diff options
| -rw-r--r-- | debian/changelog | 8 | ||||
| -rw-r--r-- | debian/control | 5 | ||||
| -rwxr-xr-x | src/monkeysphere-ssh-proxycommand | 9 | ||||
| -rw-r--r-- | website/index.mdwn | 29 |
4 files changed, 32 insertions, 19 deletions
diff --git a/debian/changelog b/debian/changelog index 78b5ca9..9f881fb 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,8 +1,12 @@ monkeysphere (0.6-1) UNRELEASED; urgency=low - + + [ Jameson Graef Rollins ] * Fix bug in return on error of ssh-proxycommand. + + [ Daniel Kahn Gillmor ] + * try socat if netcat is not available in proxycommand. - -- Jameson Graef Rollins <jrollins@phys.columbia.edu> Tue, 29 Jul 2008 00:23:24 -0700 + -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Tue, 29 Jul 2008 10:27:20 -0400 monkeysphere (0.5-1) experimental; urgency=low diff --git a/debian/control b/debian/control index f5760d9..3b2d5d0 100644 --- a/debian/control +++ b/debian/control @@ -5,13 +5,14 @@ Maintainer: Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Uploaders: Jameson Rollins <jrollins@fifthhorseman.net> Build-Depends: debhelper (>= 7.0), libgnutls-dev (>= 2.4.0) Standards-Version: 3.8.0.1 -Homepage: http://cmrg.fifthhorseman.net/wiki/OpenPGPandSSH +Homepage: http://monkeysphere.info/ +Vcs-Git: http://lair.fifthhorseman.net/~dkg/git/monkeysphere.git Dm-Upload-Allowed: yes Package: monkeysphere Architecture: any Depends: openssh-client, gnupg | gnupg2, coreutils (>= 6), moreutils, lockfile-progs, adduser, ${shlibs:Depends} -Recommends: netcat +Recommends: netcat | socat Enhances: openssh-client, openssh-server Description: use the OpenPGP web of trust to verify ssh connections SSH key-based authentication is tried-and-true, but it lacks a true diff --git a/src/monkeysphere-ssh-proxycommand b/src/monkeysphere-ssh-proxycommand index 9ee205a..438db87 100755 --- a/src/monkeysphere-ssh-proxycommand +++ b/src/monkeysphere-ssh-proxycommand @@ -83,5 +83,12 @@ monkeysphere update-known_hosts "$HOSTP" # exec a netcat passthrough to host for the ssh connection if [ -z "$NO_CONNECT" ] ; then - exec nc "$HOST" "$PORT" + if (which nc 2>/dev/null >/dev/null); then + exec nc "$HOST" "$PORT" + elif (which socat 2>/dev/null >/dev/null); then + exec socat STDIO "TCP:$HOST:$PORT" + else + log "Neither netcat nor socat found -- could not complete monkeysphere-ssh-proxycommand connection to $HOST:$PORT" + exit 1 + fi fi diff --git a/website/index.mdwn b/website/index.mdwn index c0cde58..5c8a694 100644 --- a/website/index.mdwn +++ b/website/index.mdwn @@ -6,8 +6,8 @@ Specifically, the Monkeysphere is a framework to leverage the OpenPGP web of trust for OpenSSH authentication. In other words, it allows you to use your OpenPGP keys when using secure shell to both identify yourself and the servers you administer or connect to. OpenPGP keys -are tracked via GnuPG, and managed in the known\_hosts and -authorized\_keys files used by OpenSSH for connection authentication. +are tracked via GnuPG, and managed in the `known_hosts` and +`authorized_keys` files used by OpenSSH for connection authentication. [[bugs]] | [[download]] | [[news]] | [[documentation|doc]] | [[development|dev]] @@ -23,16 +23,17 @@ fingerprint you are presented with is in fact that of the server your really trying to connect to. Many users also take advantage of OpenSSH's ability to use RSA or DSA -keys for authenticating to a server (known as "PubkeyAuthentication"), -rather than relying on a password exchange. But again, the public -part of the key needs to be transmitted to the server through a secure -out-of-band channel (usually via a separate password-based SSH -connection) in order for this type of authentication to work +keys for authenticating to a server (known as +"`PubkeyAuthentication`"), rather than relying on a password exchange. +But again, the public part of the key needs to be transmitted to the +server through a secure out-of-band channel (usually via a separate +password-based SSH connection) in order for this type of +authentication to work [OpenSSH](http://openssh.com/) currently provides a functional way to managing the RSA and DSA keys required for these interactions through -the known\_hosts and authorized\_keys files. However, it lacks any -type of [Public Key Infrastructure +the `known_hosts` and `authorized_keys` files. However, it lacks +any type of [Public Key Infrastructure (PKI)](http://en.wikipedia.org/wiki/Public_Key_Infrastructure) that can verify that the keys being used really are the one required or expected. @@ -55,11 +56,11 @@ Under the Monkeysphere, both parties to an OpenSSH connection (client and server) explicitly designate who they trust to certify the identity of the other party. These trust designations are explicitly indicated with traditional GPG keyring trust models. Monkeysphere -then manages the keys in the known\_hosts and authorized\_keys files -directly, in such a way that is completely transparent to SSH. No -modification is made to the SSH protocol on the wire (it continues to -use raw RSA public keys), and no modification is needed to the OpenSSH -software. +then manages the keys in the `known_hosts` and `authorized_keys` +files directly, in such a way that is completely transparent to SSH. +No modification is made to the SSH protocol on the wire (it continues +to use raw RSA public keys), and no modification is needed to the +OpenSSH software. To emphasize: *no modifications to SSH are required to use the Monkeysphere*. OpenSSH can be used as is; completely unpatched and |