diff options
| -rw-r--r-- | man/man1/monkeysphere.1 | 8 | ||||
| -rw-r--r-- | man/man7/monkeysphere.7 | 13 | ||||
| -rw-r--r-- | man/man8/monkeysphere-authentication.8 | 62 | ||||
| -rw-r--r-- | man/man8/monkeysphere-host.8 | 82 | ||||
| -rwxr-xr-x | src/monkeysphere | 2 | ||||
| -rwxr-xr-x | src/monkeysphere-authentication | 21 | ||||
| -rwxr-xr-x | src/monkeysphere-host | 23 | ||||
| -rw-r--r-- | src/share/common | 11 | ||||
| -rw-r--r-- | src/share/m/ssh_proxycommand | 48 | ||||
| -rw-r--r-- | src/share/ma/diagnostics | 111 | ||||
| -rw-r--r-- | src/share/ma/setup | 88 | ||||
| -rw-r--r-- | src/share/ma/update_users | 2 | ||||
| -rw-r--r-- | src/share/mh/add_hostname | 2 | ||||
| -rw-r--r-- | src/share/mh/diagnostics | 35 | ||||
| -rw-r--r-- | src/share/mh/extend_key | 2 | ||||
| -rw-r--r-- | src/share/mh/gen_key | 16 | ||||
| -rw-r--r-- | src/share/mh/import_key | 8 | ||||
| -rw-r--r-- | src/share/mh/publish_key | 2 | ||||
| -rw-r--r-- | src/share/mh/revoke_hostname | 2 | ||||
| -rwxr-xr-x | tests/basic | 101 |
20 files changed, 371 insertions, 268 deletions
diff --git a/man/man1/monkeysphere.1 b/man/man1/monkeysphere.1 index 03116b2..0e80047 100644 --- a/man/man1/monkeysphere.1 +++ b/man/man1/monkeysphere.1 @@ -168,14 +168,12 @@ addition to the authorized_keys file. .SH AUTHOR -Written by Jameson Rollins <jrollins@fifthhorseman.net>, Daniel -Kahn Gillmor <dkg@fifthhorseman.net> +Written by: +Jameson Rollins <jrollins@fifthhorseman.net>, +Daniel Kahn Gillmor <dkg@fifthhorseman.net> .SH SEE ALSO -\" DELETEME -\".BR monkeysphere-ssh-proxycommand (1), -\".BR monkeysphere-server (8), .BR monkeysphere-host (8), .BR monkeysphere-authentication (8), .BR monkeysphere (7), diff --git a/man/man7/monkeysphere.7 b/man/man7/monkeysphere.7 index 8d7c43a..d221c87 100644 --- a/man/man7/monkeysphere.7 +++ b/man/man7/monkeysphere.7 @@ -7,7 +7,7 @@ Trust .SH DESCRIPTION -\fBMonkeySphere\fP is a framework to leverage the OpenPGP Web of Trust +\fBMonkeysphere\fP is a framework to leverage the OpenPGP Web of Trust for ssh authentication. OpenPGP keys are tracked via GnuPG, and added to the authorized_keys and known_hosts files used by ssh for connection authentication. @@ -40,14 +40,17 @@ URI specification for the host, i.e. "ssh://host.full.domain[:port]". .SH AUTHOR -Written by Jameson Rollins <jrollins@fifthhorseman.net>, Daniel Kahn -Gillmor <dkg@fifthhorseman.net> +Written by: +Jameson Rollins <jrollins@fifthhorseman.net>, +Daniel Kahn Gillmor <dkg@fifthhorseman.net> .SH SEE ALSO .BR monkeysphere (1), -.BR monkeysphere-server (8), -.BR monkeysphere-ssh-proxycommand (1), +.BR monkeysphere-host (8), +.BR monkeysphere-authentication (8), +.BR openpgp2ssh (1), +.BR pem2openpgp (1), .BR gpg (1), .BR ssh (1), .BR http://tools.ietf.org/html/rfc4880, diff --git a/man/man8/monkeysphere-authentication.8 b/man/man8/monkeysphere-authentication.8 index 68a7a1b..2b0091e 100644 --- a/man/man8/monkeysphere-authentication.8 +++ b/man/man8/monkeysphere-authentication.8 @@ -20,26 +20,28 @@ authentication. \fBmonkeysphere-authentication\fP is a Monkeysphere server admin utility. .SH SUBCOMMANDS -\fBmonkeysphere-authentication\fP takes various subcommands.(Users may use the -abbreviated subcommand in parentheses): +\fBmonkeysphere-authentication\fP takes various subcommands. .TP -.B update-users (u) [ACCOUNT]... -Rebuild the monkeysphere-controlled authorized_keys files. For each specified -account, the user ID's listed in the account's authorized_user_ids file are -processed. For each user ID, gpg will be queried for keys associated with that -user ID, optionally querying a keyserver. If an acceptable key is found (see -KEY ACCEPTABILITY in monkeysphere(7)), the key is added to the account's -monkeysphere-controlled authorized_keys file. If the RAW_AUTHORIZED_KEYS -variable is set, then a separate authorized_keys file (usually -~USER/.ssh/authorized_keys) is appended to the monkeysphere-controlled -authorized_keys file. If no accounts are specified, then all accounts on the -system are processed. `u' may be used in place of `update-users'. - -\" XXX - +.B setup +Setup the server for Monkeysphere user authentication. `s' may be +used in place of `setup'. .TP -.B add-id-certifier (c+) KEYID +.B update-users [ACCOUNT]... +Rebuild the monkeysphere-controlled authorized_keys files. For each +specified account, the user ID's listed in the account's +authorized_user_ids file are processed. For each user ID, gpg will be +queried for keys associated with that user ID, optionally querying a +keyserver. If an acceptable key is found (see KEY ACCEPTABILITY in +monkeysphere(7)), the key is added to the account's +monkeysphere-controlled authorized_keys file. If the +RAW_AUTHORIZED_KEYS variable is set, then a separate authorized_keys +file (usually ~USER/.ssh/authorized_keys) is appended to the +monkeysphere-controlled authorized_keys file. If no accounts are +specified, then all accounts on the system are processed. `u' may be +used in place of `update-users'. +.TP +.B add-id-certifier KEYID Instruct system to trust user identity certifications made by KEYID. Using the `-n' or `--domain' option allows you to indicate that you only trust the given KEYID to make identifications within a specific @@ -50,11 +52,11 @@ the `-t' or `--trust' option (possible values are `marginal' and with the `-d' or `--depth' option (default is 1). `c+' may be used in place of `add-id-certifier'. .TP -.B remove-id-certifier (c-) KEYID +.B remove-id-certifier KEYID Instruct system to ignore user identity certifications made by KEYID. `c-' may be used in place of `remove-id-certifier'. .TP -.B list-id-certifiers (c) +.B list-id-certifiers List key IDs trusted by the system to certify user identities. `c' may be used in place of `list-id-certifiers'. .TP @@ -66,11 +68,13 @@ Output a brief usage summary. `h' or `?' may be used in place of show version number .SH "EXPERT" SUBCOMMANDS + Some commands are very unlikely to be needed by most administrators. -These commands must follow the word `expert'. +These commands must prefaced by the word `expert'. .TP -.B diagnostics (d) -Review the state of the server with respect to authentication. +.B diagnostics +Review the state of the server with respect to authentication. `d' +may be used in place of `diagnostics'. .TP .B gpg-cmd Execute a gpg command on the gnupg-authentication keyring