diff options
-rw-r--r-- | packaging/debian/NEWS | 2 | ||||
-rwxr-xr-x | src/monkeysphere-host | 13 | ||||
-rw-r--r-- | src/share/m/subkey_to_ssh_agent | 14 | ||||
-rwxr-xr-x | tests/basic | 2 | ||||
-rw-r--r-- | website/getting-started-admin.mdwn | 3 | ||||
-rw-r--r-- | website/getting-started-user.mdwn | 3 |
6 files changed, 30 insertions, 7 deletions
diff --git a/packaging/debian/NEWS b/packaging/debian/NEWS index 3fceea2..8551c87 100644 --- a/packaging/debian/NEWS +++ b/packaging/debian/NEWS @@ -6,7 +6,7 @@ monkeysphere (0.23-1) unstable; urgency=low its functionality has been folded into monkeysphere as a subcommand. So if you are currently using: ssh -oProxyCommand='monkeysphere-ssh-proxycommand %h %p' - plese use instead: + please use instead: ssh -oProxyCommand='monkeysphere ssh-proxycommand %h %p' * For sysadmins: monkeysphere-server has been split into monkeysphere-host (for publishing the ssh host key of your machine) diff --git a/src/monkeysphere-host b/src/monkeysphere-host index 540a8ab..1b0de0c 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -163,6 +163,8 @@ find_host_userid() { # show info about the host key show_key() { local GNUPGHOME + local TMPSSH + local revokers # tmp gpghome dir export GNUPGHOME=$(msmktempdir) @@ -189,6 +191,17 @@ show_key() { | grep -v "^${GNUPGHOME}/pubring.gpg$" \ | egrep -v '^-+$' + # list revokers, if there are any + revokers=$(gpg --list-keys --with-colons --fixed-list-mode \ + | awk -F: '/^rvk:/{ print $10 }' ) + if [ "$revokers" ] ; then + echo "The following keys are allowed to revoke this host key:" + for key in $revokers ; do + echo "revoker: $key" + done + echo + fi + # list the pgp fingerprint echo "OpenPGP fingerprint: $HOST_FINGERPRINT" diff --git a/src/share/m/subkey_to_ssh_agent b/src/share/m/subkey_to_ssh_agent index 7fb2fdb..4ce14f8 100644 --- a/src/share/m/subkey_to_ssh_agent +++ b/src/share/m/subkey_to_ssh_agent @@ -13,6 +13,9 @@ # try to add all authentication subkeys to the agent +# FIXME: what if you only want to add one authentication subkey to the +# agent? + subkey_to_ssh_agent() { local sshaddresponse=0 local secretkeys @@ -68,7 +71,6 @@ You might want to 'monkeysphere gen-subkey'" trap "rm -rf $workingdir" EXIT umask 077 mkfifo "$workingdir/passphrase" - keysuccess=1 # FIXME: we're currently allowing any other options to get passed # through to ssh-add. should we limit it to known ones? For @@ -88,7 +90,7 @@ You might want to 'monkeysphere gen-subkey'" if [ "$1" = '-d' ]; then # we're removing the subkey: gpg_user --export "0x${subkey}!" | openpgp2ssh "$subkey" > "$workingdir/$kname" - (cd "$workingdir" && ssh-add -d "$kname") + (cd "$workingdir" && ssh-add -d "$kname") || keysuccess="$?" else # we're adding the subkey: mkfifo "$workingdir/$kname" @@ -98,8 +100,8 @@ You might want to 'monkeysphere gen-subkey'" (cd "$workingdir" && DISPLAY=nosuchdisplay SSH_ASKPASS=/bin/false ssh-add "$@" "$kname" </dev/null )& passphrase_prompt "Enter passphrase for key $kname: " "$workingdir/passphrase" - wait %2 - fi || keysuccess="$?" + wait %2 || keysuccess="$?" + fi rm -f "$workingdir/$kname" done @@ -108,7 +110,7 @@ You might want to 'monkeysphere gen-subkey'" rm -rf "$workingdir" # FIXME: sort out the return values: we're just returning the - # success or failure of the final authentication subkey in this - # case. What if earlier ones failed? + # failure code of the last authentication subkey which fails. + # what if more than one authentication subkey fails? return "$keysuccess" } diff --git a/tests/basic b/tests/basic index 9c5b280..9308e21 100755 --- a/tests/basic +++ b/tests/basic @@ -51,6 +51,8 @@ gpgadmin() { # test ssh connection # first argument is expected return code from ssh connection ssh_test() { + local RETURN=0 + umask 0077 CODE=${1:-0} diff --git a/website/getting-started-admin.mdwn b/website/getting-started-admin.mdwn index ca44956..bff1773 100644 --- a/website/getting-started-admin.mdwn +++ b/website/getting-started-admin.mdwn @@ -1,6 +1,9 @@ Monkeysphere Server Administrator README ======================================== + Note: This documentation is for Monkeysphere version 0.23 or later. + If you are running a version prior to 0.23, we recommend that you upgrade. + As the administrator of an SSH server, you can take advantage of the Monkeysphere in two ways: diff --git a/website/getting-started-user.mdwn b/website/getting-started-user.mdwn index 9e2be26..96fd54e 100644 --- a/website/getting-started-user.mdwn +++ b/website/getting-started-user.mdwn @@ -1,6 +1,9 @@ Monkeysphere User README ======================== + Note: This documentation is for Monkeysphere version 0.23 or later. + If you are running a version prior to 0.23, we recommend that you upgrade. + You don't have to be an OpenSSH or OpenPGP expert to use the Monkeysphere. However, you should be comfortable using secure shell (ssh), and you should already have an OpenPGP key before you begin. |