diff options
-rw-r--r-- | man/man1/monkeysphere-ssh-proxycommand.1 | 2 | ||||
-rw-r--r-- | packaging/debian/changelog | 31 | ||||
-rwxr-xr-x | src/monkeysphere-host | 22 | ||||
-rwxr-xr-x | src/subcommands/mh/gen-key | 6 | ||||
-rwxr-xr-x | src/subcommands/mh/import-key | 7 | ||||
-rwxr-xr-x | tests/basic | 5 |
6 files changed, 30 insertions, 43 deletions
diff --git a/man/man1/monkeysphere-ssh-proxycommand.1 b/man/man1/monkeysphere-ssh-proxycommand.1 index 1606a5d..65edd0b 100644 --- a/man/man1/monkeysphere-ssh-proxycommand.1 +++ b/man/man1/monkeysphere-ssh-proxycommand.1 @@ -6,7 +6,7 @@ monkeysphere-ssh-proxycommand \- MonkeySphere ssh ProxyCommand script .SH DESCRIPTION -\fBmonkeysphere-ssh-proxy\fP is an ssh proxy command that can be used +\fBmonkeysphere-ssh-proxycommand\fP is an ssh proxy command that can be used to trigger a monkeysphere update of the ssh known_hosts file for a host that is being connected to with ssh. This works by updating the known_hosts file for the host first, before an attempted connection to diff --git a/packaging/debian/changelog b/packaging/debian/changelog index a282c58..6b31e16 100644 --- a/packaging/debian/changelog +++ b/packaging/debian/changelog @@ -1,15 +1,24 @@ monkeysphere (0.23~pre-1) UNRELEASED; urgency=low - - * New upstream release: - - added better checks for the existence of a host private key for - functions that require it to be there. - - add checks for root users, for functions where it is required. - - get rid of getopts. - - added version output option - - check that existing authentication keys are valid in gen_key - function. - - -- Jameson Graef Rollins <jrollins@finestructure.net> Tue, 30 Dec 2008 20:21:16 -0500 + + "The Golden Bezoar Release" + + * New upstream release. + * rearchitect UI: + - replace monkeysphere-server with monkeysphere-{authentication,host} + - fold monkeysphere-ssh-proxycommand into /usr/bin/monkeysphere + + * simplify adding a host to the monkeysphere, automate the process + during debian installation + * provide pem2openpgp for translating unencrypted PEM-encoded raw key + material into OpenPGP keys. + * added better checks for the existence of a host private key for + functions that require it to be there. + * get rid of getopts dependency + * added version output option + * check that existing authentication keys are valid in gen_key + function. + + -- Daniel Kahn Gillmor <dkg@pip.fifthhorseman.net> Sat, 31 Jan 2009 17:32:58 -0500 monkeysphere (0.22-1) unstable; urgency=low diff --git a/src/monkeysphere-host b/src/monkeysphere-host index 5c97aa6..19ab5fc 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -53,12 +53,10 @@ subcommands: publish-key (p) publish server host key to keyserver expert - import-key (i) import existing ssh key to gpg - --hostname (-h) NAME[:PORT] hostname for key user ID + import-key (i) NAME[:PORT] import existing ssh key to gpg --keyfile (-f) FILE key file to import --expire (-e) EXPIRE date to expire - gen-key (g) generate gpg key for the host - --hostname (-h) NAME[:PORT] hostname for key user ID + gen-key (g) NAME[:PORT] generate gpg key for the host --length (-l) BITS key length in bits (2048) --expire (-e) EXPIRE date to expire --revoker (-r) FINGERPRINT add a revoker @@ -105,16 +103,6 @@ gpg_host() { return "$returnCode" } -# check if user is root -is_root() { - [ $(id -u 2>/dev/null) = '0' ] -} - -# check that user is root, for functions that require root access -check_user() { - is_root || failure "You must be root to run this command." -} - # output just key fingerprint fingerprint_server_key() { # set the pipefail option so functions fails if can't read sec key @@ -181,37 +169,31 @@ case $COMMAND in ;; 'extend-key'|'e') - check_user check_host_keyring extend_key "$@" ;; 'add-hostname'|'add-name'|'n+') - check_user check_host_keyring add_hostname "$@" ;; 'revoke-hostname'|'revoke-name'|'n-') - check_user check_host_keyring revoke_hostname "$@" ;; 'add-revoker'|'o') - check_user check_host_keyring add_revoker "$@" ;; 'revoke-key'|'r') - check_user check_host_keyring revoke_key "$@" ;; 'publish-key'|'publish'|'p') - check_user check_host_keyring publish_server_key ;; diff --git a/src/subcommands/mh/gen-key b/src/subcommands/mh/gen-key index 37469c7..554c04c 100755 --- a/src/subcommands/mh/gen-key +++ b/src/subcommands/mh/gen-key @@ -28,10 +28,6 @@ fingerprint_server_key >/dev/null \ # get options while true ; do case "$1" in - -h|--hostname) - hostName="$2" - shift 2 - ;; -l|--length) keyLength="$2" shift 2 @@ -49,6 +45,8 @@ while true ; do failure "Unknown option '$1'. Type '$PGRM help' for usage." fi + hostName="$1" + shift; break ;; esac diff --git a/src/subcommands/mh/import-key b/src/subcommands/mh/import-key index c33550b..bbeb37f 100755 --- a/src/subcommands/mh/import-key +++ b/src/subcommands/mh/import-key @@ -23,10 +23,6 @@ fingerprint_server_key >/dev/null \ # get options while true ; do case "$1" in - -h|--hostname) - hostName="$2" - shift 2 - ;; -f|--keyfile) keyFile="$2" shift 2 @@ -40,6 +36,9 @@ while true ; do failure "Unknown option '$1'. Type '$PGRM help' for usage." fi + hostName="$1" + shift + ;; break ;; esac diff --git a/tests/basic b/tests/basic index 5ba7a25..7fdca39 100755 --- a/tests/basic +++ b/tests/basic @@ -8,8 +8,7 @@ # Copyright: 2008 # License: GPL v3 or later -# these tests should all be able to -# as a non-privileged user. +# these tests should all be able to run as a non-privileged user. # all subcommands in this script should complete without failure: set -e @@ -193,7 +192,7 @@ echo | monkeysphere-server gen-key --length 1024 --expire 0 testhost # remove the gpg.conf rm "$MONKEYSPHERE_SYSCONFIGDIR"/gnupg-host/gpg.conf -HOSTKEYID=$( monkeysphere-server show-key | tail -n1 | cut -f3 -d\ ) +HOSTKEYID=$( monkeysphere-server show-key | grep '^OpenPGP fingerprint: ' | cut -f3 -d\ ) # certify it with the "Admin's Key". # (this would normally be done via keyservers) |