summaryrefslogtreecommitdiff
path: root/src/monkeysphere-ssh-proxycommand
diff options
context:
space:
mode:
Diffstat (limited to 'src/monkeysphere-ssh-proxycommand')
-rwxr-xr-xsrc/monkeysphere-ssh-proxycommand87
1 files changed, 71 insertions, 16 deletions
diff --git a/src/monkeysphere-ssh-proxycommand b/src/monkeysphere-ssh-proxycommand
index b039844..a609199 100755
--- a/src/monkeysphere-ssh-proxycommand
+++ b/src/monkeysphere-ssh-proxycommand
@@ -43,22 +43,27 @@ output_no_valid_key() {
local uidfpr
local usage
local sshKeyGPG
+ local tmpkey
local sshFingerprint
+ local gpgSigOut
- log "OpenPGP keys with*out* full validity found for this host:"
- log
+ userID="ssh://${HOSTP}"
+
+ log "-------------------- Monkeysphere warning -------------------"
+ log "Monkeysphere found OpenPGP keys for this hostname, but none had full validity."
# retrieve the actual ssh key
sshKeyOffered=$(ssh-keyscan -t rsa -p "$PORT" "$HOST" 2>/dev/null | awk '{ print $2, $3 }')
+ # FIXME: should we do any checks for failed keyscans, eg. host not
+ # found?
- userID="ssh://${HOSTP}"
-
- # output gpg info for (exact) userid and store
+ # get the gpg info for userid
gpgOut=$(gpg --list-key --fixed-list-mode --with-colon \
--with-fingerprint --with-fingerprint \
="$userID" 2>/dev/null)
- # loop over all lines in the gpg output and process.
+ # find all 'pub' and 'sub' lines in the gpg output, which each
+ # represent a retrieved key for the user ID
echo "$gpgOut" | cut -d: -f1,2,5,10,12 | \
while IFS=: read -r type validity keyid uidfpr usage ; do
case $type in
@@ -69,26 +74,67 @@ output_no_valid_key() {
# if one of keys found matches the one offered by the
# host, then output info
if [ "$sshKeyGPG" = "$sshKeyOffered" ] ; then
+ log "An OpenPGP key matching the ssh key offered by the host was found:"
+ log
- # get the fingerprint of the ssh key
- tmpkey=$(mktemp ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX)
- echo "$sshKeyGPG" > "$tmpkey"
- sshFingerprint=$(ssh-keygen -l -f "$tmpkey" | awk '{ print $2 }')
- rm -rf "$tmpkey"
+ # do some crazy "Here Strings" redirection to get the key to
+ # ssh-keygen, since it doesn't read from stdin cleanly
+ sshFingerprint=$(ssh-keygen -l -f /dev/stdin \
+ <<<$(echo "$sshKeyGPG") | \
+ awk '{ print $2 }')
- # output gpg info
- gpg --check-sigs \
+ # get the sigs for the matching key
+ gpgSigOut=$(gpg --check-sigs \
--list-options show-uid-validity \
- "$keyid" >&2
+ "$keyid")
+
+ # output the sigs, but only those on the user ID
+ # we are looking for
+ echo "$gpgSigOut" | awk '
+{
+if (match($0,"^pub")) { print; }
+if (match($0,"^uid")) { ok=0; }
+if (match($0,"^uid.*'$userID'$")) { ok=1; print; }
+if (ok) { if (match($0,"^sig")) { print; } }
+}
+' >&2
+ log
+
+ # output the other user IDs for reference
+ if (echo "$gpgSigOut" | grep "^uid" | grep -v -q "$userID") ; then
+ log "Other user IDs on this key:"
+ echo "$gpgSigOut" | grep "^uid" | grep -v "$userID" >&2
+ log
+ fi
# output ssh fingerprint
log "RSA key fingerprint is ${sshFingerprint}."
- log "Falling through to standard ssh host checking."
- log
+
+ # this whole process is in a "while read"
+ # subshell. the only way to get information out
+ # of the subshell is to change the return code.
+ # therefore we return 1 here to indicate that a
+ # matching gpg key was found for the ssh key
+ # offered by the host
+ return 1
fi
;;
esac
done
+
+ # if no key match was made (and the "while read" subshell returned
+ # 1) output how many keys were found
+ if (($? != 1)) ; then
+ log "None of the found keys matched the key offered by the host."
+ log "Run the following command for more info about the found keys:"
+ log "gpg --check-sigs --list-options show-uid-validity =${userID}"
+ # FIXME: should we do anything extra here if the retrieved
+ # host key is actually in the known_hosts file and the ssh
+ # connection will succeed? Should the user be warned?
+ # prompted?
+ fi
+
+ log "-------------------- ssh continues below --------------------"
}
########################################################################
@@ -182,6 +228,15 @@ case $? in
;;
esac
+# FIXME: what about the case where monkeysphere successfully finds a
+# valid key for the host and adds it to the known_hosts file, but a
+# different non-monkeysphere key for the host already exists in the
+# known_hosts, and it is this non-ms key that is offered by the host?
+# monkeysphere will succeed, and the ssh connection will succeed, and
+# the user will be left with the impression that they are dealing with
+# a OpenPGP/PKI host key when in fact they are not. should we use
+# ssh-keyscan to compare the keys first?
+
# exec a netcat passthrough to host for the ssh connection
if [ -z "$NO_CONNECT" ] ; then
if (which nc 2>/dev/null >/dev/null); then