diff options
| -rw-r--r-- | man/man8/monkeysphere-host.8 | 11 | ||||
| -rwxr-xr-x | src/monkeysphere-host | 2 | ||||
| -rw-r--r-- | src/share/mh/import_key | 30 | ||||
| -rw-r--r-- | website/getting-started-admin.mdwn | 14 |
4 files changed, 12 insertions, 45 deletions
diff --git a/man/man8/monkeysphere-host.8 b/man/man8/monkeysphere-host.8 index 0a9fc1b..7909b62 100644 --- a/man/man8/monkeysphere-host.8 +++ b/man/man8/monkeysphere-host.8 @@ -23,14 +23,13 @@ connection authentication. \fBmonkeysphere-host\fP takes various subcommands: .TP -.B import-key FILE [NAME[:PORT]] +.B import-key FILE NAME[:PORT] Import a pem-encoded ssh secret host key from file FILE. If FILE is '-', then the key will be imported from stdin. NAME[:PORT] is used -to specify the hostname (and port) used in the user ID of the new -OpenPGP key. If NAME is not specified, then the system -fully-qualified domain name will be used (ie. `hostname -f'). If PORT -is not specified, the no port is added to the user ID, which means -port 22 is assumed. `i' may be used in place of `import-key'. +to specify the fully-qualified hostname (and port) used in the user ID +of the new OpenPGP key. If PORT is not specified, the no port is +added to the user ID, which means port 22 is assumed. `i' may be used +in place of `import-key'. .TP .B show-key Output information about host's OpenPGP and SSH keys. `s' may be used diff --git a/src/monkeysphere-host b/src/monkeysphere-host index efa48cd..540a8ab 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -54,7 +54,7 @@ usage: $PGRM <subcommand> [options] [args] Monkeysphere host admin tool. subcommands: - import-key (i) FILE [NAME[:PORT]] import existing ssh key to gpg + import-key (i) FILE NAME[:PORT] import existing ssh key to gpg show-key (s) output all host key information publish-key (p) publish host key to keyserver set-expire (e) [EXPIRE] set host key expiration diff --git a/src/share/mh/import_key b/src/share/mh/import_key index c545388..f7c69c3 100644 --- a/src/share/mh/import_key +++ b/src/share/mh/import_key @@ -26,39 +26,13 @@ if [ -z "$sshKeyFile" ] ; then failure "Must specify ssh key file to import, or specify '-' for stdin." fi -# use the default hostname if not specified +# fail if hostname not specified if [ -z "$hostName" ] ; then - hostName=$(hostname -f) || failure "Could not determine hostname." - # test that the domain is not obviously illegitimate - domain=${foo##*.} - case $domain in - 'local'|'localdomain') - failure "Host domain '$domain' is not legitimate. Aborting key import." - ;; - esac - # test that there are at least two parts - if (( $(echo "$hostName" | tr . ' ' | wc -w) < 2 )) ; then - failure "Host name '$hostName' is not legitimate. Aborting key import." - fi + failure "You must specify a fully-qualified domain name for use in the host certificate user ID." fi userID="ssh://${hostName}" -if [ "$PROMPT" = "true" ] ; then - cat <<EOF -The ssh key will be imported and an OpenPGP certificate for this host -will be generated with the following user ID: - $userID -EOF - read -p "Are you sure you would like to create certificate? [Y/n] " OK; OK=${OK:-Y} - if [ "${OK/y/Y}" != 'Y' ] ; then - failure "ssh key not imported." - fi -else - log debug "importing key without prompting." -fi - - # create host home mkdir -p "${MHDATADIR}" mkdir -p "${GNUPGHOME_HOST}" diff --git a/website/getting-started-admin.mdwn b/website/getting-started-admin.mdwn index c4c2e64..d76d783 100644 --- a/website/getting-started-admin.mdwn +++ b/website/getting-started-admin.mdwn @@ -22,19 +22,13 @@ To begin, you must first import an ssh host key. This assumes that you have the ssh server installed, and that you have generated a host RSA key. Once that has been done, import the key: - # monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key + # monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key server.example.net This will generate an OpenPGP certificate for server. The primary user ID for this certificate will be the ssh service URI for the host, -which by default is based on the output of `hostname -f` -(eg. `ssh://server.example.net`). If the name determined from -`hostname -f` is not the name you want to have in the service URI, -then you can enter one manually: - - # monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key host.example.net - -Remember that the name you provide here must be a fully qualified -domain name for the host in order for the monkeysphere to work. +(eg. `ssh://server.example.net`). Remember that the name you provide +here must be a fully qualified domain name for the host in order for +the monkeysphere to work. Now you can display information about the host key's certificate with the 'show-key' command: |