summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rwxr-xr-xsrc/monkeysphere-server23
1 files changed, 13 insertions, 10 deletions
diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index dd85dcc..2b9b744 100755
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -468,7 +468,10 @@ diagnostics() {
local uid
local fingerprint
local badhostkeys
+ local sshd_config
+ # FIXME: what's the correct, cross-platform answer?
+ sshd_config=/etc/ssh/sshd_config
seckey=$(fingerprint_server_key)
keysfound=$(echo "$seckey" | grep -c ^sec:)
curdate=$(date +%s)
@@ -545,14 +548,14 @@ diagnostics() {
fi
# propose changes needed for sshd_config (if any)
- if ! grep -q "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$" /etc/ssh/sshd_config; then
- echo "! /etc/ssh/sshd_config does not point to the monkeysphere host key (${VARLIB}/ssh_host_rsa_key)."
- echo " - Recommendation: add a line to /etc/ssh/sshd_config: 'HostKey ${VARLIB}/ssh_host_rsa_key'"
+ if ! grep -q "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$" "$sshd_config"; then
+ echo "! $sshd_config does not point to the monkeysphere host key (${VARLIB}/ssh_host_rsa_key)."
+ echo " - Recommendation: add a line to $sshd_config: 'HostKey ${VARLIB}/ssh_host_rsa_key'"
fi
- if badhostkeys=$(grep -i '^HostKey' | grep -q -v "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$") ; then
+ if badhostkeys=$(grep -i '^HostKey' "$sshd_config" | grep -q -v "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$") ; then
echo "! /etc/sshd_config refers to some non-monkeysphere host keys:"
echo "$badhostkeys"
- echo " - Recommendation: remove the above HostKey lines from /etc/ssh/sshd_config"
+ echo " - Recommendation: remove the above HostKey lines from $sshd_config"
fi
fi
fi
@@ -568,14 +571,14 @@ diagnostics() {
echo "Checking for MonkeySphere-enabled public-key authentication for users ..."
# Ensure that User ID authentication is enabled:
- if ! grep -q "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$" /etc/ssh/sshd_config; then
- echo "! /etc/ssh/sshd_config does not point to monkeysphere authorized keys."
- echo " - Recommendation: add a line to /etc/ssh/sshd_config: 'AuthorizedKeysFile ${VARLIB}/authorized_keys/%u'"
+ if ! grep -q "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$" "$sshd_config"; then
+ echo "! $sshd_config does not point to monkeysphere authorized keys."
+ echo " - Recommendation: add a line to $sshd_config: 'AuthorizedKeysFile ${VARLIB}/authorized_keys/%u'"
fi
- if badauthorizedkeys=$(grep -i '^AuthorizedKeysFile' | grep -q -v "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$") ; then
+ if badauthorizedkeys=$(grep -i '^AuthorizedKeysFile' "$sshd_config" | grep -q -v "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$") ; then
echo "! /etc/sshd_config refers to non-monkeysphere authorized_keys files:"
echo "$badauthorizedkeys"
- echo " - Recommendation: remove the above AuthorizedKeysFile lines from /etc/ssh/sshd_config"
+ echo " - Recommendation: remove the above AuthorizedKeysFile lines from $sshd_config"
fi
}