specify a hostname to add."
-fi
-
-userID="ssh://${1}"
-
-fingerprint=$(fingerprint_server_key)
-
-# match to only ultimately trusted user IDs
-tmpuidMatch="u:$(echo $userID | gpg_escape)"
-
-# find the index of the requsted user ID
-# NOTE: this is based on circumstantial evidence that the order of
-# this output is the appropriate index
-if line=$(gpg_host --list-keys --with-colons --fixed-list-mode "0x${fingerprint}!" \
-    | egrep '^(uid|uat):' | cut -f2,10 -d: | grep -n -x -F "$tmpuidMatch") ; then
-    failure "Host userID '$userID' already exists."
-fi
-
-echo "The following user ID will be added to the host key:"
-echo "  $userID"
-read -p "Are you sure you would like to add this user ID? (y/N) " OK; OK=${OK:=N}
-if [ ${OK/y/Y} != 'Y' ] ; then
-    failure "User ID not added."
-fi
-
-# edit-key script command to add user ID
-adduidCommand=$(cat <<EOF
-adduid
-$userID
-
-
-save
-EOF
-)
-
-# execute edit-key script
-if echo "$adduidCommand" | \
-    gpg_host --quiet --command-fd 0 --edit-key "0x${fingerprint}!" ; then
-
-    show_key
-
-    echo
-    echo "NOTE: User ID added to key, but key not published."
-    echo "Run '$PGRM publish-key' to publish the new user ID."
-else
-    failure "Problem adding user ID."
-fi
-
-}
diff --git a/src/subcommands/mh/add_revoker b/src/subcommands/mh/add_revoker
deleted file mode 100644
index f9d0bb6..0000000
--- a/src/subcommands/mh/add_revoker
+++ /dev/null
@@ -1,21 +0,0 @@
-# -*-shell-script-*-
-# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
-
-# Monkeysphere host add-revoker subcommand
-#
-# The monkeysphere scripts are written by:
-# Jameson Rollins <jrollins@finestructure.net>
-# Jamie McClelland <jm@mayfirst.org>
-# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-#
-# They are Copyright 2008, and are all released under the GPL, version 3
-# or later.
-
-# add a revoker to the host key
-
-add_revoker() {
-
-# FIXME: implement!
-failure "not implemented yet!"
-
-}
diff --git a/src/subcommands/mh/diagnostics b/src/subcommands/mh/diagnostics
deleted file mode 100644
index 7e76da6..0000000
--- a/src/subcommands/mh/diagnostics
+++ /dev/null
@@ -1,185 +0,0 @@
-# -*-shell-script-*-
-# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
-
-# Monkeysphere host diagnostics subcommand
-#
-# The monkeysphere scripts are written by:
-# Jameson Rollins <jrollins@finestructure.net>
-# Jamie McClelland <jm@mayfirst.org>
-# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-#
-# They are Copyright 2008-2009, and are all released under the GPL,
-# version 3 or later.
-
-# check on the status and validity of the key and public certificates
-
-diagnostics() {
-
-local seckey
-local keysfound
-local curdate
-local warnwindow
-local warndate
-local create
-local expire
-local uid
-local fingerprint
-local badhostkeys
-local sshd_config
-local problemsfound=0
-
-# FIXME: what's the correct, cross-platform answer?
-sshd_config=/etc/ssh/sshd_config
-seckey=$(gpg_host --list-secret-keys --fingerprint --with-colons --fixed-list-mode)
-keysfound=$(echo "$seckey" | grep -c ^sec:)
-curdate=$(date +%s)
-# warn when anything is 2 months away from expiration
-warnwindow='2 months'
-warndate=$(advance_date $warnwindow +%s)
-
-if ! id monkeysphere >/dev/null ; then
-    echo "! No monkeysphere user found!  Please create a monkeysphere system user with bash as its shell."
-    problemsfound=$(($problemsfound+1))
-fi
-
-if ! [ -d "$SYSDATADIR" ] ; then
-    echo "! no $SYSDATADIR directory found.  Please create it."
