diff options
| -rw-r--r-- | debian/changelog | 4 | ||||
| -rw-r--r-- | src/common | 6 | ||||
| -rwxr-xr-x | src/monkeysphere-server | 96 | ||||
| -rw-r--r-- | website/bugs/handle-passphrase-locked-secret-keys.mdwn | 6 | ||||
| -rw-r--r-- | website/bugs/multiple-hostnames.mdwn | 2 | ||||
| -rw-r--r-- | website/download.mdwn | 2 |
6 files changed, 77 insertions, 39 deletions
diff --git a/debian/changelog b/debian/changelog index e80e48a..b39ba44 100644 --- a/debian/changelog +++ b/debian/changelog @@ -5,6 +5,7 @@ monkeysphere (0.8-1) UNRELEASED; urgency=low of my own. * More monkeysphere-server diagnostics * monkeysphere --gen-subkey now guesses what KeyID you meant. + * set up host-key revocation [ Jameson Graef Rollins ] * fix another bug for when ssh key files are missing. @@ -13,8 +14,9 @@ monkeysphere (0.8-1) UNRELEASED; urgency=low be removed from key files. * enabled host key publication. * added checking of gpg.conf for keyserver + * new functions to add/revoke host key user IDs - -- Jameson Graef Rollins <jrollins@phys.columbia.edu> Fri, 15 Aug 2008 10:46:23 -0700 + -- Jameson Graef Rollins <jrollins@phys.columbia.edu> Fri, 15 Aug 2008 15:02:48 -0700 monkeysphere (0.7-1) experimental; urgency=low @@ -77,6 +77,12 @@ gpg_unescape() { sed 's/\\x3a/:/g' } +# convert nasty chars into gpg-friendly form in pipeline +# FIXME: escape everything, not just colons! +gpg_escape() { + sed 's/:/\\x3a/g' +} + # remove all lines with specified string from specified file remove_line() { local file diff --git a/src/monkeysphere-server b/src/monkeysphere-server index 31bce7d..4fb8265 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -375,6 +375,8 @@ EOF add_hostname() { local userID local fingerprint + local tmpuidMatch + local line local adduidCommand if [ -z "$1" ] ; then @@ -383,19 +385,26 @@ add_hostname() { userID="ssh://${1}" - if [ "$(gpg_host --list-key "=${userID}" 2> /dev/null)" ] ; then + fingerprint=$(fingerprint_server_key) + + # match to only ultimately trusted user IDs + tmpuidMatch="u:$(echo $userID | gpg_escape)" + + # find the index of the requsted user ID + # NOTE: this is based on circumstantial evidence that the order of + # this output is the appropriate index + if line=$(gpg_host --list-keys --with-colons --fixed-list-mode "0x${fingerprint}"\! \ + | egrep '^(uid|uat):' | cut -f2,10 -d: | grep -n -x -F "$tmpuidMatch") ; then failure "Host userID '$userID' already exists." fi echo "The following user ID will be added to the host key:" - echo " '$userID'" + echo " $userID" read -p "Are you sure you would like to add this user ID? (y/N) " OK; OK=${OK:=N} if [ ${OK/y/Y} != 'Y' ] ; then failure "user ID not added." fi - fingerprint=$(fingerprint_server_key) - # edit-key script command to add user ID adduidCommand=$(cat <<EOF adduid @@ -407,21 +416,28 @@ EOF ) # execute edit-key script - echo "$adduidCommand" | gpg_host --quiet --command-fd 0 --edit-key "$fingerprint" - - # update trust db - gpg_host --check-trustdb + if echo "$adduidCommand" | gpg_host --quiet --command-fd 0 --edit-key "0x${fingerprint}"\! ; then + # update trust db + gpg_host --check-trustdb - show_server_key + show_server_key - # publish the key - publish_server_key + echo "NOTE: User ID added but key not published." + echo "Run '$PGRM publish-key' to publish the key" + else + failure "Problem adding user ID." + fi } # revoke hostname user ID to server key revoke_hostname() { local userID + local fingerprint + local tmpuidMatch + local line local uidIndex + local message + local revuidCommand if [ -z "$1" ] ; then failure "You must specify a hostname to revoke." @@ -431,30 +447,35 @@ revoke_hostname() { fingerprint=$(fingerprint_server_key) + # match to only ultimately trusted user IDs + tmpuidMatch="u:$(echo $userID | gpg_escape)" + # find the index of the requsted user ID # NOTE: this is based on circumstantial evidence that the order of # this output is the appropriate index - uidIndex=$(gpg_host --with-colons --fixed-list-mode --list-key "$fingerprint" 2> /dev/null | \ - egrep "^(uid|uat):" | cut -d: -f10 | gpg_unescape | cat -n | \ - grep "$userID" | awk '{ print $1 }') - - if [ -z "$uidIndex" ] ; then - failure "User ID '$userID' not found in host key." + if line=$(gpg_host --list-keys --with-colons --fixed-list-mode "0x${fingerprint}"\! \ + | egrep '^(uid|uat):' | cut -f2,10 -d: | grep -n -x -F "$tmpuidMatch") ; then + uidIndex=${line%%:*} + else + failure "No non-revoked user ID '$userID' is found." fi echo "The following user ID will be revoked from the host key:" - echo " '$userID'" + echo " $userID" read -p "Are you sure you would like to revoke this user ID? (y/N) " OK; OK=${OK:=N} if [ ${OK/y/Y} != 'Y' ] ; then failure "user ID not revoked." fi + message="Hostname removed by monkeysphere-server $DATE" + # edit-key script command to revoke user ID revuidCommand=$(cat <<EOF $uidIndex revuid y 4 +$message y save @@ -462,15 +483,17 @@ EOF ) # execute edit-key script - echo "$revuidCommand" | gpg_host --quiet --command-fd 0 --edit-key "$fingerprint" - - # update trust db - gpg_host --check-trustdb + if echo "$revuidCommand" | gpg_host --quiet --command-fd 0 --edit-key "0x${fingerprint}"\! ; then + # update trust db + gpg_host --check-trustdb - show_server_key + show_server_key - # publish the key - publish_server_key + echo "NOTE: User ID revoked but key not published." + echo "Run '$PGRM publish-key' to publish the key" + else + failure "Problem revoking user ID." + fi } # publish server key to keyserver @@ -499,7 +522,10 @@ diagnostics() { local uid local fingerprint local badhostkeys + local sshd_config + # FIXME: what's the correct, cross-platform answer? + sshd_config=/etc/ssh/sshd_config seckey=$(fingerprint_server_key) keysfound=$(echo "$seckey" | grep -c ^sec:) curdate=$(date +%s) @@ -576,14 +602,14 @@ diagnostics() { fi # propose changes needed for sshd_config (if any) - if ! grep -q "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$" /etc/ssh/sshd_config; then - echo "! /etc/ssh/sshd_config does not point to the monkeysphere host key (${VARLIB}/ssh_host_rsa_key)." - echo " - Recommendation: add a line to /etc/ssh/sshd_config: 'HostKey ${VARLIB}/ssh_host_rsa_key'" + if ! grep -q "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$" "$sshd_config"; then + echo "! $sshd_config does not point to the monkeysphere host key (${VARLIB}/ssh_host_rsa_key)." + echo " - Recommendation: add a line to $sshd_config: 'HostKey ${VARLIB}/ssh_host_rsa_key'" fi - if badhostkeys=$(grep -i '^HostKey' | grep -q -v "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$") ; then + if badhostkeys=$(grep -i '^HostKey' "$sshd_config" | grep -q -v "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$") ; then echo "! /etc/sshd_config refers to some non-monkeysphere host keys:" echo "$badhostkeys" - echo " - Recommendation: remove the above HostKey lines