as the @@ -79,7 +83,7 @@ arguments need to be quoted). Use this command with caution, as modifying the gnupg-authentication keyring can affect ssh user authentication. -.SH SETUP +.SH SETUP USER AUTHENTICATION If the server will handle user authentication through monkeysphere-generated authorized_keys files, the server must be told @@ -116,7 +120,7 @@ to grant access to user accounts for remote users. You must also tell sshd to look at the monkeysphere-generated authorized_keys file for user authentication by setting the following in the sshd_config: -AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u +AuthorizedKeysFile /var/lib/monkeysphere/authentication/authorized_keys/%u It is recommended to add "monkeysphere-authentication update-users" to a system crontab, so that user keys are kept up-to-date, and key @@ -125,7 +129,7 @@ revocations and expirations can be processed in a timely manner. .SH ENVIRONMENT The following environment variables will override those specified in -(defaults in parentheses): +the config file (defaults in parentheses): .TP MONKEYSPHERE_MONKEYSPHERE_USER User to control authentication keychain (monkeysphere). @@ -135,7 +139,7 @@ Set the log level (INFO). Can be SILENT, ERROR, INFO, VERBOSE, DEBUG, in increasing order of verbosity. .TP MONKEYSPHERE_KEYSERVER -OpenPGP keyserver to use (subkeys.pgp.net). +OpenPGP keyserver to use (pool.sks-keyservers.net). .TP MONKEYSPHERE_AUTHORIZED_USER_IDS Path to user authorized_user_ids file @@ -156,8 +160,10 @@ Monkeysphere-generated user authorized_keys files. .SH AUTHOR -Written by Jameson Rollins <jrollins@fifthhorseman.net>, Daniel Kahn -Gillmor <dkg@fifthhorseman.net> +Written by: +Jameson Rollins <jrollins@fifthhorseman.net>, +Daniel Kahn Gillmor <dkg@fifthhorseman.net>, +Matthew Goins <mjgoins@openflows.com> .SH SEE ALSO diff --git a/man/man8/monkeysphere-host.8 b/man/man8/monkeysphere-host.8 index fd676a4..78b6b4a 100644 --- a/man/man8/monkeysphere-host.8 +++ b/man/man8/monkeysphere-host.8 @@ -23,6 +23,10 @@ connection authentication. \fBmonkeysphere-host\fP takes various subcommands: .TP +.B show-key +Output information about host's OpenPGP and SSH keys. `s' may be used +in place of `show-key'. +.TP .B extend-key EXPIRE Extend the validity of the OpenPGP key for the host until EXPIRE from the present. If EXPIRE is not specified, then the user will be @@ -36,7 +40,6 @@ does: <n>y = key expires in n years .fi `e' may be used in place of `extend-key'. - .TP .B add-hostname HOSTNAME Add a hostname user ID to the server host key. `n+' may be used in @@ -47,11 +50,12 @@ Revoke a hostname user ID from the server host key. `n-' may be used in place of `revoke-hostname'. .TP .B add-revoker FINGERPRINT - +Add a revoker to the host's OpenPGP key. `o' may be be used in place +of `add-revoker'. .TP -.B show-key -Output gpg information about host's OpenPGP key. `s' may be used in -place of `show-key'. +.B revoke-key +Revoke the host's OpenPGP key. `r' may be used in place of +`revoke-key'. .TP .B publish-key Publish the host's OpenPGP key to the keyserver. `p' may be used in @@ -63,9 +67,11 @@ Output a brief usage summary. `h' or `?' may be used in place of .TP .B version show version number + .SH "EXPERT" SUBCOMMANDS + Some commands are very unlikely to be needed by most administrators. -These commands must follow the word `expert'. +These commands must prefaced by the word `expert'. .TP .B gen-key [HOSTNAME] Generate a OpenPGP key for the host. If HOSTNAME is not specified, @@ -73,18 +79,8 @@ then the system fully-qualified domain name will be user. An alternate key bit length can be specified with the `-l' or `--length' option (default 2048). An expiration length can be specified with the `-e' or `--expire' option (prompt otherwise). The expiration format -is the same as that of \fBextend-key\fP, below. A key revoker -fingerprint can be specified with the `-r' or `--revoker' option. `g' -may be used in place of `gen-key'. - -.TP -.B diagnostics -Review the state of the server with respect to the MonkeySphere in -general and report on suggested changes. Among other checks, this -includes making sure there is a valid host key, that the key is -published, that the sshd configuration points to the right place, and -that there are at least some valid identity certifiers. `d' may be -used in place of `diagnostics'. +is the same as that of \fBextend-key\fP, below. `g' may be used in +place of `gen-key'. .TP .B import-key FIXME: @@ -92,53 +88,63 @@ FIXME: --hostname (-h) NAME[:PORT] hostname for key user ID --keyfile (-f) FILE key file to import --expire (-e) EXPIRE date to expire +.TP +.B diagnostics +Review the state of the monkeysphere server host key and report on +suggested changes. Among other checks, this includes making sure +there is a valid host key, that the key is published, that the sshd +configuration points to the right place, etc. `d' may be used in +place of `diagnostics'. -.SH SETUP +.SH SETUP HOST AUTHENTICATION -In order to start using the monkeysphere, you must first generate an -OpenPGP key for the server and convert that key to an ssh key that can -be used by ssh for host authentication. This can be done with the -\fBgen-key\fP subcommand: +To enable host verification via the monkeysphere, the host's key must +be published to the Web of Trust. This is not done by default. To +publish the host key to the keyservers, run the following command: -$ monkeysphere-server gen-key +$ monkeysphere-host publish-key -To enable host verification via the monkeysphere, you must then -publish the host's key to the Web of Trust using the \fBpublish-key\fP -command to push the key to a keyserver. You must also modify the -sshd_config on the server to tell sshd where the new server host key -is located: +You must also modify the sshd_config on the server to tell sshd where +the new server host key is located: -HostKey /var/lib/monkeysphere/ssh_host_rsa_key +HostKey /var/lib/monkeysphere/host/ssh_host_rsa_key In order for users logging into the system to be able to identify the host via the monkeysphere, at least one person (e.g. a server admin) will need to sign the host's key. This is done using standard OpenPGP -keysigning techniques, usually: pul the key from the keyserver, verify -and sign the key, and then re-publish the signature. Once an admin's -signature is published, users logging into