diff options
Diffstat (limited to 'src/share/mh')
-rw-r--r-- | src/share/mh/add_hostname | 73 | ||||
-rw-r--r-- | src/share/mh/add_revoker | 21 | ||||
-rw-r--r-- | src/share/mh/diagnostics | 185 | ||||
-rw-r--r-- | src/share/mh/extend_key | 34 | ||||
-rw-r--r-- | src/share/mh/gen_key | 107 | ||||
-rw-r--r-- | src/share/mh/import_key | 89 | ||||
-rw-r--r-- | src/share/mh/publish_key | 31 | ||||
-rw-r--r-- | src/share/mh/revoke_hostname | 91 | ||||
-rw-r--r-- | src/share/mh/revoke_key | 21 |
9 files changed, 652 insertions, 0 deletions
diff --git a/src/share/mh/add_hostname b/src/share/mh/add_hostname new file mode 100644 index 0000000..10d5f58 --- /dev/null +++ b/src/share/mh/add_hostname @@ -0,0 +1,73 @@ +# -*-shell-script-*- +# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant) + +# Monkeysphere host add-hostname subcommand +# +# The monkeysphere scripts are written by: +# Jameson Rollins <jrollins@finestructure.net> +# Jamie McClelland <jm@mayfirst.org> +# Daniel Kahn Gillmor <dkg@fifthhorseman.net> +# +# They are Copyright 2008-2009, and are all released under the GPL, +# version 3 or later. + +# add hostname user ID to server key + +add_hostname() { + +local userID +local fingerprint +local tmpuidMatch +local line +local adduidCommand + +if [ -z "$1" ] ; then + failure "You must specify a hostname to add." +fi + +userID="ssh://${1}" + +fingerprint=$(fingerprint_server_key) + +# match to only ultimately trusted user IDs +tmpuidMatch="u:$(echo $userID | gpg_escape)" + +# find the index of the requsted user ID +# NOTE: this is based on circumstantial evidence that the order of +# this output is the appropriate index +if line=$(gpg_host --list-keys --with-colons --fixed-list-mode "0x${fingerprint}!" \ + | egrep '^(uid|uat):' | cut -f2,10 -d: | grep -n -x -F "$tmpuidMatch") ; then + failure "Host userID '$userID' already exists." +fi + +echo "The following user ID will be added to the host key:" +echo " $userID" +read -p "Are you sure you would like to add this user ID? (y/N) " OK; OK=${OK:=N} +if [ ${OK/y/Y} != 'Y' ] ; then + failure "User ID not added." +fi + +# edit-key script command to add user ID +adduidCommand=$(cat <<EOF +adduid +$userID + + +save +EOF +) + +# execute edit-key script +if echo "$adduidCommand" | \ + gpg_host --quiet --command-fd 0 --edit-key "0x${fingerprint}!" ; then + + show_key + + echo + echo "NOTE: User ID added to key, but key not published." + echo "Run '$PGRM publish-key' to publish the new user ID." +else + failure "Problem adding user ID." +fi + +} diff --git a/src/share/mh/add_revoker b/src/share/mh/add_revoker new file mode 100644 index 0000000..f9d0bb6 --- /dev/null +++ b/src/share/mh/add_revoker @@ -0,0 +1,21 @@ +# -*-shell-script-*- +# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant) + +# Monkeysphere host add-revoker subcommand +# +# The monkeysphere scripts are written by: +# Jameson Rollins <jrollins@finestructure.net> +# Jamie McClelland <jm@mayfirst.org> +# Daniel Kahn Gillmor <dkg@fifthhorseman.net> +# +# They are Copyright 2008, and are all released under the GPL, version 3 +# or later. + +# add a revoker to the host key + +add_revoker() { + +# FIXME: implement! +failure "not implemented yet!" + +} diff --git a/src/share/mh/diagnostics b/src/share/mh/diagnostics new file mode 100644 index 0000000..7e76da6 --- /dev/null +++ b/src/share/mh/diagnostics @@ -0,0 +1,185 @@ +# -*-shell-script-*- +# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant) + +# Monkeysphere host diagnostics subcommand +# +# The monkeysphere