diff options
Diffstat (limited to 'website')
| -rw-r--r-- | website/bugs.mdwn | 14 | ||||
| -rw-r--r-- | website/bugs/posix_compliance.mdwn | 3 | ||||
| -rw-r--r-- | website/bugs/use_getopts_instead_of_getopt.mdwn | 15 | ||||
| -rw-r--r-- | website/doc.mdwn | 4 | ||||
| -rw-r--r-- | website/getting-started-admin.mdwn | 100 | ||||
| -rw-r--r-- | website/index.mdwn | 9 | ||||
| -rw-r--r-- | website/local.css | 20 | ||||
| -rw-r--r-- | website/logo.simple.png | bin | 0 -> 5536 bytes | |||
| -rw-r--r-- | website/logo.title.png | bin | 0 -> 4123 bytes | |||
| -rw-r--r-- | website/news/Monkeysphere-in-Debian.mdwn | 15 | ||||
| -rw-r--r-- | website/sidebar.mdwn | 17 |
11 files changed, 145 insertions, 52 deletions
diff --git a/website/bugs.mdwn b/website/bugs.mdwn index d621500..bd437f9 100644 --- a/website/bugs.mdwn +++ b/website/bugs.mdwn @@ -2,10 +2,18 @@ # Bugs # -This is Monkeysphere's bug list. You can also browse our [completed bugs](done). +The Monkeysphere is moving to a [new issue tracking +system](https://labs.riseup.net/code/projects/show/monkeysphere), +hosted at [Riseup Labs](https://labs.riseup.net/code). We're leaving +this old bug list up during the transition. -If you don't have commit access to the public repo, we'd appreciate -you reporting bugs on [the monkeysphere mailing list](/community). +If you use [Debian](htt[://debian.org), please consider submitting +your bug to the [Debian BTS](http://bugs.debian.org/monkeysphere). + +You can also browse our [completed bugs](done). + +Please feel free to also ask any questions on the [the monkeysphere +mailing list](/community). [[inline pages="./bugs/* and !./bugs/done and !link(done) and !*/Discussion" actions=yes postform=yes show=0]] diff --git a/website/bugs/posix_compliance.mdwn b/website/bugs/posix_compliance.mdwn index c2908ad..d418e98 100644 --- a/website/bugs/posix_compliance.mdwn +++ b/website/bugs/posix_compliance.mdwn @@ -7,3 +7,6 @@ bashism at the moment, so this may not be trivial. For instance: servo:~/cmrg/monkeysphere/git 0$ checkbashisms -f src/monkeysphere-server 2>&1 | wc -l 50 servo:~/cmrg/monkeysphere/git 0$ + +It looks like the biggest complication for this would be the +occasional use of bash arrays. diff --git a/website/bugs/use_getopts_instead_of_getopt.mdwn b/website/bugs/use_getopts_instead_of_getopt.mdwn index db087b4..2ec68d6 100644 --- a/website/bugs/use_getopts_instead_of_getopt.mdwn +++ b/website/bugs/use_getopts_instead_of_getopt.mdwn @@ -2,3 +2,18 @@ Since Monkeysphere is using bash, it would be nice to use the shell build in getopts function, instead of the external getopt program. This would reduce an external dependency, which would definitely be better for portability. + +--- + +So it looks like the sh built-in getopts does not include long options +(eg. "--expire"). Is it worth getting rid of the long options for +this? + +--- + +Why not just get rid of getopts altogether and perform a simple +argument-processing loop with bash string tests? We're only invoking +getopt in three places, and each invocation is no more complex than +three arguments -- and most arguments take a separate parameter, which +means that handling tricky arg blobs like -aCxr are not gonna be +supported anyway. diff --git a/website/doc.mdwn b/website/doc.mdwn index cd7bc76..28db2ef 100644 --- a/website/doc.mdwn +++ b/website/doc.mdwn @@ -19,10 +19,12 @@ ## References ## - * [Initial Monkeysphere specifications at CMRG](http://cmrg.fifthhorseman.net/wiki/OpenPGPandSSH) + * [OpenSSH](http://openssh.com/) + * [GnuPG](http://www.gnupg.org/) * [OpenPGP (RFC 4880)](http://tools.ietf.org/html/rfc4880) * [Secure Shell Authentication Protocol (RFC 4252)](http://tools.ietf.org/html/rfc4252) * [URI scheme for SSH, RFC draft](http://tools.ietf.org/wg/secsh/draft-ietf-secsh-scp-sftp-ssh-uri/) + * [Initial Monkeysphere specifications at CMRG](http://cmrg.fifthhorseman.net/wiki/OpenPGPandSSH) ## Other ## diff --git a/website/getting-started-admin.mdwn b/website/getting-started-admin.mdwn index 1c373ac..5c7203d 100644 --- a/website/getting-started-admin.mdwn +++ b/website/getting-started-admin.mdwn @@ -2,60 +2,106 @@ Monkeysphere Server Administrator README ======================================== As the administrator of an SSH server, you can take advantage of the -monkeysphere in two ways: you can publish the host key of your machine -so that your users can have it automatically verified, and you can set -up your machine to automatically identify connecting users by