-    problemsfound=$(($problemsfound+1))
-fi
-
-echo "Checking host GPG key..."
-if (( "$keysfound" < 1 )); then
-    echo "! No host key found."
-    echo " - Recommendation: run 'monkeysphere-server gen-key'"
-    problemsfound=$(($problemsfound+1))
-elif (( "$keysfound" > 1 )); then
-    echo "! More than one host key found?"
-    # FIXME: recommend a way to resolve this
-    problemsfound=$(($problemsfound+1))
-else
-    create=$(echo "$seckey" | grep ^sec: | cut -f6 -d:)
-    expire=$(echo "$seckey" | grep ^sec: | cut -f7 -d:)
-    fingerprint=$(echo "$seckey" | grep ^fpr: | head -n1 | cut -f10 -d:)
-    # check for key expiration:
-    if [ "$expire" ]; then
-	if (( "$expire"  < "$curdate" )); then
-	    echo "! Host key is expired."
-	    echo " - Recommendation: extend lifetime of key with 'monkeysphere-server extend-key'"
-	    problemsfound=$(($problemsfound+1))
-	elif (( "$expire" < "$warndate" )); then
-	    echo "! Host key expires in less than $warnwindow:" $(advance_date $(( $expire - $curdate )) seconds +%F)
-	    echo " - Recommendation: extend lifetime of key with 'monkeysphere-server extend-key'"
-	    problemsfound=$(($problemsfound+1))
-	fi
-    fi
-
-    # and weirdnesses:
-    if [ "$create" ] && (( "$create" > "$curdate" )); then
-	echo "! Host key was created in the future(?!). Is your clock correct?"
-	echo " - Recommendation: Check clock ($(date +%F_%T)); use NTP?"
-	problemsfound=$(($problemsfound+1))
-    fi
-    
-    # check for UserID expiration:
-    echo "$seckey" | grep ^uid: | cut -d: -f6,7,10 | \
-    while IFS=: read create expire uid ; do
-	# FIXME: should we be doing any checking on the form
-	# of the User ID?  Should we be unmangling it somehow?
-
-	if [ "$create" ] && (( "$create" > "$curdate" )); then
-	    echo "! User ID '$uid' was created in the future(?!).  Is your clock correct?"
-	    echo " - Recommendation: Check clock ($(date +%F_%T)); use NTP?"
-	    problemsfound=$(($problemsfound+1))
-	fi
-	if [ "$expire" ] ; then
-	    if (( "$expire" < "$curdate" )); then
-		echo "! User ID '$uid' is expired."
-		# FIXME: recommend a way to resolve this
-		problemsfound=$(($problemsfound+1))
-	    elif (( "$expire" < "$warndate" )); then
-		echo "! User ID '$uid' expires in less than $warnwindow:" $(advance_date $(( $expire - $curdate )) seconds +%F)		
-		# FIXME: recommend a way to resolve this
-		problemsfound=$(($problemsfound+1))
-	    fi
-	fi
-    done
-	    
-# FIXME: verify that the host key is properly published to the
-#   keyservers (do this with the non-privileged user)
-
-# FIXME: check that there are valid, non-expired certifying signatures
-#   attached to the host key after fetching from the public keyserver
-#   (do this with the non-privileged user as well)
-
-# FIXME: propose adding a revoker to the host key if none exist (do we
-#   have a way to do that after key generation?)
-
-    # Ensure that the ssh_host_rsa_key file is present and non-empty:
-    echo
-    echo "Checking host SSH key..."
-    if [ ! -s "${SYSDATADIR}/ssh_host_rsa_key" ] ; then
-	echo "! The host key as prepared for SSH (${SYSDATADIR}/ssh_host_rsa_key) is missing or empty."
-	problemsfound=$(($problemsfound+1))
-    else
-	if [ $(ls -l "${SYSDATADIR}/ssh_host_rsa_key" | cut -f1 -d\ ) != '-rw-------' ] ; then
-	    echo "! Permissions seem wrong for ${SYSDATADIR}/ssh_host_rsa_key -- should be 0600."