scripts are written by: +# Jameson Rollins <jrollins@finestructure.net> +# Jamie McClelland <jm@mayfirst.org> +# Daniel Kahn Gillmor <dkg@fifthhorseman.net> +# +# They are Copyright 2008-2009, and are all released under the GPL, +# version 3 or later. + +# check on the status and validity of the key and public certificates + +diagnostics() { + +local seckey +local keysfound +local curdate +local warnwindow +local warndate +local create +local expire +local uid +local fingerprint +local badhostkeys +local sshd_config +local problemsfound=0 + +# FIXME: what's the correct, cross-platform answer? +sshd_config=/etc/ssh/sshd_config +seckey=$(gpg_host --list-secret-keys --fingerprint --with-colons --fixed-list-mode) +keysfound=$(echo "$seckey" | grep -c ^sec:) +curdate=$(date +%s) +# warn when anything is 2 months away from expiration +warnwindow='2 months' +warndate=$(advance_date $warnwindow +%s) + +if ! id monkeysphere >/dev/null ; then + echo "! No monkeysphere user found! Please create a monkeysphere system user with bash as its shell." + problemsfound=$(($problemsfound+1)) +fi + +if ! [ -d "$SYSDATADIR" ] ; then + echo "! no $SYSDATADIR directory found. Please create it." + problemsfound=$(($problemsfound+1)) +fi + +echo "Checking host GPG key..." +if (( "$keysfound" < 1 )); then + echo "! No host key found." + echo " - Recommendation: run 'monkeysphere-server gen-key'" + problemsfound=$(($problemsfound+1)) +elif (( "$keysfound" > 1 )); then + echo "! More than one host key found?" + # FIXME: recommend a way to resolve this + problemsfound=$(($problemsfound+1)) +else + create=$(echo "$seckey" | grep ^sec: | cut -f6 -d:) + expire=$(echo "$seckey" | grep ^sec: | cut -f7 -d:) + fingerprint=$(echo "$seckey" | grep ^fpr: | head -n1 | cut -f10 -d:) + # check for key expiration: + if [ "$expire" ]; then + if (( "$expire" < "$curdate" )); then + echo "! Host key is expired." + echo " - Recommendation: extend lifetime of key with 'monkeysphere-server extend-key'" + problemsfound=$(($problemsfound+1)) + elif (( "$expire" < "$warndate" )); then + echo "! Host key expires in less than $warnwindow:" $(advance_date $(( $expire - $curdate )) seconds +%F) + echo " - Recommendation: extend lifetime of key with 'monkeysphere-server extend-key'" + problemsfound=$(($problemsfound+1)) + fi + fi + + # and weirdnesses: + if [ "$create" ] && (( "$create" > "$curdate" )); then + echo "! Host key was created in the future(?!). Is your clock correct?" + echo " - Recommendation: Check clock ($(date +%F_%T)); use NTP?" + problemsfound=$(($problemsfound+1)) + fi + + # check for UserID expiration: + echo "$seckey" | grep ^uid: | cut -d: -f6,7,10 | \ + while IFS=: read create expire uid ; do + # FIXME: should we be doing any checking on the form + # of the User ID? Should we be unmangling it somehow? + + if [ "$create" ] && (( "$create" > "$curdate" )); then + echo "! User ID '$uid' was created in the future(?!). Is your clock correct?" + echo " - Recommendation: Check clock ($(date +%F_%T)); use NTP?" + problemsfound=$(($problemsfound+1)) + fi + if [ "$expire" ] ; then + if (( "$expire" < "$curdate" )); then + echo "! User ID '$uid' is expired." + # FIXME: recommend a way to resolve this + problemsfound=$(($problemsfound+1)) + elif (( "$expire" < "$warndate" )); then + echo "! User ID '$uid' expires in less than $warnwindow:" $(advance_date $(( $expire - $curdate )) seconds +%F) + # FIXME: recommend a way to resolve this + problemsfound=$(($problemsfound+1)) + fi + fi + done + +# FIXME: verify that the host key