diff options
| -rw-r--r-- | debian/changelog | 6 | ||||
| -rwxr-xr-x | src/monkeysphere-ssh-proxycommand | 2 | ||||
| -rw-r--r-- | website/dev.mdwn | 13 | ||||
| -rw-r--r-- | website/doc.mdwn | 1 | ||||
| -rw-r--r-- | website/index.mdwn | 73 | ||||
| -rw-r--r-- | website/local.css | 9 |
6 files changed, 71 insertions, 33 deletions
diff --git a/debian/changelog b/debian/changelog index 54160e9..78b5ca9 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +monkeysphere (0.6-1) UNRELEASED; urgency=low + + * Fix bug in return on error of ssh-proxycommand. + + -- Jameson Graef Rollins <jrollins@phys.columbia.edu> Tue, 29 Jul 2008 00:23:24 -0700 + monkeysphere (0.5-1) experimental; urgency=low [ Daniel Kahn Gillmor ] diff --git a/src/monkeysphere-ssh-proxycommand b/src/monkeysphere-ssh-proxycommand index 6d6d3c0..9ee205a 100755 --- a/src/monkeysphere-ssh-proxycommand +++ b/src/monkeysphere-ssh-proxycommand @@ -1,4 +1,4 @@ -#!/bin/sh -e +#!/bin/sh # monkeysphere-ssh-proxycommand: MonkeySphere ssh ProxyCommand hook # diff --git a/website/dev.mdwn b/website/dev.mdwn new file mode 100644 index 0000000..b149f9c --- /dev/null +++ b/website/dev.mdwn @@ -0,0 +1,13 @@ +# Monkeysphere Development # + +The Monkeysphere is attempting to use a completely distributed +development model. Please feel free to clone any of our developer git +repositories, and send patches, modifications, or merge requests to +any of the upstream developers. + +## Contacts ## + +Please feel free to contact any of the Monkeysphere developers with +any questions, comments, bug reports, requests, etc: + +Jameson Graef Rollins <jrollins@phys.columbia.edu> diff --git a/website/doc.mdwn b/website/doc.mdwn index 4334e8b..33fe340 100644 --- a/website/doc.mdwn +++ b/website/doc.mdwn @@ -9,3 +9,4 @@ * [Initial specifications at CMRG](http://cmrg.fifthhorseman.net/wiki/OpenPGPandSSH) * [OpenPGP (RFC 4880)](http://tools.ietf.org/html/rfc4880) * [Secure Shell Authentication Protocol (RFC 4252)](http://tools.ietf.org/html/rfc4252) +* [URI scheme for SSH, RFC draft](http://tools.ietf.org/wg/secsh/draft-ietf-secsh-scp-sftp-ssh-uri/) diff --git a/website/index.mdwn b/website/index.mdwn index 3bc1fe1..c0cde58 100644 --- a/website/index.mdwn +++ b/website/index.mdwn @@ -9,26 +9,48 @@ yourself and the servers you administer or connect to. OpenPGP keys are tracked via GnuPG, and managed in the known\_hosts and authorized\_keys files used by OpenSSH for connection authentication. -[[bugs]] | [[download]] | [[news]] | [[documentation|doc]] +[[bugs]] | [[download]] | [[news]] | [[documentation|doc]] | +[[development|dev]] ## Conceptual overview ## Everyone who has used secure shell is familiar with the prompt given -the first time you login, asking if you want to trust the server's -fingerprint. In addition, many of us take advantage of OpenSSH's -ability to use RSA or DSA keys for authenticating to a server, rather -than relying on a password exchange. - -[OpenSSH](http://openssh.com/) already provides a functional way for -managing the RSA and DSA keys required for these -interactions. However, it lacks any type of [Public Key Infrastructure -(PKI)](http://en.wikipedia.org/wiki/Public_Key_Infrastructure). +the first time you log in to a new server, asking if you want to trust +the server's key by verifying the key fingerprint. Unfortunately, +unless you have access to the server's key fingerprint through a +secure out-of-band channel, there is no way to verify that the +fingerprint you are presented with is in fact that of the server your +really trying to connect to. + +Many users also take advantage of OpenSSH's ability to use RSA or DSA +keys for authenticating to a server (known as "PubkeyAuthentication"), +rather than relying on a password exchange. But again, the public +part of the key needs to be transmitted to the server through a secure +out-of-band channel (usually via a separate password-based SSH +connection) in order for this type of authentication to work + +[OpenSSH](http://openssh.com/) currently provides a functional way to +managing the RSA and DSA keys required for these interactions through +the known\_hosts and authorized\_keys files. However, it lacks any +type of [Public Key Infrastructure +(PKI)](http://en.wikipedia.org/wiki/Public_Key_Infrastructure) that +can verify that the keys being used really are the one required or +expected. The basic idea of the Monkeysphere is to create a framework that uses [GnuPG](http://www.gnupg.org/)'s keyring manipulation capabilities and public keyserver communication to manage the keys that OpenSSH uses for connection authentication. +The Monkeysphere therefore provides an effective PKI for OpenSSH, +including the possibility for key transitions, transitive +identifications, revocations, and expirations. It also actively +invites broader participation in the +[OpenPGP](http://en.wikipedia.org/wiki/Openpgp) [web of +trust](http://en.wikipedia.org/wiki/Web_of_trust). + +## Technical details ## + Under the Monkeysphere, both parties to an OpenSSH connection (client and server) explicitly designate who they trust to certify the identity of the other party. These trust designations are explicitly @@ -39,26 +61,21 @@ modification is made to the SSH protocol on the wire (it continues to use raw RSA public keys), and no modification is needed to the OpenSSH software. -To emphasize: *no SSH modification is required to use the -Monkeysphere*. - -This offers users of OpenSSH an effective PKI, including the -possibility for key transitions, transitive identifications, -revocations, and expirations. It also actively invites broader -participation in the [OpenPGP](http://en.wikipedia.org/wiki/Openpgp) -[web of trust](http://en.wikipedia.org/wiki/Web_of_trust). +To emphasize: *no modifications to SSH are required to use the +Monkeysphere*. OpenSSH can be used as is; completely unpatched and +"out of the box". ## Philosophy ## Humans (and [monkeys](http://www.scottmccloud.com/comics/mi/mi-17/mi-17.html)) -have innate capacity to keep track of the identity of a finite number -of people. After our social sphere exceeds several dozen or several -hundred (depending on the individual), our ability to remember and -distinguish people begins to break down. In other words, at a certain -point, we can't know for sure that the person we ran into in the -produce aisle really is the same person who we met at the party last -week. +have the innate capacity to keep track of the identities of only a +finite number of people. After our social sphere exceeds several dozen +or several hundred (depending on the individual), our ability to +remember and distinguish people begins to break down. In other words, +at a certain point, we can't know for sure that the person we ran into +in the produce aisle really is the same person who we met at the party +last week. For most of us, this limitation has not posed much of a problem in our daily, off-line lives. With the Internet, however, we have an ability @@ -80,7 +97,8 @@ the [web of trust](http://en.wikipedia.org/wiki/Web_of_trust). The web of trust allows people who have never met in person to communicate with a reasonable degree of certainty that they are who they say they are. It works like this: Person A trusts Person B. Person B verifies -Person C's identity. Then, Person A can verify Person C's identity. +Person C's identity. Then, Person A can verify Person C's identity +because of their trust of Person B. The Monkeyshpere's broader goals are to extend the use of OpenPGP from email communications to other activities, such as: @@ -92,9 +110,8 @@ email communications to other activities, such as: * [OpenSSH](http://openssh.com/) * [GnuPG](http://www.gnupg.org/) +* [Secure Shell Authentication Protocol RFC 4252](http://tools.ietf.org/html/rfc4252) * [OpenPGP RFC 4880](http://tools.ietf.org/html/rfc4880) -* [URI scheme for SSH, RFC draft](http://tools.ietf.org/wg/secsh/draft-ietf-secsh-scp-sftp-ssh-uri/) - ---- diff --git a/website/local.css b/website/local.css index 6302a54..06b1750 100644 --- a/website/local.css +++ b/website/local.css @@ -1,12 +1,12 @@ body { font-family:Verdana,Geneva,Arial,Helvetica,sans-serif; - font-size:0.8em; + font-size:1em; margin-left: 5%; margin-right:20%; } h1 { - font-size: 1.4em; + font-size: 1.5em; } h2 { @@ -14,14 +14,15 @@ h2 { } h3 { - font-size: 1.0em; + font-size: 1em; } h4 { - font-size: .9em; + font-size: 1em; } .header span { + font-size: 1.5em; color: #aaaaaa; } |