-	    problemsfound=$(($problemsfound+1))
-	fi
-
-	# propose changes needed for sshd_config (if any)
-	if ! grep -q "^HostKey[[:space:]]\+${SYSDATADIR}/ssh_host_rsa_key$" "$sshd_config"; then
-	    echo "! $sshd_config does not point to the monkeysphere host key (${SYSDATADIR}/ssh_host_rsa_key)."
-	    echo " - Recommendation: add a line to $sshd_config: 'HostKey ${SYSDATADIR}/ssh_host_rsa_key'"
-	    problemsfound=$(($problemsfound+1))
-	fi
-	if badhostkeys=$(grep -i '^HostKey' "$sshd_config" | grep -v "^HostKey[[:space:]]\+${SYSDATADIR}/ssh_host_rsa_key$") ; then
-	    echo "! $sshd_config refers to some non-monkeysphere host keys:"
-	    echo "$badhostkeys"
-	    echo " - Recommendation: remove the above HostKey lines from $sshd_config"
-	    problemsfound=$(($problemsfound+1))
-	fi
-
-        # FIXME: test (with ssh-keyscan?) that the running ssh
-        # daemon is actually offering the monkeysphere host key.
-
-    fi
-fi
-
-# FIXME: look at the ownership/privileges of the various keyrings,
-#    directories housing them, etc (what should those values be?  can
-#    we make them as minimal as possible?)
-
-# FIXME: look to see that the ownertrust rules are set properly on the
-#    authentication keyring
-
-# FIXME: make sure that at least one identity certifier exists
-
-# FIXME: look at the timestamps on the monkeysphere-generated
-# authorized_keys files -- warn if they seem out-of-date.
-
-# FIXME: check for a cronjob that updates monkeysphere-generated
-# authorized_keys?
-
-echo
-echo "Checking for MonkeySphere-enabled public-key authentication for users ..."
-# Ensure that User ID authentication is enabled:
-if ! grep -q "^AuthorizedKeysFile[[:space:]]\+${SYSDATADIR}/authorized_keys/%u$" "$sshd_config"; then
-    echo "! $sshd_config does not point to monkeysphere authorized keys."
-    echo " - Recommendation: add a line to $sshd_config: 'AuthorizedKeysFile ${SYSDATADIR}/authorized_keys/%u'"
-    problemsfound=$(($problemsfound+1))
-fi
-if badauthorizedkeys=$(grep -i '^AuthorizedKeysFile' "$sshd_config" | grep -v "^AuthorizedKeysFile[[:space:]]\+${SYSDATADIR}/authorized_keys/%u$") ; then
-    echo "! $sshd_config refers to non-monkeysphere authorized_keys files:"
-    echo "$badauthorizedkeys"
-    echo " - Recommendation: remove the above AuthorizedKeysFile lines from $sshd_config"
-    problemsfound=$(($problemsfound+1))
-fi
-
-if [ "$problemsfound" -gt 0 ]; then
-    echo "When the above $problemsfound issue"$(if [ "$problemsfound" -eq 1 ] ; then echo " is" ; else echo "s are" ; fi)" resolved, please re-run:"
-    echo "  monkeysphere-server diagnostics"
-else
-    echo "Everything seems to be in order!"
-fi
-
-}
diff --git a/src/subcommands/mh/extend_key b/src/subcommands/mh/extend_key
deleted file mode 100644
index ccbaf0e..0000000
--- a/src/subcommands/mh/extend_key
+++ /dev/null
@@ -1,34 +0,0 @@
-# -*-shell-script-*-
-# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
-
-# Monkeysphere host extend-key subcommand
-#
-# The monkeysphere scripts are written by:
-# Jameson Rollins <jrollins@finestructure.net>
-# Jamie McClelland <jm@mayfirst.org>
-# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-#
-# They are Copyright 2008-2009, and are all released under the GPL,
-# version 3 or later.