is properly published to the +# keyservers (do this with the non-privileged user) + +# FIXME: check that there are valid, non-expired certifying signatures +# attached to the host key after fetching from the public keyserver +# (do this with the non-privileged user as well) + +# FIXME: propose adding a revoker to the host key if none exist (do we +# have a way to do that after key generation?) + + # Ensure that the ssh_host_rsa_key file is present and non-empty: + echo + echo "Checking host SSH key..." + if [ ! -s "${SYSDATADIR}/ssh_host_rsa_key" ] ; then + echo "! The host key as prepared for SSH (${SYSDATADIR}/ssh_host_rsa_key) is missing or empty." + problemsfound=$(($problemsfound+1)) + else + if [ $(ls -l "${SYSDATADIR}/ssh_host_rsa_key" | cut -f1 -d\ ) != '-rw-------' ] ; then + echo "! Permissions seem wrong for ${SYSDATADIR}/ssh_host_rsa_key -- should be 0600." + problemsfound=$(($problemsfound+1)) + fi + + # propose changes needed for sshd_config (if any) + if ! grep -q "^HostKey[[:space:]]\+${SYSDATADIR}/ssh_host_rsa_key$" "$sshd_config"; then + echo "! $sshd_config does not point to the monkeysphere host key (${SYSDATADIR}/ssh_host_rsa_key)." + echo " - Recommendation: add a line to $sshd_config: 'HostKey ${SYSDATADIR}/ssh_host_rsa_key'" + problemsfound=$(($problemsfound+1)) + fi + if badhostkeys=$(grep -i '^HostKey' "$sshd_config" | grep -v "^HostKey[[:space:]]\+${SYSDATADIR}/ssh_host_rsa_key$") ; then + echo "! $sshd_config refers to some non-monkeysphere host keys:" + echo "$badhostkeys" + echo " - Recommendation: remove the above HostKey lines from $sshd_config" + problemsfound=$(($problemsfound+1)) + fi + + # FIXME: test (with ssh-keyscan?) that the running ssh + # daemon is actually offering the monkeysphere host key. + + fi +fi + +# FIXME: look at the ownership/privileges of the various keyrings, +# directories housing them, etc (what should those values be? can +# we make them as minimal as possible?) + +# FIXME: look to see that the ownertrust rules are set properly on the +# authentication keyring + +# FIXME: make sure that at least one identity certifier exists + +# FIXME: look at the timestamps on the monkeysphere-generated +# authorized_keys files -- warn if they seem out-of-date. + +# FIXME: check for a cronjob that updates monkeysphere-generated +# authorized_keys? + +echo +echo "Checking for MonkeySphere-enabled public-key authentication for users ..." +# Ensure that User ID authentication is enabled: +if ! grep -q "^AuthorizedKeysFile[[:space:]]\+${SYSDATADIR}/authorized_keys/%u$" "$sshd_config"; then + echo "! $sshd_config does not point to monkeysphere authorized keys." + echo " - Recommendation: add a line to $sshd_config: 'AuthorizedKeysFile ${SYSDATADIR}/authorized_keys/%u'" + problemsfound=$(($problemsfound+1)) +fi +if badauthorizedkeys=$(grep -i '^AuthorizedKeysFile' "$sshd_config" | grep -v "^AuthorizedKeysFile[[:space:]]\+${SYSDATADIR}/authorized_keys/%u$") ; then + echo "! $sshd_config refers to non-monkeysphere authorized_keys files:" + echo "$badauthorizedkeys" + echo " - Recommendation: remove the above AuthorizedKeysFile lines from $sshd_config" + problemsfound=$(($problemsfound+1)) +fi + +if [ "$problemsfound" -gt 0 ]; then + echo "When the above $problemsfound issue"$(if [ "$problemsfound" -eq 1 ] ; then echo " is" ; else echo "s are" ; fi)" resolved, please re-run:" + echo " monkeysphere-server diagnostics" +else + echo "Everything seems to be in order!" +fi + +} diff --git a/src/share/mh/extend_key b/src/share/mh/extend_key new file