diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/common | 32 | ||||
-rwxr-xr-x | src/monkeysphere | 19 | ||||
-rwxr-xr-x | src/monkeysphere-server | 21 | ||||
-rwxr-xr-x | src/seckey2sshagent | 114 |
4 files changed, 130 insertions, 56 deletions
@@ -68,7 +68,7 @@ check_capability() { # character # FIXME: undo all escape character translation in with-colons gpg output unescape() { - echo "$1" | sed 's/\\x3a/:/' + echo "$1" | sed 's/\\x3a/:/g' } # remove all lines with specified string from specified file @@ -294,7 +294,7 @@ gpg_fetch_userid() { # (see /usr/share/doc/gnupg/DETAILS.gz) # output is one line for every found key, in the following format: # -# flag fingerprint +# flag:fingerprint # # "flag" is an acceptability flag, 0 = ok, 1 = bad # "fingerprint" is the fingerprint of the key @@ -380,6 +380,14 @@ process_user_id() { fi ;; 'uid') # user ids + if [ "$lastKey" != pub ] ; then + log " - got a user ID after a sub key! user IDs should only follow primary keys!" + continue + fi + # don't bother with a uid if there is no valid or reasonable primary key. + if [ "$keyOK" != true ] ; then + continue + fi # if an acceptable user ID was already found, skip if [ "$uidOK" ] ; then continue @@ -401,14 +409,14 @@ process_user_id() { if [ "$keyOK" -a "$uidOK" -a "$lastKeyOK" ] ; then log " * acceptable primary key." if [ -z "$sshKey" ] ; then - log " ! primary key could not be translated." + log " ! primary key could not be translated (not RSA or DSA?)." else echo "0:${sshKey}" fi else log " - unacceptable primary key." if [ -z "$sshKey" ] ; then - log " ! primary key could not be translated." + log " ! primary key could not be translated (not RSA or DSA?)." else echo "1:${sshKey}" fi @@ -419,7 +427,17 @@ process_user_id() { lastKey=sub lastKeyOK= fingerprint= + + # don't bother with sub keys if the primary key is not valid + if [ "$keyOK" != true ] ; then + continue + fi + # don't bother with sub keys if no user ID is acceptable: + if [ "$uidOK" != true ] ; then + continue + fi + # if sub key validity is not ok, skip if [ "$validity" != 'u' -a "$validity" != 'f' ] ; then continue @@ -442,19 +460,19 @@ process_user_id() { continue fi - # output a line for the primary key + # output a line for the sub key # 0 = ok, 1 = bad if [ "$keyOK" -a "$uidOK" -a "$lastKeyOK" ] ; then log " * acceptable sub key." if [ -z "$sshKey" ] ; then - log " ! sub key could not be translated." + log " ! sub key could not be translated (not RSA or DSA?)." else echo "0:${sshKey}" fi else log " - unacceptable sub key." if [ -z "$sshKey" ] ; then - log " ! sub key could not be translated." + log " ! sub key could not be translated (not RSA or DSA?)." else echo "1:${sshKey}" fi diff --git a/src/monkeysphere b/src/monkeysphere index cd77193..8ddfe7f 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -32,7 +32,7 @@ umask 077 ######################################################################## usage() { -cat <<EOF + cat <<EOF usage: $PGRM <subcommand> [options] [args] MonkeySphere client tool. @@ -89,9 +89,22 @@ gen_subkey(){ esac done - keyID="$1" + if [ -z "$1" ] ; then + # find all secret keys + keyID=$(gpg --with-colons --list-secret-keys | grep ^sec | cut -f5 -d:) + # if multiple sec keys exist, fail + if (( $(echo "$keyID" | wc -l) > 1 )) ; then + echo "Multiple secret keys found:" + echo "$keyID" + failure "Please specify which primary key to use." + fi + else + keyID="$1" + fi if [ -z "$keyID" ] ; then - failure "You must specify the key ID of your primary key." + failure "You have no secret key available. You should create an OpenPGP +key before joining the monkeysphere. You can do this with: + gpg --gen-key" fi # get key output, and fail if not found diff --git a/src/monkeysphere-server b/src/monkeysphere-server index 1e5f209..3ca0656 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -32,7 +32,7 @@ RETURN=0 ######################################################################## usage() { -cat <<EOF + cat <<EOF usage: $PGRM <subcommand> [options] [args] MonkeySphere server admin tool. @@ -468,14 +468,14 @@ diagnostics() { fi # propose changes needed for sshd_config (if any) - if ! grep -q "^HostKey ${VARLIB}/ssh_host_rsa_key$" /etc/ssh/sshd_config; then + if ! grep -q "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$" /etc/ssh/sshd_config; then echo "! /etc/ssh/sshd_config does not point to the monkeysphere host key (${VARLIB}/ssh_host_rsa_key)." echo " - Recommendation: add a line to /etc/ssh/sshd_config: 'HostKey ${VARLIB}/ssh_host_rsa_key'" fi - if badhostkeys=$(grep '^HostKey' | grep -q -v "^HostKey ${VARLIB}/ssh_host_rsa_key$") ; then + if badhostkeys=$(grep -i '^HostKey' | grep -q -v "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$") ; then echo "! /etc/sshd_config refers to some non-monkeysphere host keys:" echo "$badhostkeys" - echo "- Recommendation: remove the above HostKey lines from /etc/ssh/sshd_config" + echo " - Recommendation: remove the above HostKey lines from /etc/ssh/sshd_config" fi fi fi @@ -489,6 +489,19 @@ diagnostics() { # FIXME: make sure that at least one identity certifier exists + echo "Checking for MonkeySphere-enabled public-key authentication for users ..." + # Ensure that User ID authentication is enabled: + if ! grep -q "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$" /etc/ssh/sshd_config; then + echo "! /etc/ssh/sshd_config does not point to monkeysphere authorized keys." + echo " - Recommendation: add a line to /etc/ssh/sshd_config: 'AuthorizedKeysFile ${VARLIB}/authorized_keys/%u'" + fi + if badauthorizedkeys=$(grep -i '^AuthorizedKeysFile' | grep -q -v "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$") ; then + echo "! /etc/sshd_config refers to non-monkeysphere authorized_keys files:" + echo "$badauthorizedkeys" + echo " - Recommendation: remove the above AuthorizedKeysFile lines from /etc/ssh/sshd_config" + fi + + } # retrieve key from web of trust, import it into the host keyring, and diff --git a/src/seckey2sshagent b/src/seckey2sshagent index 4b765dc..a516256 100755 --- a/src/seckey2sshagent +++ b/src/seckey2sshagent @@ -14,17 +14,17 @@ # Authors: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, # Jameson Rollins <jrollins@fifthhorseman.net> - -cleanup() { - echo -n "removing temp gpg home... " 1>&2 - rm -rf "$TMPPRIVATE" - echo "done." 1>&2 -} - explanation() { - echo -n "The basic strategy of seckey2sshagent is to dump your -OpenPGP authentication key(s) into your agent. + cat <<EOF +Usage: $0 [GPGID [FILE]] + +The basic strategy of seckey2sshagent is to dump your OpenPGP +authentication key(s) into your agent or a file. With no arguments, +it will add all secret keys in your keyring to the agent. With one +argument, it adds only the specified key to the agent. With two +arguments, it dumps the specified key to FILE, with the pub key in +FILE.pub. This script is a gross hack at the moment. It is done by creating