-
-# extend the lifetime of a host key:
-
-extend_key() {
-
-local fpr=$(fingerprint_server_key)
-local extendTo="$1"
-
-# get the new expiration date
-extendTo=$(get_gpg_expiration "$extendTo")
-
-gpg_host --quiet --command-fd 0 --edit-key "$fpr" <<EOF 
-expire
-$extendTo
-save
-EOF
-
-echo
-echo "NOTE: Host key expiration date adjusted, but not yet published."
-echo "Run '$PGRM publish-key' to publish the new expiration date."
-
-}
diff --git a/src/subcommands/mh/gen_key b/src/subcommands/mh/gen_key
deleted file mode 100644
index aad213a..0000000
--- a/src/subcommands/mh/gen_key
+++ /dev/null
@@ -1,107 +0,0 @@
-# -*-shell-script-*-
-# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
-
-# Monkeysphere host gen-key subcommand
-#
-# The monkeysphere scripts are written by:
-# Jameson Rollins <jrollins@finestructure.net>
-# Jamie McClelland <jm@mayfirst.org>
-# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-#
-# They are Copyright 2008-2009, and are all released under the GPL,
-# version 3 or later.
-
-gen_key() {
-
-local keyType="RSA"
-local keyLength="2048"
-local keyUsage="auth"
-local keyExpire
-local hostName=$(hostname -f)
-local userID
-local keyParameters
-local fingerprint
-
-# check for presense of secret key
-# FIXME: is this the proper test to be doing here?
-fingerprint_server_key >/dev/null \
-	&& failure "An OpenPGP host key already exists."
-
-# get options
-while true ; do
-	case "$1" in
-	    -l|--length)
-		keyLength="$2"
-		shift 2
-		;;
-	    -e|--expire)
-		keyExpire="$2"
-		shift 2
-		;;
-	    *)
-		if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then
-		    failure "Unknown option '$1'.
-Type '$PGRM help' for usage."
-		fi
-		hostName="$1"
-		shift;
-		break
-		;;
-	esac
-done
-
-userID="ssh://${hostName}"
-
-# prompt about key expiration if not specified
-keyExpire=$(get_gpg_expiration "$keyExpire")
-
-# set key parameters
-keyParameters=\
-"Key-Type: $keyType
-Key-Length: $keyLength
-Key-Usage: $keyUsage
-Name-Real: $userID
-Expire-Date: $keyExpire"
-
-echo "The following key parameters will be used for the host private key:"
-echo "$keyParameters"
-
-read -p "Generate key? (Y/n) " OK; OK=${OK:=Y}
-if [ ${OK/y/Y} != 'Y' ] ; then
-	failure "aborting."
-fi
-
-# add commit command
-# must include blank line!
-keyParameters=\
-"${keyParameters}
-
-%commit
-%echo done"
-
-log verbose "generating host key..."
-echo "$keyParameters" | gpg_host --batch --gen-key
-
-# find the key fingerprint of the newly generated key
-fingerprint=$(fingerprint_server_key)
-
-# export host ownertrust to authentication keyring
-log verbose "setting ultimate owner trust for host key..."
-echo "${fingerprint}:6:" | gpg_authentication "--import-ownertrust"
-
-# translate the private key to ssh format, and export to a file
-# for sshs usage.
-# NOTE: assumes that the primary key is the proper key to use
-(umask 077 && \
-	gpg_host --export-secret-key "$fingerprint" | \
-	openpgp2ssh "$fingerprint" > "${SYSDATADIR}/ssh_host_rsa_key")
-log info "SSH host private key output to file: ${SYSDATADIR}/ssh_host_rsa_key"
-ssh-keygen -y -f "${SYSDATADIR}/ssh_host_rsa_key" > "${SYSDATADIR}/ssh_host_rsa_key.pub"
-log info "SSH host public key output to file: ${SYSDATADIR}/ssh_host_rsa_key.pub"
-gpg_authentication "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg"
-log info "SSH host public key in OpenPGP form: ${SYSDATADIR}/ssh_host_rsa_key.pub.gpg"
-
-# show info about new key
-show_key
-
-}
diff --git a/src/subcommands/mh/import_key b/src/subcommands/mh/import_key
deleted file mode 100644
index 386e02d..0000000
--- a/src/subcommands/mh/import_key
+++ /dev/null
@@ -1,89 +0,0 @@
-# -*-shell-script-*-
-# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
-
-# Monkeysphere host import-key subcommand
-#
-# The monkeysphere scripts are written by:
-# Jameson Rollins <jrollins@finestructure.net>
-# Jamie McClelland <jm@mayfirst.org>
-# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-#
-# They are Copyright 2008-2009 and are all released under the GPL,
-# version 3 or later.