mode 100644 index 0000000..ccbaf0e --- /dev/null +++ b/src/share/mh/extend_key @@ -0,0 +1,34 @@ +# -*-shell-script-*- +# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant) + +# Monkeysphere host extend-key subcommand +# +# The monkeysphere scripts are written by: +# Jameson Rollins <jrollins@finestructure.net> +# Jamie McClelland <jm@mayfirst.org> +# Daniel Kahn Gillmor <dkg@fifthhorseman.net> +# +# They are Copyright 2008-2009, and are all released under the GPL, +# version 3 or later. + +# extend the lifetime of a host key: + +extend_key() { + +local fpr=$(fingerprint_server_key) +local extendTo="$1" + +# get the new expiration date +extendTo=$(get_gpg_expiration "$extendTo") + +gpg_host --quiet --command-fd 0 --edit-key "$fpr" <<EOF +expire +$extendTo +save +EOF + +echo +echo "NOTE: Host key expiration date adjusted, but not yet published." +echo "Run '$PGRM publish-key' to publish the new expiration date." + +} diff --git a/src/share/mh/gen_key b/src/share/mh/gen_key new file mode 100644 index 0000000..aad213a --- /dev/null +++ b/src/share/mh/gen_key @@ -0,0 +1,107 @@ +# -*-shell-script-*- +# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant) + +# Monkeysphere host gen-key subcommand +# +# The monkeysphere scripts are written by: +# Jameson Rollins <jrollins@finestructure.net> +# Jamie McClelland <jm@mayfirst.org> +# Daniel Kahn Gillmor <dkg@fifthhorseman.net> +# +# They are Copyright 2008-2009, and are all released under the GPL, +# version 3 or later. + +gen_key() { + +local keyType="RSA" +local keyLength="2048" +local keyUsage="auth" +local keyExpire +local hostName=$(hostname -f) +local userID +local keyParameters +local fingerprint + +# check for presense of secret key +# FIXME: is this the proper test to be doing here? +fingerprint_server_key >/dev/null \ + && failure "An OpenPGP host key already exists." + +# get options +while true ; do + case "$1" in + -l|--length) + keyLength="$2" + shift 2 + ;; + -e|--expire) + keyExpire="$2" + shift 2 + ;; + *) + if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then + failure "Unknown option '$1'. +Type '$PGRM help' for usage." + fi + hostName="$1" + shift; + break + ;; + esac +done + +userID="ssh://${hostName}" + +# prompt about key expiration if not specified +keyExpire=$(get_gpg_expiration "$keyExpire") + +# set key parameters +keyParameters=\ +"Key-Type: $keyType +Key-Length: $keyLength +Key-Usage: $keyUsage +Name-Real: $userID +Expire-Date: $keyExpire" + +echo "The following key parameters will be used for the host private key:" +echo "$keyParameters" + +read -p "Generate key? (Y/n) " OK; OK=${OK:=Y} +if [ ${OK/y/Y} != 'Y' ] ; then + failure "aborting." +fi + +# add commit command +# must include blank line! +keyParameters=\ +"${keyParameters} + +%commit +%echo done" + +log verbose "generating host key..." +echo "$keyParameters" | gpg_host --batch --gen-key + +# find the key fingerprint of the newly generated key +fingerprint=$(fingerprint_server_key) + +# export host ownertrust to authentication keyring +log verbose "setting ultimate owner trust for host key..." +echo "${fingerprint}:6:" | gpg_authentication "--import-ownertrust" + +# translate the private key to ssh format, and export to a file +# for sshs usage. +# NOTE: assumes that the primary key is the proper key to use +(umask 077 && \ + gpg_host --export-secret-key "$fingerprint" | \ + openpgp2ssh "$fingerprint" > "${SYSDATADIR}/ssh_host_rsa_key") +log info "SSH host private key output to file: ${SYSDATADIR}/ssh_host_rsa_key" +ssh-keygen -y -f "${SYSDATADIR}/ssh_host_rsa_key" > "${SYSDATADIR}/ssh_host_rsa_key.pub" +log info "SSH host public key output to file: ${SYSDATADIR}/ssh_host_rsa_key.pub" +gpg_authentication "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" +log info "SSH host public key in OpenPGP form: ${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" + +# show info about new key +show_key + +} diff --git a/src/share/mh/import_key b/src/share/mh/import_key new file mode 100644 index 0000000..386e02d --- /dev/null +++ b/src/share/mh/import_key @@ -0,0 +1,89 @@ +# -*-shell-script-*- +# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant) + +# Monkeysphere host import-key subcommand +# +# The monkeysphere scripts are written by: +# Jameson Rollins <jrollins@finestructure.net> +# Jamie McClelland <jm@mayfirst.org> +# Daniel Kahn Gillmor <dkg@fifthhorseman.net> +# +# They are Copyright 2008-2009 and are all released under the GPL, +# version 3 or later. + +import_key() { + +local hostName=$(hostname -f) +local keyFile="/etc/ssh/ssh_host_rsa_key" +local keyExpire +local userID + +# check for presense of secret key +# FIXME: is this the proper test to be doing here? +fingerprint_server_key >/dev/null \ + && failure "An OpenPGP host key already exists." + +# get options +while true ; do + case "$1" in + -f|--keyfile) + keyFile="$2" + shift 2 + ;; + -e|--expire) + keyExpire="$2" + shift 2 + ;; + *) + if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then + failure "Unknown option '$1'. +Type '$PGRM help' for usage." + fi + hostName="$1" + shift + ;; + break + ;; + esac +done + +if [ ! -f "$keyFile" ] ; then + failure "SSH secret key file '$keyFile' not found." +fi + +userID="ssh://${hostName}" + +# prompt about key expiration if not specified +keyExpire=$(get_gpg_expiration "$keyExpire") + +echo "The following key parameters will be used for the host private key:" +echo "Import: $keyFile" +echo "Name-Real: $userID" +echo "Expire-Date: $keyExpire" + +read -p "Import key? (Y/n) " OK; OK=${OK:=Y} +if [ ${OK/y/Y} != 'Y' ] ; then + failure "aborting." +fi + +log verbose "importing ssh key..." +# translate ssh key to a private key +(umask 077 && \ + pem2openpgp "$userID" "$keyExpire" < "$sshKey" | gpg_host --import) + +# find the key fingerprint of the newly converted key +fingerprint=$(fingerprint_server_key) + +# export host ownertrust to authentication keyring +log verbose "setting ultimate owner trust for host key..." +echo "${fingerprint}:6:" | gpg_host "--import-ownertrust" +echo "${fingerprint}:6:" | gpg_authentication "--import-ownertrust" + +# export public key to file +gpg_authentication "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" +log info "SSH host public key in OpenPGP form: ${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" + +# show info about new key +show_key + +} diff --git a/src/share/mh/publish_key b/src/share/mh/publish_key new file mode 100644 index 0000000..b7ab01d --- /dev/null +++ b/src/share/mh/publish_key @@ -0,0 +1,31 @@ +# -*-shell-script-*- +# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant) + +# Monkeysphere host publish-key subcommand +# +# The monkeysphere scripts are written by: +# Jameson Rollins <jrollins@finestructure.net> +# Jamie McClelland <jm@mayfirst.org> +# Daniel Kahn Gillmor <dkg@fifthhorseman.net> +# +# They are Copyright 2008-2009, and are all released under the GPL, version 3 +# or later. + +# publish server key to keyserver + +publish_key() { + +read -p "Really publish host key to $KEYSERVER? (y/N) " OK; OK=${OK:=N} +if [ ${OK/y/Y} != 