the host can use it to -validate the host's key. +keysigning techniques, usually: pull the key from the keyserver, +verify and sign the key, and then re-publish the signature. Once an +admin's signature is published, users logging into the host can use it +to validate the host's key. + +.SH ENVIRONMENT +The following environment variables will override those specified in +the config file (defaults in parentheses): .TP MONKEYSPHERE_LOG_LEVEL Set the log level (INFO). Can be SILENT, ERROR, INFO, VERBOSE, DEBUG, in increasing order of verbosity. .TP MONKEYSPHERE_KEYSERVER -OpenPGP keyserver to use (subkeys.pgp.net). +OpenPGP keyserver to use (pool.sks-keyservers.net). .SH FILES + .TP /etc/monkeysphere/monkeysphere-host.conf System monkeysphere-host config file. .TP -/var/lib/monkeysphere/ssh_host_rsa_key +/var/lib/monkeysphere/host/ssh_host_rsa_key Copy of the host's private key in ssh format, suitable for use by sshd. .SH AUTHOR -Written by Jameson Rollins <jrollins@fifthhorseman.net>, Daniel Kahn -Gillmor <dkg@fifthhorseman.net> +Written by: +Jameson Rollins <jrollins@fifthhorseman.net>, +Daniel Kahn Gillmor <dkg@fifthhorseman.net>, +Matthew Goins <mjgoins@openflows.com> .SH SEE ALSO diff --git a/src/monkeysphere b/src/monkeysphere index 8b7bfee..da5f406 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -51,7 +51,7 @@ subcommands: gen-subkey (g) [KEYID] generate an authentication subkey --length (-l) BITS key length in bits (2048) --expire (-e) EXPIRE date to expire - ssh-proxycommand ssh proxycommand + ssh-proxycommand monkeysphere ssh ProxyCommand subkey-to-ssh-agent (s) store authentication subkey in ssh-agent version (v) show version number help (h,?) this help diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication index a8f17f9..7c43aa8 100755 --- a/src/monkeysphere-authentication +++ b/src/monkeysphere-authentication @@ -12,20 +12,25 @@ # version 3 or later. ######################################################################## +set -e + PGRM=$(basename $0) SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"} export SYSSHAREDIR . "${SYSSHAREDIR}/common" || exit 1 +SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"} +export SYSDATADIR + # sharedir for authentication functions MASHAREDIR="${SYSSHAREDIR}/ma" -SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"} -export SYSDATADIR +# datadir for authentication functions +MADATADIR="${SYSDATADIR}/authentication" # temp directory to enable atomic moves of authorized_keys files -MATMPDIR="${SYSDATADIR}/tmp" +MATMPDIR="${MADATADIR}/tmp" export MSTMPDIR # UTC date in ISO 8601 format if needed @@ -47,6 +52,7 @@ usage: $PGRM <subcommand> [options] [args] Monkeysphere authentication admin tool. subcommands: + setup (s) setup monkeysphere user authentication update-users (u) [USER]... update user authorized_keys files add-id-certifier (c+) KEYID import and tsign a certification key --domain (-n) DOMAIN limit ID certifications to DOMAIN @@ -134,8 +140,8 @@ MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=${MONKEYSPHERE_USER:="monkey # other variables CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:="true"} REQUIRED_USER_KEY_CAPABILITY=${MONKEYSPHERE_REQUIRED_USER_KEY_CAPABILITY:="a"} -GNUPGHOME_CORE=${MONKEYSPHERE_GNUPGHOME_CORE:="${SYSDATADIR}/authentication/core"} -GNUPGHOME_SPHERE=${MONKEYSPHERE_GNUPGHOME_SPHERE:="${SYSDATADIR}/authentication/sphere"} +GNUPGHOME_CORE=${MONKEYSPHERE_GNUPGHOME_CORE:="${MADATADIR}/core"} +GNUPGHOME_SPHERE=${MONKEYSPHERE_GNUPGHOME_SPHERE:="${MADATADIR}/sphere"} # export variables needed in su invocation export DATE @@ -155,6 +161,11 @@ COMMAND="$1" shift case $COMMAND in + 'setup'|'setup'|'s') + source "${MASHAREDIR}/setup" + setup "$@" + ;; + 'update-users'|'update-user'|'u') source "${MASHAREDIR}/update_users" update_users "$@" diff --git a/src/monkeysphere-host b/src/monkeysphere-host index 0b37ba9..f172209 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -18,11 +18,14 @@ SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"} export SYSSHAREDIR . "${SYSSHAREDIR}/common" || exit 1 +SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"} +export SYSDATADIR + # sharedir for host functions MHSHAREDIR="${SYSSHAREDIR}/mh" -SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"} -export SYSDATADIR +# datadir for host functions +MHDATADIR="${SYSDATADIR}/host" # UTC date in ISO 8601 format if needed DATE=$(date -u '+%FT%T') @@ -49,7 +52,7 @@ subcommands: revoke-hostname (n-) NAME[:PORT] revoke hostname user ID add-revoker (o) FINGERPRINT add a revoker to the host key revoke-key (r) revoke host key - publish-key (p) publish server host key to keyserver + publish-key (p) publish host key to keyserver expert <expert-subcommand> run expert command expert help expert command help @@ -88,7 +91,7 @@ gpg_host() { } # output just key fingerprint -fingerprint_server_key() { +fingerprint_host_key() { # set the pipefail option so functions fails if can't read sec key set -o pipefail @@ -99,8 +102,8 @@ fingerprint_server_key() { # function to check for host secret key check_host_keyring() { - fingerprint_server_key >/dev/null \ - || failure "You don't appear to have a Monkeysphere host key on this server. Please run 'monkeysphere-server gen-key' first." + fingerprint_host_key >/dev/null \ + || failure "You don't appear to have a Monkeysphere host key on this server. Please run 'monkeysphere-host import-key' first." } # show info about the host key @@ -110,12 +113,12 @@ show_key() { # FIXME: you shouldn't have to be root to see the host key fingerprint check_host_keyring - fingerprintPGP=$(fingerprint_server_key) + fingerprintPGP=$(fingerprint_host_key) gpg_host "--fingerprint --list-key --list-options show-unusable-uids $fingerprintPGP" 2>/dev/null echo "OpenPGP fingerprint: $fingerprintPGP" - if [ -f "${SYSDATADIR}/ssh_host_rsa_key.pub" ] ; then - fingerprintSSH=$(ssh-keygen -l -f "${SYSDATADIR}/ssh_host_rsa_key.pub" | \ + if [ -f "${MHDATADIR}/ssh_host_rsa_key.pub" ] ; then + fingerprintSSH=$(ssh-keygen -l -f "${MHDATADIR}/ssh_host_rsa_key.pub" | \ awk '{ print $1, $2, $4 }') echo "ssh fingerprint: $fingerprintSSH" else @@ -144,7 +147,7 @@ MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=${MONKEYSPHERE_USER:="monkey # other variables CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:="true"} -GNUPGHOME_HOST=${MONKEYSPHERE_GNUPGHOME_HOST:="${SYSDATADIR}/host"} +GNUPGHOME_HOST=${MONKEYSPHERE_GNUPGHOME_HOST:="${MHDATADIR}"} # export