a new, temporary private keyring, letting the user remove the @@ -51,8 +51,37 @@ You can check on it with: ssh-add -l -" +EOF +} + +cleanup() { + echo -n "removing temp gpg home... " 1>&2 + rm -rf "$TMPPRIVATE" + echo "done." 1>&2 +} + +export_sec_key() { + gpg --export-secret-key "$GPGID" | GNUPGHOME="$TMPPRIVATE" gpg --import + GNUPGHOME="$TMPPRIVATE" gpg --edit-key "$GPGID" + + # idea to script the password stuff. not working. + # read -s -p "enter gpg password: " PASSWD; echo + # cmd=$(cat <<EOF + # passwd + # $PASSWD + # \n + # \n + # \n + # yes + # save + # EOF + # ) + # echo -e "$cmd" | GNUPGHOME="$TMPPRIVATE" gpg --command-fd 0 --edit-key $GPGID + + # export secret key to file + GNUPGHOME="$TMPPRIVATE" gpg --export-secret-keys "$GPGID" | \ + openpgp2ssh "$GPGID" } # if no hex string is supplied, just print an explanation. @@ -62,52 +91,53 @@ if [ "$(echo "$1" | tr -d '0-9a-fA-F')" ]; then exit fi -trap cleanup EXIT +# set the file creation umask +umask 077 GPGIDS="$1" +if [ "$2" -a ! -e "$2" ] ; then + FILE="$2" +fi if [ -z "$GPGIDS" ]; then # hack: we need to get the list of secret keys, because if you # --list-secret-keys with no arguments, GPG fails to print the # capability flags (i've just filed this as # https://bugs.g10code.com/gnupg/issue945) - KEYIDS=$(gpg2 --with-colons --list-secret-keys | grep ^sec | cut -f5 -d:) + KEYIDS=$(gpg --with-colons --list-secret-keys | grep ^sec | cut -f5 -d:) # default to using all fingerprints of authentication-enabled keys - GPGIDS=$(gpg --with-colons --fingerprint --fingerprint --list-secret-keys $KEYIDS | egrep -A1 '^(ssb|sec):.*:[^:]*a[^:]*:$' | grep ^fpr: | cut -d: -f10) + GPGIDS=$(gpg --with-colons --fingerprint --fingerprint --list-secret-keys $KEYIDS | egrep -A1 '^(ssb|sec):.*:[^:]*a[^:]*:$' | grep ^fpr: | cut -d: -f10) fi +trap cleanup EXIT + for GPGID in $GPGIDS; do TMPPRIVATE=$(mktemp -d) - gpg --export-secret-key "$GPGID" | GNUPGHOME="$TMPPRIVATE" gpg --import - -# idea to script the password stuff. not working. -# read -s -p "enter gpg password: " PASSWD; echo -# cmd=$(cat <<EOF -# passwd -# $PASSWD -# \n -# \n -# \n -# yes -# save -# EOF -# ) -# echo -e "$cmd" | GNUPGHOME="$TMPPRIVATE" gpg --command-fd 0 --edit-key $GPGID - - GNUPGHOME="$TMPPRIVATE" gpg --edit-key "$GPGID" - - KEYNAME='MonkeySphere Key '$(echo "$GPGID" | tr -c -d '0-9a-fA-F')'' -# creating this alias so the key is named "monkeysphere-key" in the -# comment stored by the agent, while never being written to disk in -# SSH form: - ln -s /dev/stdin "$TMPPRIVATE/$KEYNAME" - - GNUPGHOME="$TMPPRIVATE" gpg --export-secret-keys "$GPGID" | \ - openpgp2ssh $GPGID | (cd "$TMPPRIVATE" && ssh-add -c "$KEYNAME") + # if specified, write key to fail and passprotect + if [ "$FILE" ] ; then + # export secret key to file + export_sec_key > "$TMPPRIVATE/key" + # passprotect file + ssh-keygen -f "${TMPPRIVATE}/key" -p + # move into place + mv "${TMPPRIVATE}/key" "$FILE" + + # export public key + gpg --export "$GPGID" | openpgp2ssh "$GPGID" > "${FILE}.pub" + + # otherwise add to agent + else + KEYNAME='MonkeySphere Key '$(echo "$GPGID" | tr -c -d '0-9a-fA-F')'' + + # creating this alias so the key is named "monkeysphere-key" in the + # comment stored by the agent, while never being written to disk in + # SSH form: + ln -s /dev/stdin "${TMPPRIVATE}/${KEYNAME}" + + # export secret key to agent + export_sec_key | (cd "$TMPPRIVATE" && ssh-add -c "$KEYNAME") + fi - cleanup done - - |