'Y' ] ; then + failure "key not published." +fi + +# find the key fingerprint +fingerprint=$(fingerprint_server_key) + +# publish host key +# FIXME: need to define how to do this +#gpg_authentication "--keyserver $KEYSERVER --send-keys '0x${fingerprint}!'" +echo "not published!!!" + +} diff --git a/src/share/mh/revoke_hostname b/src/share/mh/revoke_hostname new file mode 100644 index 0000000..b519cf6 --- /dev/null +++ b/src/share/mh/revoke_hostname @@ -0,0 +1,91 @@ +# -*-shell-script-*- +# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant) + +# Monkeysphere host revoke-hostname subcommand +# +# The monkeysphere scripts are written by: +# Jameson Rollins <jrollins@finestructure.net> +# Jamie McClelland <jm@mayfirst.org> +# Daniel Kahn Gillmor <dkg@fifthhorseman.net> +# +# They are Copyright 2008-2009, and are all released under the GPL, +# version 3 or later. + +# revoke hostname user ID from host key + +revoke_hostname() { + +local userID +local fingerprint +local tmpuidMatch +local line +local uidIndex +local message +local revuidCommand + +if [ -z "$1" ] ; then + failure "You must specify a hostname to revoke." +fi + +echo "WARNING: There is a known bug in this function." +echo "This function has been known to occasionally revoke the wrong user ID." +echo "Please see the following bug report for more information:" +echo "http://web.monkeysphere.info/bugs/revoke-hostname-revoking-wrong-userid/" +read -p "Are you sure you would like to proceed? (y/N) " OK; OK=${OK:=N} +if [ ${OK/y/Y} != 'Y' ] ; then + failure "aborting." +fi + +userID="ssh://${1}" + +fingerprint=$(fingerprint_server_key) + +# match to only ultimately trusted user IDs +tmpuidMatch="u:$(echo $userID | gpg_escape)" + +# find the index of the requsted user ID +# NOTE: this is based on circumstantial evidence that the order of +# this output is the appropriate index +if line=$(gpg_host --list-keys --with-colons --fixed-list-mode "0x${fingerprint}!" \ + | egrep '^(uid|uat):' | cut -f2,10 -d: | grep -n -x -F "$tmpuidMatch") ; then + uidIndex=${line%%:*} +else + failure "No non-revoked user ID '$userID' is found." +fi + +echo "The following host key user ID will be revoked:" +echo " $userID" +read -p "Are you sure you would like to revoke this user ID? (y/N) " OK; OK=${OK:=N} +if [ ${OK/y/Y} != 'Y' ] ; then + failure "User ID not revoked." +fi + +message="Hostname removed by monkeysphere-server $DATE" + +# edit-key script command to revoke user ID +revuidCommand=$(cat <<EOF +$uidIndex +revuid +y +4 +$message + +y +save +EOF + ) + +# execute edit-key script +if echo "$revuidCommand" | \ + gpg_host --quiet --command-fd 0 --edit-key "0x${fingerprint}!" ; then + + show_key + + echo + echo "NOTE: User ID revoked, but revocation not published." + echo "Run '$PGRM publish-key' to publish the revocation." +else + failure "Problem revoking user ID." +fi + +} diff --git a/src/share/mh/revoke_key b/src/share/mh/revoke_key new file mode 100644 index 0000000..cccdc22 --- /dev/null +++ b/src/share/mh/revoke_key @@ -0,0 +1,21 @@ +# -*-shell-script-*- +# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant) + +# Monkeysphere host revoke-key subcommand +# +# The monkeysphere scripts are written by: +# Jameson Rollins <jrollins@finestructure.net> +# Jamie McClelland <jm@mayfirst.org> +# Daniel Kahn Gillmor <dkg@fifthhorseman.net> +# +# They are Copyright 2008-2009, and are all released under the GPL, +# version 3 or later. + +# revoke host key + +revoke_key() { + +# FIXME: implement! +failure "not implemented yet!" + +} |