diff options
Diffstat (limited to 'website/bugs')
| -rw-r--r-- | website/bugs/authorized_keys-options.mdwn | 2 | ||||
| -rw-r--r-- | website/bugs/authorized_keys_not_cleared.mdwn | 4 | ||||
| -rw-r--r-- | website/bugs/monkeysphere-gen-subkey-treats-revoked-auth-subkey-as-valid.mdwn | 16 | ||||
| -rw-r--r-- | website/bugs/ssh_config_files_not_parsed.mdwn (renamed from website/bugs/monkeysphere-ignores-HashKnownHosts-directive.mdwn) | 14 |
4 files changed, 34 insertions, 2 deletions
diff --git a/website/bugs/authorized_keys-options.mdwn b/website/bugs/authorized_keys-options.mdwn index a066318..4e7a838 100644 --- a/website/bugs/authorized_keys-options.mdwn +++ b/website/bugs/authorized_keys-options.mdwn @@ -1,7 +1,5 @@ [[meta title="Monkeysphere support for options in authorized_keys"]] -# Monkeysphere support for options within `authorized_keys` # - OpenSSH [allows users to control the capabilities granted to remote key-based logins](http://www.hackinglinuxexposed.com/articles/20030109.html) by diff --git a/website/bugs/authorized_keys_not_cleared.mdwn b/website/bugs/authorized_keys_not_cleared.mdwn index 7246997..4ba347b 100644 --- a/website/bugs/authorized_keys_not_cleared.mdwn +++ b/website/bugs/authorized_keys_not_cleared.mdwn @@ -18,3 +18,7 @@ bytes. However, it just remained untouched, and the old keys persisted. This seems like a potential security problem. + +--- + +[[bugs/done]] on 2008-10-26 in c8ab71b24b566967fdb39818d071f6548dc056c8 diff --git a/website/bugs/monkeysphere-gen-subkey-treats-revoked-auth-subkey-as-valid.mdwn b/website/bugs/monkeysphere-gen-subkey-treats-revoked-auth-subkey-as-valid.mdwn index 8181437..3c7e804 100644 --- a/website/bugs/monkeysphere-gen-subkey-treats-revoked-auth-subkey-as-valid.mdwn +++ b/website/bugs/monkeysphere-gen-subkey-treats-revoked-auth-subkey-as-valid.mdwn @@ -19,3 +19,19 @@ revoked, so probably monkeysphere needs to be looking at gpg's computed validity from the public keyring instead of the secret keyring to be able to get the "r" flag from field 2, in addition to the "e" flag from field 12. + +--- + +So the problem is that there is no field 2 for secret keys. From +/usr/share/doc/gnupg/DETAILS.gz: + + 2. Field: A letter describing the calculated trust. This is a single + letter, but be prepared that additional information may follow + in some future versions. (not used for secret keys) + +Why would secret keys not have this field? They have validity too, +right? This doesn't make any sense. I verify that indeed there is no +output in field 2 for secret keys. I would say this is a bug in gpg, +but it's clearly done on purpose. Any ideas? + +-- jrollins diff --git a/website/bugs/monkeysphere-ignores-HashKnownHosts-directive.mdwn b/website/bugs/ssh_config_files_not_parsed.mdwn index 2dac579..ca851a8 100644 --- a/website/bugs/monkeysphere-ignores-HashKnownHosts-directive.mdwn +++ b/website/bugs/ssh_config_files_not_parsed.mdwn @@ -31,3 +31,17 @@ here](http://marc.info/?l=openssh-unix-dev&m=121804767122918&w=2), but i haven't had much of a response yet. --dkg + +--- + +For some reason this didn't get mentioned in this bug earlier, but +there is a monkeysphere config variable about hashing known_hosts +lines, which is set to true by default (to be in sync with the Debian +openssh-client package). + +I think this bug is really more about the fact that monkeysphere does +not parse the ssh config files for any directives relavent to what the +monkeysphere is doing. I'm changing the name of this bug to reflect +what the real issue is. + +-- Big Jimmy. |