diff options
| -rw-r--r-- | debian/changelog | 3 | ||||
| -rw-r--r-- | doc/TODO | 6 | ||||
| -rw-r--r-- | doc/george/changelog | 13 | ||||
| -rw-r--r-- | src/common | 3 | ||||
| -rwxr-xr-x | src/monkeysphere | 18 | ||||
| -rwxr-xr-x | src/seckey2sshagent | 31 |
6 files changed, 59 insertions, 15 deletions
diff --git a/debian/changelog b/debian/changelog index 2133d2d..cec0988 100644 --- a/debian/changelog +++ b/debian/changelog @@ -11,8 +11,9 @@ monkeysphere (0.2-1) UNRELEASED; urgency=low weren't useful enough to be worth maintaining. * Better handling of unknown users in server update-users * Add file locking when modifying known_hosts or authorized_keys + * Better failure/prompting for gen-subkey - -- Jameson Graef Rollins <jrollins@phys.columbia.edu> Fri, 20 Jun 2008 00:43:44 -0400 + -- Jameson Graef Rollins <jrollins@phys.columbia.edu> Sat, 21 Jun 2008 16:39:26 -0400 monkeysphere (0.1-1) experimental; urgency=low @@ -107,3 +107,9 @@ Update monkeysphere-ssh-proxycommand man page with new keyserver Update monkeysphere-ssh-proxycommand man page with info about no-connect option. + +File bug against seahorse about how, when creating new primary keys, + it presents option for "RSA (sign only)" but then creates an "esca" + key. + +File bug against enigmail about lack of ability to create subkeys. diff --git a/doc/george/changelog b/doc/george/changelog index c157cec..ab97bf3 100644 --- a/doc/george/changelog +++ b/doc/george/changelog @@ -7,7 +7,18 @@ * changes to this system * ****************************************************************************** -2008-06-20 - dkg +2008-06-21 - micah + * Restored /etc/init.d/ssh to original package state and changed + /etc/default/ssh to have 'unset SSHD_OOM_ADJUST' instead. + +2008-06-20 - micah + * Commented out the 'export SSHD_OOM_ADJUST=-17' from the + /etc/init.d/ssh initscript, and the 'SSHD_OOM_ADJUST=-17' from + /etc/default/ssh in order to make this error go away: + "error writing /proc/self/oom_adj: Operation not permitted" + (c.f. Debian #487325) + +200r-06-20 - dkg * touched /etc/environment to get rid of some spurious auth.log entries. * turned up sshd's LogLevel from INFO to DEBUG @@ -103,8 +103,9 @@ translate_ssh_variables() { # get the user's home directory userHome=$(getent passwd "$uname" | cut -d: -f6) - # translate ssh-style path variables + # translate '%u' to user name path=${path/\%u/"$uname"} + # translate '%h' to user home directory path=${path/\%h/"$userHome"} echo "$path" diff --git a/src/monkeysphere b/src/monkeysphere index 58f0fdc..e111d8e 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -54,11 +54,27 @@ gen_subkey(){ gpgOut=$(gpg --quiet --fixed-list-mode --list-keys --with-colons \ "$keyID" 2> /dev/null) - # return 1 if there only "tru" lines are output from gpg + # fail if there only "tru" lines are output from gpg, which + # indicates the key was not found. if [ -z "$(echo "$gpgOut" | grep -v '^tru:')" ] ; then failure "Key ID '$keyID' not found." fi + # fail if multiple pub lines are returned, which means the id given + # is not unique + if [ $(echo "$gpgOut" | grep '^pub:' | wc -l) -gt '1' ] ; then + failure "Key ID '$keyID' is not unique." + fi + + # prompt if an authentication subkey already exists + if echo "$gpgOut" | egrep "^(pub|sub):" | cut -d: -f 12 | grep -q a ; then + echo "An authentication subkey already exists for key '$keyID'." + read -p "Are you sure you would like to generate another one? [y|N]: " OK; OK=${OK:N} + if [ "${OK/y/Y}" != 'Y' ] ; then + failure "aborting." + fi + fi + # set subkey defaults SUBKEY_TYPE=${SUBKEY_TYPE:-"RSA"} #SUBKEY_LENGTH=${SUBKEY_LENGTH:-"2048"} diff --git a/src/seckey2sshagent b/src/seckey2sshagent index 4d08c66..aff323f 100755 --- a/src/seckey2sshagent +++ b/src/seckey2sshagent @@ -23,20 +23,29 @@ cleanup() { trap cleanup EXIT -GPGID="$1" - -idchars=$(echo $GPGID | wc -m) -if [ "$idchars" -ne 17 ] ; then - echo "GPGID is not 16 characters ($idchars)." - exit 1 -fi +#GPGID="$1" +GPGID=$(echo "$1" | cut -c 25-) FOO=$(mktemp -d) -gpg --export-secret-key --export-options export-reset-subkey-passwd $GPGID | GNUPGHOME=$FOO gpg --import +gpg --export-secret-key $GPGID | GNUPGHOME="$FOO" gpg --import + +# idea to script the password stuff. not working. +# read -s -p "enter gpg password: " PASSWD; echo +# cmd=$(cat <<EOF +# passwd +# $PASSWD +# \n +# \n +# \n +# yes +# save +# EOF +# ) +# echo -e "$cmd" | GNUPGHOME="$FOO" gpg --command-fd 0 --edit-key $GPGID -GNUPGHOME=$FOO gpg --edit-key $GPGID +GNUPGHOME="$FOO" gpg --edit-key $GPGID -ln -s /dev/stdin $FOO/monkeysphere-key +ln -s /dev/stdin "$FOO"/monkeysphere-key -GNUPGHOME=$FOO gpg --export-secret-key $GPGID | openpgp2ssh $GPGID | (cd $FOO && ssh-add -c monkeysphere-key) +GNUPGHOME="$FOO" gpg --export-secret-key $GPGID | openpgp2ssh $GPGID | ssh-add -c /dev/stdin |