diff options
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/monkeysphere-server.conf | 19 | ||||
| -rw-r--r-- | etc/monkeysphere.conf | 23 |
2 files changed, 14 insertions, 28 deletions
diff --git a/etc/monkeysphere-server.conf b/etc/monkeysphere-server.conf index 847e879..defb0f7 100644 --- a/etc/monkeysphere-server.conf +++ b/etc/monkeysphere-server.conf @@ -3,20 +3,9 @@ # This is an sh-style shell configuration file. Variable names should # be separated from their assignements by a single '=' and no spaces. -# GPG home directory for server -#GNUPGHOME=/etc/monkeysphere/gnupg - # GPG keyserver to search for keys #KEYSERVER=subkeys.pgp.net -# Required user key capabilities -# Must be quoted, lowercase, space-seperated list of the following: -# e = encrypt -# s = sign -# c = certify -# a = authentication -#REQUIRED_USER_KEY_CAPABILITY="a" - # Path to authorized_user_ids file to process to create # authorized_keys file. '%h' will be replaced by the home directory # of the user, and %u will be replaced by the username of the user. @@ -26,6 +15,8 @@ # Whether to add user controlled authorized_keys file to # monkeysphere-generated authorized_keys file. Should be path to file -# where '%h' will be replaced by the home directory of the user. -# To not add any user-controlled file, put "-" -#USER_CONTROLLED_AUTHORIZED_KEYS="%h/.ssh/authorized_keys" +# where '%h' will be replaced by the home directory of the user or +# '%u' by the username. To not add any user-controlled file, put "-" +# FIXME: this usage of "-" contravenes the normal convention where "-" +# means standard in/out. Why not use "none" or "" instead? +#RAW_AUTHORIZED_KEYS="%h/.ssh/authorized_keys" diff --git a/etc/monkeysphere.conf b/etc/monkeysphere.conf index f2ba4a7..aa3a664 100644 --- a/etc/monkeysphere.conf +++ b/etc/monkeysphere.conf @@ -9,14 +9,13 @@ # GPG keyserver to search for keys #KEYSERVER=subkeys.pgp.net -# Required key capabilities -# Must be quoted, lowercase, space-seperated list of the following: -# e = encrypt -# s = sign -# c = certify -# a = authentication -#REQUIRED_HOST_KEY_CAPABILITY="a" -#REQUIRED_USER_KEY_CAPABILITY="a" +# Set whether or not to check keyservers at every monkeysphere +# interaction, including all ssh connections if you use the +# monkeysphere-ssh-proxycommand. +# NOTE: setting CHECK_KEYSERVER to true will leak information about +# the timing and frequency of your ssh connections to the maintainer +# of the keyserver. +#CHECK_KEYSERVER=true # ssh known_hosts file #KNOWN_HOSTS=~/.ssh/known_hosts @@ -25,9 +24,5 @@ # Should be "true" or "false" #HASH_KNOWN_HOSTS=true -# ssh authorized_keys file -#AUTHORIZED_KEYS=~/.ssh/known_hosts - -# This overrides other environment variables -# NOTE: there is leakage -#CHECK_KEYRING=true +# ssh authorized_keys file (FIXME: why is this relevant in this file?) +#AUTHORIZED_KEYS=~/.ssh/authorized_keys |