variables needed in su invocation export DATE diff --git a/src/share/common b/src/share/common index 9adae05..00a1008 100644 --- a/src/share/common +++ b/src/share/common @@ -34,7 +34,8 @@ failure() { # write output to stderr based on specified LOG_LEVEL the first # parameter is the priority of the output, and everything else is what -# is echoed to stderr +# is echoed to stderr. If there is nothing else, then output comes +# from stdin, and is not prefaced by log prefix. log() { local priority local level @@ -79,8 +80,12 @@ log() { output=true fi if [ "$priority" = "$level" -a "$output" = 'true' ] ; then - echo -n "ms: " >&2 - echo "$@" >&2 + if [ "$1" ] ; then + echo -n "ms: " >&2 + echo "$@" >&2 + else + cat >&2 + fi fi done } diff --git a/src/share/m/ssh_proxycommand b/src/share/m/ssh_proxycommand index 7239c7a..cd0a1fb 100644 --- a/src/share/m/ssh_proxycommand +++ b/src/share/m/ssh_proxycommand @@ -1,7 +1,7 @@ # -*-shell-script-*- # This should be sourced by bash (though we welcome changes to make it POSIX sh compliant) -# monkeysphere-ssh-proxycommand: MonkeySphere ssh ProxyCommand hook +# Monkeysphere ssh-proxycommand subcommand # # The monkeysphere scripts are written by: # Jameson Rollins <jrollins@finestructure.net> @@ -13,7 +13,7 @@ # This is meant to be run as an ssh ProxyCommand to initiate a # monkeysphere known_hosts update before an ssh connection to host is # established. Can be added to ~/.ssh/config as follows: -# ProxyCommand monkeysphere-ssh-proxycommand %h %p +# ProxyCommand monkeysphere ssh-proxycommand %h %p ssh_proxycommand() { @@ -34,8 +34,10 @@ output_no_valid_key() { userID="ssh://${HOSTP}" - log "-------------------- Monkeysphere warning -------------------" - log "Monkeysphere found OpenPGP keys for this hostname, but none had full validity." + cat <<EOF | log info +-------------------- Monkeysphere warning ------------------- +Monkeysphere found OpenPGP keys for this hostname, but none had full validity. +EOF # retrieve the actual ssh key sshKeyOffered=$(ssh-keyscan -t rsa -p "$PORT" "$HOST" 2>/dev/null | awk '{ print $2, $3 }') @@ -59,8 +61,10 @@ output_no_valid_key() { # if one of keys found matches the one offered by the # host, then output info if [ "$sshKeyGPG" = "$sshKeyOffered" ] ; then - log "An OpenPGP key matching the ssh key offered by the host was found:" - log + cat <<EOF | log info +An OpenPGP key matching the ssh key offered by the host was found: + +EOF # do some crazy "Here Strings" redirection to get the key to # ssh-keygen, since it doesn't read from stdin cleanly @@ -82,18 +86,23 @@ if (match($0,"^uid")) { ok=0; } if (match($0,"^uid.*'$userID'$")) { ok=1; print; } if (ok) { if (match($0,"^sig")) { print; } } } -' >&2 - log +' | log info + echo | log info # output the other user IDs for reference if (echo "$gpgSigOut" | grep "^uid" | grep -v -q "$userID") ; then - log "Other user IDs on this key:" - echo "$gpgSigOut" | grep "^uid" | grep -v "$userID" >&2 - log + cat <<EOF | log info +Other user IDs on this key: + +EOF + echo "$gpgSigOut" | grep "^uid" | grep -v "$userID" | log info + echo | log info fi # output ssh fingerprint - log "RSA key fingerprint is ${sshFingerprint}." + cat <<EOF | log info +RSA key fingerprint is ${sshFingerprint}. +EOF # this whole process is in a "while read" # subshell. the only way to get information out @@ -110,16 +119,21 @@ if (ok) { if (match($0,"^sig")) { print; } } # if no key match was made (and the "while read" subshell returned # 1) output how many keys were found if (($? != 1)) ; then - log "None of the found keys matched the key offered by the host." - log "Run the following command for more info about the found keys:" - log "gpg --check-sigs --list-options show-uid-validity =${userID}" + cat <<EOF | log info +None of the found keys matched the key offered by the host. +Run the following command for more info about the found keys: +gpg --check-sigs --list-options show-uid-validity =${userID} +EOF + # FIXME: should we do anything extra here if the retrieved # host key is actually in the known_hosts file and the ssh # connection will succeed? Should the user be warned? # prompted? fi - log "-------------------- ssh continues below --------------------" + cat <<EOF | log info +-------------------- ssh continues below -------------------- +EOF } ######################################################################## @@ -136,7 +150,7 @@ HOST="$1" PORT="$2" if [ -z "$HOST" ] ; then - log "Host not specified." + log error "Host not specified." usage exit 255 fi diff --git a/src/share/ma/diagnostics b/src/share/ma/diagnostics index 73e93a0..45a8ce2 100644 --- a/src/share/ma/diagnostics +++ b/src/share/ma/diagnostics @@ -28,15 +28,6 @@ local badhostkeys local sshd_config local problemsfound=0 -# FIXME: what's the correct, cross-platform answer? -sshd_config=/etc/ssh/sshd_config -seckey=$(gpg_host --list-secret-keys --fingerprint --with-colons --fixed-list-mode) -keysfound=$(echo "$seckey" | grep -c ^sec:) -curdate=$(date +%s) -# warn when anything is 2 months away from expiration -warnwindow='2 months' -warndate=$(advance_date $warnwindow +%s) - if ! id monkeysphere >/dev/null ; then echo "! No monkeysphere user found! Please create a monkeysphere system user with bash as its shell." problemsfound=$(($problemsfound+1)) @@ -47,13 +38,28 @@ if ! [ -d "$SYSDATADIR" ] ; then problemsfound=$(($problemsfound+1)) fi -echo "Checking host GPG key..." +echo "Checking for authentication directory..." +if ! [ -d "$MADATADIR" ] ; then + echo "! No authentication data directory found." + echo " - Recommendation: run 'monkeysphere-authentication setup'" + exit +fi + +# FIXME: what's the correct, cross-platform answer? +seckey=$(gpg_core --list-secret-keys --fingerprint --with-colons --fixed-list-mode) +keysfound=$(echo "$seckey" | grep -c ^sec:) +curdate=$(date +%s) +# warn when anything is 2 months away from expiration +warnwindow='2 months' +warndate=$(advance_date $warnwindow +%s) + +echo "Checking core GPG key..." if (( "$keysfound" < 1 )); then - echo "! No host key found." - echo " - Recommendation: run 'monkeysphere-server gen-key'" + echo "! No core key found." + echo " - Recommendation: run 'monkeysphere-authentication setup'" problemsfound=$(($problemsfound+1)) elif (( "$keysfound" > 1 )); then - echo "! More than one host key found?" + echo "! More than one core key found?" # FIXME: recommend a way to resolve this problemsfound=$(($problemsfound+1)) else @@ -63,86 +69,23 @@ else # check for key expiration: if [ "$expire" ]; then if (( "$expire" < "$curdate" )); then - echo "! Host key is expired." - echo " - Recommendation: extend lifetime of key with 'monkeysphere-server extend-key'" + echo "! Core key is expired." + echo " - Recommendation: ???" problemsfound=$(($problemsfound+1)) elif (( "$expire" < "$warndate" )); then - echo "! Host key expires in less than $warnwindow:" $(advance_date $(( $expire - $curdate )) seconds +%F) - echo " - Recommendation: extend lifetime of key with 'monkeysphere-server extend-key'" + echo "! Core key expires in less than $warnwindow:" $(advance_date $(( $expire - $curdate )) seconds +%F) + echo " - Recommendation: ???" problemsfound=$(($problemsfound+1)) fi fi # and weirdnesses: if [ "$create" ] && (( "$create" > "$curdate" )); then - echo "! Host key was created in the future(?!). Is your clock correct?" + echo "! Core key was created in the future(?!). Is your clock correct?" echo " - Recommendation: Check clock ($(date +%F_%T)); use NTP?" problemsfound=$(($problemsfound+1)) fi - - # check for UserID expiration: - echo "$seckey" | grep ^uid: | cut -d: -f6,7,10 | \ - while IFS=: read create expire uid ; do - # FIXME: should we be doing any checking on the form - # of the User ID? Should we be unmangling it somehow? - - if [ "$create" ] && (( "$create" > "$curdate" )); then - echo "! User ID '$uid' was created in the future(?!). Is your clock correct?" - echo " - Recommendation: Check clock ($(date +%F_%T)); use NTP?" - problemsfound=$(($problemsfound+1)) - fi - if [ "$expire" ] ; then - if (( "$expire" < "$curdate" )); then - echo "! User ID '$uid' is expired." - # FIXME: recommend a way to resolve this - problemsfound=$(($problemsfound+1)) - elif (( "$expire" < "$warndate" )); then - echo "! User ID '$uid' expires in less than $warnwindow:" $(advance_date $(( $expire - $curdate )) seconds +%F) - # FIXME: recommend a way to resolve this - problemsfound=$(($problemsfound+1)) - fi - fi - done -# FIXME: verify that the host key is properly published to the -# keyservers (do this with the non-privileged user) - -# FIXME: check that there are valid, non-expired certifying signatures -# attached to the host key after fetching from the public keyserver -# (do this with the non-privileged user as well) - -# FIXME: propose adding a revoker to the host key if none exist (do we -# have a way to do that after key generation?) - - # Ensure that the ssh_host_rsa_key file is present and non-empty: - echo - echo "Checking host SSH key..." - if [ ! -s "${SYSDATADIR}/ssh_host_rsa_key" ] ; then - echo "! The host key as prepared for SSH (${SYSDATADIR}/ssh_host_rsa_key) is missing or empty." - problemsfound=$(($problemsfound+1)) - else - if [ $(ls -l "${SYSDATADIR}/ssh_host_rsa_key" | cut -f1 -d\ ) != '-rw-------' ] ; then - echo "! Permissions seem wrong for ${SYSDATADIR}/ssh_host_rsa_key -- should be 0600." - problemsfound=$(($problemsfound+1)) - fi - - # propose changes needed for sshd_config (if any) - if ! grep -q "^HostKey[[:space:]]\+${SYSDATADIR}/ssh_host_rsa_key$" "$sshd_config"; then - echo "! $sshd_config does not point to the monkeysphere host key (${SYSDATADIR}/ssh_host_rsa_key)." - echo " - Recommendation: add a line to $sshd_config: 'HostKey ${SYSDATADIR}/ssh_host_rsa_key'" - problemsfound=$(($problemsfound+1)) - fi - if badhostkeys=$(grep -i '^HostKey' "$sshd_config" | grep -v "^HostKey[[:space:]]\+${SYSDATADIR}/ssh_host_rsa_key$") ; then - echo "! $sshd_config refers to some non-monkeysphere host keys:" - echo "$badhostkeys" - echo " - Recommendation: remove the above HostKey lines from $sshd_config" - problemsfound=$(($problemsfound+1)) - fi - - # FIXME: test (with ssh-keyscan?) that the running ssh - # daemon is actually offering the monkeysphere host key. - - fi fi # FIXME: look at the ownership/privileges of the various keyrings, @@ -150,7 +93,7 @@ fi # we make them as minimal as possible?) # FIXME: look to see that the ownertrust rules are set properly on the -# authentication keyring +# sphere keyring # FIXME: make sure that at least one identity certifier exists @@ -161,7 +104,7 @@ fi # authorized_keys? echo -echo "Checking for MonkeySphere-enabled public-key authentication for users ..." +echo "Checking for Monkeysphere-enabled public-key authentication for users ..." # Ensure that User ID authentication is enabled: if ! grep -q "^AuthorizedKeysFile[[:space:]]\+${SYSDATADIR}/authorized_keys/%u$" "$sshd_config"; then echo "! $sshd_config does not point to monkeysphere authorized keys." @@ -177,7 +120,7 @@ fi if [ "$problemsfound" -gt 0 ]; then echo "When the above $problemsfound issue"$(if [ "$problemsfound" -eq 1 ] ; then echo " is" ; else echo "s are" ; fi)" resolved, please re-run:" - echo " monkeysphere-server diagnostics" + echo " monkeysphere-authentication expert diagnostics" else echo "Everything seems to be in order!" fi diff --git a/src/share/ma/setup b/src/share/ma/setup new file mode 100644 index 0000000..672a960 --- /dev/null +++ b/src/share/ma/setup @@ -0,0 +1,88 @@ +# -*-shell-script-*- +# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant) + +# Monkeysphere authentication setup subcommand +# +# The monkeysphere scripts are written by: +# Jameson Rollins <jrollins@finestructure.net> +# Jamie McClelland <jm@mayfirst.org> +# Daniel Kahn Gillmor <dkg@fifthhorseman.net> +# +# They are Copyright 2009, and are all released under the GPL, +# version 3 or later. + +setup() { + # make all needed directories + mkdir -p "${MADATADIR}" + mkdir -p "${MATMPDIR}" + mkdir -p "${GNUPGHOME_SPHERE}" + mkdir -p "${GNUPGHOME_CORE}" + + # deliberately replace the config files via truncation + # FIXME: should we be dumping to tmp files and then moving atomically? + cat >"${GNUPGHOME_CORE}"/gpg.conf <<EOF +# Monkeysphere trust core GnuPG configuration +# This file is maintained by the Monkeysphere software. +# Edits will be overwritten. +no-greeting +list-options show-uid-validity +EOF + + cat >"${GNUPGHOME_SPHERE}"/gpg.conf <<EOF +# Monkeysphere trust sphere GnuPG configuration +# This file is maintained by the Monkeysphere software. +# Edits will be overwritten. +no-greeting +primary-keyring ${GNUPGHOME_SPHERE}/pubring.gpg +keyring ${GNUPGHOME_CORE}/pubring.gpg + +list-options show-uid-validity +EOF + + # fingerprint of core key. this should be empty on unconfigured systems. + local CORE_FPR=$(gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key | grep ^fpr: | cut -f10 -d: ) + + if [ -z "$CORE_FPR" ] ; then + log info "Setting up Monkeysphere authentication trust core" + + local CORE_UID=$(printf "Monkeysphere authentication trust core UID (random string: %s)" $(head -c21 </dev/urandom | base64)) + + local TMPLOC=$(mktemp -d "${MATMPDIR}"/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!" + + # generate the key with ssh-keygen... + ssh-keygen -q -b 1024 -t rsa -N '' -f "${TMPLOC}/authkey" || failure "Could not generate new key for Monkeysphere authentication trust core" + # and then translate to openpgp encoding and import + # FIXME: pem2openpgp currently sets the A flag and a short + # expiration date. We should set the C flag and no expiration + # date. + < "${TMPLOC}/authkey" pem2openpgp "$CORE_UID" | gpg --import || failure "Could not import new key for Monkeysphere authentication trust core" + + gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key + CORE_FPR=$(gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key | grep ^fpr: | cut -f10 -d: ) + if [ -z "$CORE_FPR" ] ; then + failure "Failed to create Monkeysphere authentication trust core!" + fi + + else + log verbose "This system has already set up the Monkeysphere authentication trust core" + fi + + + # ensure that the authentication sphere checker has absolute ownertrust on the expected key. + printf "%s:6:\n" "$CORE_FPR" | gpg_sphere --import-ownertrust + local ORIG_TRUST + if ORIG_TRUST=$(gpg_sphere --export-ownertrust | grep '^[^#]') ; then + if [ "${CORE_FPR}:6:" != "$ORIG_TRUST" ] ; then + failure "Monkeysphere authentication trust sphere should explicitly trust the core. It does not have proper ownertrust settings." + fi + else + failure "Could not get monkeysphere-authentication trust guidelines." + fi + + # ensure that we're using the extended trust model (1), and that + # our preferences are reasonable (i.e. 3 marginal OR 1 fully + # trusted certifications are sufficient to grant full validity. + if [ "1:3:1" != $(gpg_sphere --with-colons --fixed-list-mode --list-keys | head -n1 | grep ^tru: cut -f3,6,7 -d:) ] ; then + failure "monkeysphere-preference does not have the expected trust model settings" + fi +} diff --git a/src/share/ma/update_users b/src/share/ma/update_users index 73685f6..e9e3cc6 100644 --- a/src/share/ma/update_users +++ b/src/share/ma/update_users @@ -35,7 +35,7 @@ MODE="authorized_keys" GNUPGHOME="$GNUPGHOME_SPHERE" # the authorized_keys directory -authorizedKeysDir="${SYSDATADIR}/authentication/authorized_keys" +authorizedKeysDir="${MADATADIR}/authorized_keys" # check to see if the gpg trust database has been initialized if [ ! -s "${GNUPGHOME}/trustdb.gpg" ] ; then diff --git a/src/share/mh/add_hostname b/src/share/mh/add_hostname index 10d5f58..267f109 100644 --- a/src/share/mh/add_hostname +++ b/src/share/mh/add_hostname @@ -27,7 +27,7 @@ fi userID="ssh://${1}" -fingerprint=$(fingerprint_server_key) +fingerprint=$(fingerprint_host_key) # match to only ultimately trusted user IDs tmpuidMatch="u:$(echo $userID | gpg_escape)" diff --git a/src/share/mh/diagnostics b/src/share/mh/diagnostics index 7e76da6..96065e6 100644 --- a/src/share/mh/diagnostics +++ b/src/share/mh/diagnostics @@ -50,7 +50,7 @@ fi echo "Checking host GPG key..." if (( "$keysfound" < 1 )); then echo "! No host key found." - echo " - Recommendation: run 'monkeysphere-server gen-key'" + echo " - Recommendation: run 'monkeysphere-host gen-key' or 'monkeysphere-host import-key'" problemsfound=$(($problemsfound+1)) elif (( "$keysfound" > 1 )); then echo "! More than one host key found?" @@ -64,11 +64,11 @@ else if [ "$expire" ]; then if (( "$expire" < "$curdate" )); then echo "! Host key is expired." - echo " - Recommendation: extend lifetime of key with 'monkeysphere-server extend-key'" + echo " - Recommendation: extend lifetime of key with 'monkeysphere-host extend-key'" problemsfound=$(($problemsfound+1)) elif (( "$expire" < "$warndate" )); then echo "! Host key expires in less than $warnwindow:" $(advance_date $(( $expire - $curdate )) seconds +%F) - echo " - Recommendation: extend lifetime of key with 'monkeysphere-server extend-key'" + echo " - Recommendation: extend lifetime of key with 'monkeysphere-host extend-key'" problemsfound=$(($problemsfound+1)) fi fi @@ -97,7 +97,7 @@ else # FIXME: recommend a way to resolve this problemsfound=$(($problemsfound+1)) elif (( "$expire" < "$warndate" )); then - echo "! User ID '$uid' expires in less than $warnwindow:" $(advance_date $(( $expire - $curdate )) seconds +%F) + echo "! User ID '$uid' expires in less than $warnwindow:" $(advance_date $(( $expire - $curdate )) seconds +%F) # FIXME: recommend a way to resolve this problemsfound=$(($problemsfound+1)) fi @@ -149,35 +149,10 @@ fi # directories housing them, etc (what should those values be? can # we make them as minimal as possible?) -# FIXME: look to see that the ownertrust rules are set properly on the -# authentication keyring - -# FIXME: make sure that at least one identity certifier exists - -# FIXME: look at the timestamps on the monkeysphere-generated -# authorized_keys files -- warn if they seem out-of-date. - -# FIXME: check for a cronjob that updates monkeysphere-generated -# authorized_keys? - -echo -echo "Checking for MonkeySphere-enabled public-key authentication for users ..." -# Ensure that User ID authentication is enabled: -if ! grep -q "^AuthorizedKeysFile[[:space:]]\+${SYSDATADIR}/authorized_keys/%u$" "$sshd_config"; then - echo "! $sshd_config does not point to monkeysphere authorized keys." - echo " - Recommendation: add a line to $sshd_config: 'AuthorizedKeysFile ${SYSDATADIR}/authorized_keys/%u'" - problemsfound=$(($problemsfound+1)) -fi -if badauthorizedkeys=$(grep -i '^AuthorizedKeysFile' "$sshd_config" | grep -v "^AuthorizedKeysFile[[:space:]]\+${SYSDATADIR}/authorized_keys/%u$") ; then - echo "! $sshd_config refers to non-monkeysphere authorized_keys files:" - echo "$badauthorizedkeys" - echo " - Recommendation: remove the above AuthorizedKeysFile lines from $sshd_config" - problemsfound=$(($problemsfound+1)) -fi if [ "$problemsfound" -gt 0 ]; then echo "When the