-
-import_key() {
-
-local hostName=$(hostname -f)
-local keyFile="/etc/ssh/ssh_host_rsa_key"
-local keyExpire
-local userID
-
-# check for presense of secret key
-# FIXME: is this the proper test to be doing here?
-fingerprint_server_key >/dev/null \
-	&& failure "An OpenPGP host key already exists."
-
-# get options
-while true ; do
-	case "$1" in
-	    -f|--keyfile)
-		keyFile="$2"
-		shift 2
-		;;
-	    -e|--expire)
-		keyExpire="$2"
-		shift 2
-		;;
-	    *)
-		if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then
-		    failure "Unknown option '$1'.
-Type '$PGRM help' for usage."
-		fi
-		hostName="$1"
-		shift
-		;;
-		break
-		;;
-	esac
-done
-
-if [ ! -f "$keyFile" ] ; then
-	failure "SSH secret key file '$keyFile' not found."
-fi
-
-userID="ssh://${hostName}"
-
-# prompt about key expiration if not specified
-keyExpire=$(get_gpg_expiration "$keyExpire")
-
-echo "The following key parameters will be used for the host private key:"
-echo "Import: $keyFile"
-echo "Name-Real: $userID"
-echo "Expire-Date: $keyExpire"
-
-read -p "Import key? (Y/n) " OK; OK=${OK:=Y}
-if [ ${OK/y/Y} != 'Y' ] ; then
-	failure "aborting."
-fi
-
-log verbose "importing ssh key..."
-# translate ssh key to a private key
-(umask 077 && \
-	pem2openpgp "$userID" "$keyExpire" < "$sshKey" | gpg_host --import)
-
-# find the key fingerprint of the newly converted key
-fingerprint=$(fingerprint_server_key)
-
-# export host ownertrust to authentication keyring
-log verbose "setting ultimate owner trust for host key..."
-echo "${fingerprint}:6:" | gpg_host "--import-ownertrust"
-echo "${fingerprint}:6:" | gpg_authentication "--import-ownertrust"
-
-# export public key to file
-gpg_authentication "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg"
-log info "SSH host public key in OpenPGP form: ${SYSDATADIR}/ssh_host_rsa_key.pub.gpg"
-
-# show info about new key
-show_key
-
-}
diff --git a/src/subcommands/mh/publish_key b/src/subcommands/mh/publish_key
deleted file mode 100644
index b7ab01d..0000000
--- a/src/subcommands/mh/publish_key
+++ /dev/null
@@ -1,31 +0,0 @@
-# -*-shell-script-*-
-# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
-
-# Monkeysphere host publish-key subcommand
-#
-# The monkeysphere scripts are written by:
-# Jameson Rollins <jrollins@finestructure.net>
-# Jamie McClelland <jm@mayfirst.org>
-# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-#
-# They are Copyright 2008-2009, and are all released under the GPL, version 3
-# or later.
-
-# publish server key to keyserver
-
-publish_key() {
-
-read -p "Really publish host key to $KEYSERVER? (y/N) " OK; OK=${OK:=N}
-if [ ${OK/y/Y} != 'Y' ] ; then
-    failure "key not published."
-fi
-
-# find the key fingerprint
-fingerprint=$(fingerprint_server_key)
-
-# publish host key
-# FIXME: need to define how to do this
-#gpg_authentication "--keyserver $KEYSERVER --send-keys '0x${fingerprint}!'"
