summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/common6
-rwxr-xr-xsrc/monkeysphere-ssh-proxycommand14
2 files changed, 14 insertions, 6 deletions
diff --git a/src/common b/src/common
index efee9bd..51b0470 100644
--- a/src/common
+++ b/src/common
@@ -639,7 +639,7 @@ process_user_id() {
;;
'uid') # user ids
if [ "$lastKey" != pub ] ; then
- log verbose " - got a user ID after a sub key?! user IDs should only follow primary keys!"
+ log verbose " ! got a user ID after a sub key?! user IDs should only follow primary keys!"
continue
fi
# if an acceptable user ID was already found, skip
@@ -652,6 +652,8 @@ process_user_id() {
if [ "$validity" = 'u' -o "$validity" = 'f' ] ; then
# mark user ID acceptable
uidOK=true
+ else
+ log debug " - unacceptable user ID validity ($validity)."
fi
else
continue
@@ -693,10 +695,12 @@ process_user_id() {
# if sub key validity is not ok, skip
if [ "$validity" != 'u' -a "$validity" != 'f' ] ; then
+ log debug " - unacceptable sub key validity ($validity)."
continue
fi
# if sub key capability is not ok, skip
if ! check_capability "$usage" $requiredCapability ; then
+ log debug " - unacceptable sub key capability ($usage)."
continue
fi
diff --git a/src/monkeysphere-ssh-proxycommand b/src/monkeysphere-ssh-proxycommand
index b039844..aeea30d 100755
--- a/src/monkeysphere-ssh-proxycommand
+++ b/src/monkeysphere-ssh-proxycommand
@@ -45,20 +45,24 @@ output_no_valid_key() {
local sshKeyGPG
local sshFingerprint
- log "OpenPGP keys with*out* full validity found for this host:"
+ userID="ssh://${HOSTP}"
+
+ log "Monkeysphere found only OpenPGP keys for this host with*out* full validity."
+ log "host: $userID"
log
# retrieve the actual ssh key
sshKeyOffered=$(ssh-keyscan -t rsa -p "$PORT" "$HOST" 2>/dev/null | awk '{ print $2, $3 }')
+ # FIXME: should we do any checks for failed keyscans, eg host not
+ # found?
- userID="ssh://${HOSTP}"
-
- # output gpg info for (exact) userid and store
+ # output gpg info for userid and store
gpgOut=$(gpg --list-key --fixed-list-mode --with-colon \
--with-fingerprint --with-fingerprint \
="$userID" 2>/dev/null)
- # loop over all lines in the gpg output and process.
+ # find all 'pub' and 'sub' lines in the gpg output, which each
+ # represent a retrieved key for the user ID
echo "$gpgOut" | cut -d: -f1,2,5,10,12 | \
while IFS=: read -r type validity keyid uidfpr usage ; do
case $type in