above $problemsfound issue"$(if [ "$problemsfound" -eq 1 ] ; then echo " is" ; else echo "s are" ; fi)" resolved, please re-run:" - echo " monkeysphere-server diagnostics" + echo " monkeysphere-host expert diagnostics" else echo "Everything seems to be in order!" fi diff --git a/src/share/mh/extend_key b/src/share/mh/extend_key index ccbaf0e..d03b89a 100644 --- a/src/share/mh/extend_key +++ b/src/share/mh/extend_key @@ -15,7 +15,7 @@ extend_key() { -local fpr=$(fingerprint_server_key) +local fpr=$(fingerprint_host_key) local extendTo="$1" # get the new expiration date diff --git a/src/share/mh/gen_key b/src/share/mh/gen_key index 162a64e..a73d85e 100644 --- a/src/share/mh/gen_key +++ b/src/share/mh/gen_key @@ -24,7 +24,7 @@ local fingerprint # check for presense of secret key # FIXME: is this the proper test to be doing here? -fingerprint_server_key >/dev/null \ +fingerprint_host_key >/dev/null \ && failure "An OpenPGP host key already exists." # get options @@ -83,19 +83,19 @@ log verbose "generating host key..." echo "$keyParameters" | gpg_host --batch --gen-key # find the key fingerprint of the newly generated key -fingerprint=$(fingerprint_server_key) +fingerprint=$(fingerprint_host_key) # translate the private key to ssh format, and export to a file # for sshs usage. # NOTE: assumes that the primary key is the proper key to use (umask 077 && \ gpg_host --export-secret-key "$fingerprint" | \ - openpgp2ssh "$fingerprint" > "${SYSDATADIR}/ssh_host_rsa_key") -log info "SSH host private key output to file: ${SYSDATADIR}/ssh_host_rsa_key" -ssh-keygen -y -f "${SYSDATADIR}/ssh_host_rsa_key" > "${SYSDATADIR}/ssh_host_rsa_key.pub" -log info "SSH host public key output to file: ${SYSDATADIR}/ssh_host_rsa_key.pub" -gpg_host "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" -log info "SSH host public key in OpenPGP form: ${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" + openpgp2ssh "$fingerprint" > "${MHDATADIR}/ssh_host_rsa_key") +log info "SSH host private key output to file: ${MHDATADIR}/ssh_host_rsa_key" +ssh-keygen -y -f "${MHDATADIR}/ssh_host_rsa_key" > "${MHDATADIR}/ssh_host_rsa_key.pub" +log info "SSH host public key output to file: ${MHDATADIR}/ssh_host_rsa_key.pub" +gpg_host "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${MHDATADIR}/ssh_host_rsa_key.pub.gpg" +log info "SSH host public key in OpenPGP form: ${MHDATADIR}/ssh_host_rsa_key.pub.gpg" # show info about new key show_key diff --git a/src/share/mh/import_key b/src/share/mh/import_key index c0d5956..e7b713f 100644 --- a/src/share/mh/import_key +++ b/src/share/mh/import_key @@ -20,7 +20,7 @@ local userID # check for presense of secret key # FIXME: is this the proper test to be doing here? -fingerprint_server_key >/dev/null \ +fingerprint_host_key >/dev/null \ && failure "An OpenPGP host key already exists." # get options @@ -72,15 +72,15 @@ log verbose "importing ssh key..." pem2openpgp "$userID" "$keyExpire" < "$sshKey" | gpg_host --import) # find the key fingerprint of the newly converted key -fingerprint=$(fingerprint_server_key) +fingerprint=$(fingerprint_host_key) # export host ownertrust to authentication keyring log verbose "setting ultimate owner trust for host key..." echo "${fingerprint}:6:" | gpg_host "--import-ownertrust" # export public key to file -gpg_host "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" -log info "SSH host public key in OpenPGP form: ${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" +gpg_host "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${MHDATADIR}/ssh_host_rsa_key.pub.gpg" +log info "SSH host public key in OpenPGP form: ${MHDATADIR}/ssh_host_rsa_key.pub.gpg" # show info about new key show_key diff --git a/src/share/mh/publish_key b/src/share/mh/publish_key index b7ab01d..988b450 100644 --- a/src/share/mh/publish_key +++ b/src/share/mh/publish_key @@ -21,7 +21,7 @@ if [ ${OK/y/Y} != 'Y' ] ; then fi # find the key fingerprint -fingerprint=$(fingerprint_server_key) +fingerprint=$(fingerprint_host_key) # publish host key # FIXME: need to define how to do this diff --git a/src/share/mh/revoke_hostname b/src/share/mh/revoke_hostname index b519cf6..06b5810 100644 --- a/src/share/mh/revoke_hostname +++ b/src/share/mh/revoke_hostname @@ -38,7 +38,7 @@ fi userID="ssh://${1}" -fingerprint=$(fingerprint_server_key) +fingerprint=$(fingerprint_host_key) # match to only ultimately trusted user IDs tmpuidMatch="u:$(echo $userID | gpg_escape)" diff --git a/tests/basic b/tests/basic index 5006f8f..99a881b 100755 --- a/tests/basic +++ b/tests/basic @@ -19,10 +19,13 @@ set -o pipefail ## make sure that the right tools are installed to run the test. the ## test has *more* requirements than plain ol' monkeysphere: -which socat || { echo "You must have socat installed to run this test." ; exit 1; } +which socat >/dev/null || { echo "You must have socat installed to run this test." ; exit 1; } ## FIXME: other checks? +###################################################################### +### FUNCTIONS + # gpg command for test admin user gpgadmin() { GNUPGHOME="$TEMPDIR"/admin/.gnupg gpg "$@" @@ -103,11 +106,13 @@ SSHD_PID= trap failed_cleanup EXIT +###################################################################### ### SETUP VARIABLES + ## set up some variables to ensure that we're operating strictly in ## the tests, not system-wide: -export TESTDIR=$(pwd) +export TESTDIR=$(dirname "$0") # make temp dir TEMPDIR="$TESTDIR"/tmp @@ -137,9 +142,12 @@ export SOCKET="$TEMPDIR"/ssh-socket # *anything* with any running X11 session. export DISPLAY=monkeys + +###################################################################### ### CONFIGURE ENVIRONMENTS # copy in admin and testuser home to tmp +echo "##################################################" echo "### copying admin and testuser homes..." cp -a "$TESTDIR"/home/admin "$TEMPDIR"/ cp -a "$TESTDIR"/home/testuser "$TEMPDIR"/ @@ -160,107 +168,150 @@ EOF get_gpg_prng_arg >> "$GNUPGHOME"/gpg.conf # set up sshd +echo "##################################################" echo "### configuring sshd..." -cp etc/ssh/sshd_config "$SSHD_CONFIG" +cp "$TESTDIR"/etc/ssh/sshd_config "$SSHD_CONFIG" # write the sshd_config cat <<EOF >> "$SSHD_CONFIG" HostKey ${MONKEYSPHERE_SYSDATADIR}/ssh_host_rsa_key AuthorizedKeysFile ${MONKEYSPHERE_SYSDATADIR}/authentication/authorized_keys/%u EOF + +###################################################################### +### SERVER HOST SETUP + # set up monkeysphere host +echo "##################################################" echo "### configuring monkeysphere host..." mkdir -p -m 750 "$MONKEYSPHERE_SYSDATADIR"/host -# set up monkeysphere authentication -echo "### configuring monkeysphere authentication..." -mkdir -p -m 700 "$MONKEYSPHERE_SYSDATADIR"/authentication/{authorized_keys,core,sphere,tmp} -cp etc/monkeysphere/monkeysphere-authentication.conf "$TEMPDIR"/ -cat <<EOF >> "$TEMPDIR"/monkeysphere-authentication.conf -AUTHORIZED_USER_IDS="$MONKEYSPHERE_HOME/authentication/authorized_user_ids" -EOF -cat <<EOF > "$MONKEYSPHERE_SYSDATADIR"/authentication/sphere/gpg.conf -primary-keyring ${MONKEYSPHERE_SYSDATADIR}/authentication/sphere/pubring.gpg -keyring ${MONKEYSPHERE_SYSDATADIR}/authentication/core/pubring.gpg -EOF - - -### SERVER TESTS - # create a new host key -echo "### generating server key..." +echo "##################################################" +echo "### generating server host key..." # add gpg.conf with quick-random get_gpg_prng_arg >> "$MONKEYSPHERE_SYSCONFIGDIR"/host/gpg.conf echo | monkeysphere-host expert gen-key --length 1024 --expire 0 testhost # remove the gpg.conf rm "$MONKEYSPHERE_SYSCONFIGDIR"/host/gpg.conf +# FIXME: need to test import-key as well + HOSTKEYID=$( monkeysphere-host show-key | grep '^OpenPGP fingerprint: ' | cut -f3 -d\ ) # certify it with the "Admin's Key". # (this would normally be done via keyservers) -echo "### certifying server key..." -monkeysphere-authentication expert gpg-cmd "--armor --export $HOSTKEYID" | gpgadmin --import +echo "##################################################" +echo "### certifying server host key..." +GNUPGHOME="$MONKEYSPHERE_SYSCONFIGDIR"/host gpg --armor --export "$HOSTKEYID" | gpgadmin --import echo y | gpgadmin --command-fd 0 --sign-key "$HOSTKEYID" +# FIXME: add revoker? + # FIXME: how can we test publish-key without flooding junk into the # keyservers? +# FIXME: should we run "diagnostics" here to test setup? + + +###################################################################### +### SERVER AUTHENTICATION SETUP + +# set up monkeysphere authentication +echo "##################################################" +echo "### setup monkeysphere authentication..." +mkdir -p -m 700 "$MONKEYSPHERE_SYSDATADIR"/authentication/{authorized_keys,core,sphere,tmp} +cp "$TESTDIR"/etc/monkeysphere/monkeysphere-authentication.conf "$TEMPDIR"/ +cat <<EOF >> "$TEMPDIR"/monkeysphere-authentication.conf +AUTHORIZED_USER_IDS="$MONKEYSPHERE_HOME/authentication/authorized_user_ids" +EOF +monkeysphere-authentication setup +get_gpg_prng_arg >> "$MONKEYSPHERE_SYSDATADIR"/authentication/sphere/gpg.conf + # add admin as identity certifier for testhost +echo "##################################################" echo "### adding admin as certifier..." echo y | monkeysphere-authentication add-id-certifier "$TEMPDIR"/admin/.gnupg/pubkey.gpg +# FIXME: should we run "diagnostics" here to test setup? -### TESTUSER TESTS + +###################################################################### +### TESTUSER SETUP # generate an auth subkey for the test user that expires in 2 days +echo "##################################################" echo "### generating key for testuser..." monkeysphere gen-subkey --expire 2 # add server key to testuser keychain +echo "##################################################" echo "### export server key to testuser..." gpgadmin --armor --export "$HOSTKEYID" | gpg --import # teach the "server" about the testuser's key +echo "##################################################" echo "### export testuser key to server..." gpg --export testuser | monkeysphere-authentication gpg-cmd --import + +# update authorized_keys for user +echo "##################################################" echo "### update server authorized_keys file for this testuser..." monkeysphere-authentication update-users $(whoami) + +###################################################################### +### TESTS + # connect to test sshd, using monkeysphere-ssh-proxycommand to verify # the identity before connection. This should work in both directions! +echo "##################################################" echo "### ssh connection test for success..." ssh_test # remove the testuser's authorized_user_ids file, update, and make # sure that the ssh authentication FAILS +echo "##################################################" echo "### removing testuser authorized_user_ids and updating..." mv "$TESTHOME"/.monkeysphere/authorized_user_ids{,.bak} monkeysphere-authentication update-users $(whoami) +echo "##################################################" echo "### ssh connection test for server authentication denial..." ssh_test 255 mv "$TESTHOME"/.monkeysphere/authorized_user_ids{.bak,} # put improper permissions on authorized_user_ids file, update, and # make sure ssh authentication FAILS +echo "##################################################" echo "### setting group writability on authorized_user_ids and updating..." chmod g+w "$TESTHOME"/.monkeysphere/authorized_user_ids monkeysphere-authentication update-users $(whoami) +echo "##################################################" echo "### ssh connection test for server authentication denial..." ssh_test 255 chmod g-w "$TESTHOME"/.monkeysphere/authorized_user_ids +echo "##################################################" echo "### setting other writability on authorized_user_ids and updating..." chmod o+w "$TESTHOME"/.monkeysphere/authorized_user_ids monkeysphere-authentication update-users $(whoami) +echo "##################################################" echo "### ssh connection test for server authentication denial..." ssh_test 255 chmod o-w "$TESTHOME"/.monkeysphere/authorized_user_ids +# FIXME: addtest: remove admin as id-certifier and check ssh failure + +# FIXME: addtest: revoke hostname on host key and check ssh failure + +# FIXME: addtest: revoke the host key and check ssh failure + + +###################################################################### trap - EXIT -echo -echo "Monkeysphere basic tests completed successfully!" -echo +echo "##################################################" +echo " Monkeysphere basic tests completed successfully!" +echo "##################################################" cleanup |