from /etc/ssh/sshd_config" + echo " - Recommendation: remove the above HostKey lines from $sshd_config" fi fi fi @@ -599,14 +625,14 @@ diagnostics() { echo "Checking for MonkeySphere-enabled public-key authentication for users ..." # Ensure that User ID authentication is enabled: - if ! grep -q "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$" /etc/ssh/sshd_config; then - echo "! /etc/ssh/sshd_config does not point to monkeysphere authorized keys." - echo " - Recommendation: add a line to /etc/ssh/sshd_config: 'AuthorizedKeysFile ${VARLIB}/authorized_keys/%u'" + if ! grep -q "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$" "$sshd_config"; then + echo "! $sshd_config does not point to monkeysphere authorized keys." + echo " - Recommendation: add a line to $sshd_config: 'AuthorizedKeysFile ${VARLIB}/authorized_keys/%u'" fi - if badauthorizedkeys=$(grep -i '^AuthorizedKeysFile' | grep -q -v "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$") ; then + if badauthorizedkeys=$(grep -i '^AuthorizedKeysFile' "$sshd_config" | grep -q -v "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$") ; then echo "! /etc/sshd_config refers to non-monkeysphere authorized_keys files:" echo "$badauthorizedkeys" - echo " - Recommendation: remove the above AuthorizedKeysFile lines from /etc/ssh/sshd_config" + echo " - Recommendation: remove the above AuthorizedKeysFile lines from $sshd_config" fi } diff --git a/website/bugs/handle-passphrase-locked-secret-keys.mdwn b/website/bugs/handle-passphrase-locked-secret-keys.mdwn index b66e4c7..ae5bf72 100644 --- a/website/bugs/handle-passphrase-locked-secret-keys.mdwn +++ b/website/bugs/handle-passphrase-locked-secret-keys.mdwn @@ -36,8 +36,10 @@ work for reasonable values of `$KEYID`: mkfifo "$TMPDIR/passphrase" kname="MonkeySphere Key $KEYID" mkfifo "$TMPDIR/$kname" - ssh-agent "Please enter the passphrase for MonkeySphere key $KEYID" >"$TMPDIR/passphrase" & - gpg --passphrase-fd 3 3<"$TMPDIR/passphrase" --export-options export-reset-subkey-passwd,export-minimal,no-export-attributes --export-secret-subkeys "$KEYID"\! | openpgp2ssh "$KEYID" > "$TMPDIR/$kname" + ssh-askpass "Please enter the passphrase for MonkeySphere key $KEYID" >"$TMPDIR/passphrase" & + gpg --passphrase-fd 3 3<"$TMPDIR/passphrase" \ + --export-options export-reset-subkey-passwd,export-minimal,no-export-attributes \ + --export-secret-subkeys "$KEYID"\! | openpgp2ssh "$KEYID" > "$TMPDIR/$kname" & (cd "$TMPDIR" && ssh-add -c "$kname") rm -rf "$TMPDIR" diff --git a/website/bugs/multiple-hostnames.mdwn b/website/bugs/multiple-hostnames.mdwn index 7597af5..f4920fd 100644 --- a/website/bugs/multiple-hostnames.mdwn +++ b/website/bugs/multiple-hostnames.mdwn @@ -35,3 +35,5 @@ probably prompt the administrator to re-publish the host key as well, to ensure that the new User IDs are published. --dkg + +[[bugs/done]] on 2008-08-15 15:00:02-0400 in 84b775ff0b36ec4b86e6708844ad2d678eced403 diff --git a/website/download.mdwn b/website/download.mdwn index 982f88f..3c2f3c5 100644 --- a/website/download.mdwn +++ b/website/download.mdwn @@ -28,7 +28,7 @@ The git repo from this web site: [Jameson Graef Rollins](http://cmrg.fifthhorseman.net/wiki/jrollins): - git clone http://lair.fifthhorseman.net/~jrollins/git/monkeysphere.git monkeysphere + git clone git://lair.fifthhorseman.net/~jrollins/monkeysphere monkeysphere [Daniel Kahn Gillmor](http://cmrg.fifthhorseman.net/wiki/dkg): |