their -presence in the OpenPGP web of trust. +monkeysphere in two ways: +1. you can publish the host key of your machine so that your users can +have it automatically verified, and + +2. you can set up your machine to automatically identify connecting +users by their presence in the OpenPGP web of trust. + +These things are not mutually required, and it is in fact possible to +do one without the other. However, it is highly recommend that you at +least do the first. Even if you decide that you do not want to use +the monkeysphere to authenticate users to your system, you should at +least the host key into the Web of Trust so that your users can be +sure they're connecting to the correct machine. + + +Monkeysphere for host verification +================================== Server host key publication --------------------------- -To generate and publish a server host key: + +To begin, you must first generate a server host key: # monkeysphere-server gen-key - # monkeysphere-server publish-key This will generate the key for server with the service URI -(`ssh://server.example.net`). The server admin should now sign the -server key so that people in the admin's web of trust can identify the -server without manual host key checking: +(`ssh://server.example.net`). Output the new key information with the +'show-key' command: + + # monkeysphere-server show-key + +Once the key has been generated, it needs to be publish to the Web of +Trust: + + # monkeysphere-server publish-key + +The server admin should now sign the server key so that people in the +admin's web of trust can identify the server without manual host key +checking. On your (the admin's) local machine retrieve the host key: $ gpg --search '=ssh://server.example.net' + +Now sign the server key: + $ gpg --sign-key '=ssh://server.example.net' +Make sure you compare the fingerprint of the retrieved with the one +output with the 'show-key' command above, to verify you are signing +the correct key. Finally, publish your signatures back to the +keyservers: + + $ gpg --send-key '=ssh://server.example.net' Update OpenSSH configuration files ---------------------------------- To use the newly-generated host key for ssh connections, put the -following line in `/etc/ssh/sshd_config` (be sure to remove references -to any other keys): +following line in `/etc/ssh/sshd_config` (be sure to comment out or +remove any other HostKey references): HostKey /var/lib/monkeysphere/ssh_host_rsa_key -FIXME: should we just suggest symlinks in the filesystem here instead? +FIXME: What about DSA host keys? The SSH RFC seems to require +implementations support DSA, though OpenSSH will work without a DSA +host key. -FIXME: What about DSA host keys? The SSH RFC seems to require implementations support DSA, though OpenSSH will work without a DSA host key. -To enable users to use the monkeysphere to authenticate using the -OpenPGP web of trust, add this line to `/etc/ssh/sshd_config` (again, -making sure that no other AuthorizedKeysFile directive exists): +Monkeysphere for user authentication +==================================== - AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u +A host can maintain ssh `authorized_keys` files automatically for its +users with the Monkeysphere. These `authorized_keys` files can then +be used to enable users to use the monkeysphere to authenticate to +your machine using the OpenPGP web of trust. + +Before this can happen, the host must first have a host key to use for +user key verification. If you have not already generated a host key +(as in the host verification instructions above), generate one now: + + # monkeysphere-server gen-key -And then read the section below about how to ensure these files are -maintained. You'll need to restart `sshd` to have your changes take -effect. As with any change to `sshd_config`, be sure to retain an -existing session to the machine while you test your changes so you -don't get locked out. +Update OpenSSH configuration files +---------------------------------- + +SSH must be configured to point to the monkeysphere generated +`authorized_keys` file. Add this line to `/etc/ssh/sshd_config` +(again, making sure that no other AuthorizedKeysFile directive is left +uncommented): + AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u + +You'll need to restart `sshd` to have your changes take effect. As +with any change to `sshd_config`, be sure to retain an existing +session to the machine while you test your changes so you don't get +locked out. Monkeysphere authorized_keys maintenance ---------------------------------------- -A host can maintain ssh authorized_keys files automatically for its -users with the Monkeysphere. - For each user account on the server, the userids of people authorized to log into that account would be placed in: @@ -72,12 +118,12 @@ If the admin's OpenPGP keyid is `$GPGID`, then on the server run: # monkeysphere-server add-identity-certifier $GPGID -To update the monkeysphere authorized_keys file for user "bob" using +To update the monkeysphere `authorized_keys` file for user "bob" using the current set of identity certifiers, run: # monkeysphere-server update-users bob -To update the monkeysphere authorized_keys file for all users on the +To update the monkeysphere `authorized_keys` file for all users on the the system, run the same command with no arguments: # monkeysphere-server update-users diff --git a/website/index.mdwn b/website/index.mdwn index 2e756ae..4abeea0 100644 --- a/website/index.mdwn +++ b/website/index.mdwn @@ -69,12 +69,11 @@ To emphasize: ***no modifications to SSH are required to use the Monkeysphere***. OpenSSH can be used as is; completely unpatched and "out of the box". -## Links ## +## License ## -* [OpenSSH](http://openssh.com/) -* [GnuPG](http://www.gnupg.org/) -* [Secure Shell Authentication Protocol RFC 4252](http://tools.ietf.org/html/rfc4252) -* [OpenPGP RFC 4880](http://tools.ietf.org/html/rfc4880) +All Monkeysphere software is copyright, 2007, by [the +authors](community), and released under [GPL, version 3 or +later](http://www.gnu.org/licenses/gpl-3.0.html). ---- diff --git a/website/local.css b/website/local.css index c4b59e9..de0f196 100644 --- a/website/local.css +++ b/website/local.css @@ -58,31 +58,31 @@ pre { overflow: auto; } -table.sitenav { +table.sitenav { border-bottom: 2px solid black; padding: 0px; width: 100%; font-size: larger; } -table.sitenav img.logo { - margin: 0px; - padding: 0px; +table.sitenav img.logo { + margin: 0em; + padding: 0px; vertical-align: bottom; } +table.sitenav img.title { + margin: 0px; + padding: 0px; + vertical-align: top; +} + table.sitenav a { font-weight: bold; margin-right: 1em; font-size: smaller; } -/* trying to align the sitenav links roughly with the text in the monkeysphere logo */ -td#sitenav { - vertical-align: bottom; - padding-bottom: 30px; -} - table.sitenav span.selflink { font-weight: bold; text-decoration: underline; diff --git a/website/logo.simple.png b/website/logo.simple.png Binary files differnew file mode 100644 index 0000000..5cc69eb --- /dev/null +++ b/website/logo.simple.png diff --git a/website/logo.title.png b/website/logo.title.png Binary files differnew file mode 100644 index 0000000..a203f8b --- /dev/null +++ b/website/logo.title.png diff --git a/website/news/Monkeysphere-in-Debian.mdwn b/website/news/Monkeysphere-in-Debian.mdwn new file mode 100644 index 0000000..edad432 --- /dev/null +++ b/website/news/Monkeysphere-in-Debian.mdwn @@ -0,0 +1,15 @@ +[[meta title="Monkeysphere now in Debian!"]] + +[The Monkeysphere has made it into +Debian!](http://packages.debian.org/sid/monkeysphere) + +It is in Debian unstable ("sid") now, which means it won't make it +into the next stable release ("lenny"), but hopefully will make it +into the stable release after that ("squeeze"). + +Congratulations to all the work by all the [monkeysphere +developers](/community), and to Micah Anderson for being our Debian +sponsor. + +Please feel free to start submitting bug reports to the [Debian +BTS](http://bugs.debian.org/monkeysphere). diff --git a/website/sidebar.mdwn b/website/sidebar.mdwn index fe21fc5..420cd7e 100644 --- a/website/sidebar.mdwn +++ b/website/sidebar.mdwn @@ -1,13 +1,18 @@ <table class="sitenav" cellpadding="0" cellspacing="0"> -<tbody><tr><td> -<a class="logo" href="/"><img class="logo" src="/logo.png" alt="monkeysphere" width="343" height="85" /></a> -</td><td id="sitenav"> - +<colgroup span="1" width="120" /> +<tr> +<td rowspan="2"><a href="/"><img class="logo" src="/logo.simple.png" alt="monkeysphere" /></a></td> +<td><a href="/"><img class="title" src="/logo.title.png" alt="monkeysphere" /></a></td> +</tr><tr> +<td> [[WHY?|why]] [[DOWNLOAD|download]] [[DOCUMENTATION|doc]] [[NEWS|news]] [[COMMUNITY|community]] -[[BUGS|bugs]] +<a href="https://labs.riseup.net/code/wiki/monkeysphere">WIKI</a> +<a href="https://labs.riseup.net/code/projects/monkeysphere/issues">BUGS</a> +</td> +</tr> +</table> -</td></tr></tbody></table> |