-echo "not published!!!"
-
-}
diff --git a/src/subcommands/mh/revoke_hostname b/src/subcommands/mh/revoke_hostname
deleted file mode 100644
index b519cf6..0000000
--- a/src/subcommands/mh/revoke_hostname
+++ /dev/null
@@ -1,91 +0,0 @@
-# -*-shell-script-*-
-# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
-
-# Monkeysphere host revoke-hostname subcommand
-#
-# The monkeysphere scripts are written by:
-# Jameson Rollins <jrollins@finestructure.net>
-# Jamie McClelland <jm@mayfirst.org>
-# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-#
-# They are Copyright 2008-2009, and are all released under the GPL,
-# version 3 or later.
-
-# revoke hostname user ID from host key
-
-revoke_hostname() {
-
-local userID
-local fingerprint
-local tmpuidMatch
-local line
-local uidIndex
-local message
-local revuidCommand
-
-if [ -z "$1" ] ; then
-    failure "You must specify a hostname to revoke."
-fi
-
-echo "WARNING: There is a known bug in this function."
-echo "This function has been known to occasionally revoke the wrong user ID."
-echo "Please see the following bug report for more information:"
-echo "http://web.monkeysphere.info/bugs/revoke-hostname-revoking-wrong-userid/"
-read -p "Are you sure you would like to proceed? (y/N) " OK; OK=${OK:=N}
-if [ ${OK/y/Y} != 'Y' ] ; then
-    failure "aborting."
-fi
-
-userID="ssh://${1}"
-
-fingerprint=$(fingerprint_server_key)
-
-# match to only ultimately trusted user IDs
-tmpuidMatch="u:$(echo $userID | gpg_escape)"
-
-# find the index of the requsted user ID
-# NOTE: this is based on circumstantial evidence that the order of
-# this output is the appropriate index
-if line=$(gpg_host --list-keys --with-colons --fixed-list-mode "0x${fingerprint}!" \
-    | egrep '^(uid|uat):' | cut -f2,10 -d: | grep -n -x -F "$tmpuidMatch") ; then
-    uidIndex=${line%%:*}
-else
-    failure "No non-revoked user ID '$userID' is found."
-fi
-
-echo "The following host key user ID will be revoked:"
-echo "  $userID"
-read -p "Are you sure you would like to revoke this user ID? (y/N) " OK; OK=${OK:=N}
-if [ ${OK/y/Y} != 'Y' ] ; then
-    failure "User ID not revoked."
-fi
-
-message="Hostname removed by monkeysphere-server $DATE"
-
-# edit-key script command to revoke user ID
-revuidCommand=$(cat <<EOF
-$uidIndex
-revuid
-y
-4
-$message
-
-y
-save
-EOF
-    )	
-
-# execute edit-key script
-if echo "$revuidCommand" | \
-    gpg_host --quiet --command-fd 0 --edit-key "0x${fingerprint}!" ; then
-
-    show_key
-
-    echo
-    echo "NOTE: User ID revoked, but revocation not published."
-    echo "Run '$PGRM publish-key' to publish the revocation."
-else
-    failure "Problem revoking user ID."
-fi
-
-}
diff --git a/src/subcommands/mh/revoke_key b/src/subcommands/mh/revoke_key
deleted file mode 100644
index cccdc22..0000000
--- a/src/subcommands/mh/revoke_key
+++ /dev/null
@@ -1,21 +0,0 @@
-# -*-shell-script-*-
-# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
-
-# Monkeysphere host revoke-key subcommand
-#
-# The monkeysphere scripts are written by:
-# Jameson Rollins <jrollins@finestructure.net>
-# Jamie McClelland <jm@mayfirst.org>
-# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-#
-# They are Copyright 2008-2009, and are all released under the GPL,
-# version 3 or later.
-
-# revoke host key
-
-revoke_key() {
-
-# FIXME: implement!
-failure "not implemented yet!"
-
-}