diff options
Diffstat (limited to 'website')
| -rw-r--r-- | website/bugs/add-identity-certifier-behaves-oddly-without-pty.mdwn | 15 | ||||
| -rw-r--r-- | website/bugs/hostkeyalias-confuses-monkeysphere.mdwn | 28 | ||||
| -rw-r--r-- | website/bugs/monkeysphere-ignores-HashKnownHosts-directive.mdwn | 10 | ||||
| -rw-r--r-- | website/dev.mdwn | 13 | ||||
| -rw-r--r-- | website/download.mdwn | 28 | ||||
| -rw-r--r-- | website/index.mdwn | 5 | ||||
| -rw-r--r-- | website/news/release-0.7-1.mdwn | 6 |
7 files changed, 80 insertions, 25 deletions
diff --git a/website/bugs/add-identity-certifier-behaves-oddly-without-pty.mdwn b/website/bugs/add-identity-certifier-behaves-oddly-without-pty.mdwn new file mode 100644 index 0000000..1962fe5 --- /dev/null +++ b/website/bugs/add-identity-certifier-behaves-oddly-without-pty.mdwn @@ -0,0 +1,15 @@ +When executing `monkeysphere-server add-identity-certifier` across a +link without a pseudo-terminal, it behaves oddly (prompts are created +that are only halfway-readable, gpg gives error messages about lacking +access to a `/dev/tty`, etc. + +You can try this directly if you have remote ssh access to the +superuser on a monkeysphere-enabled host, assuming that `$GPGID` is +set to the full fingerprint of a key you want to add as a trusted +identity certifier: + + ssh root@example.org monkeysphere-server add-identity-certifier $GPGID + +Compare this behavior with: + + ssh -t root@example.org monkeysphere-server add-identity-certifier $GPGID diff --git a/website/bugs/hostkeyalias-confuses-monkeysphere.mdwn b/website/bugs/hostkeyalias-confuses-monkeysphere.mdwn new file mode 100644 index 0000000..4f7df66 --- /dev/null +++ b/website/bugs/hostkeyalias-confuses-monkeysphere.mdwn @@ -0,0 +1,28 @@ +Consider the following snippet in `~/.ssh/config`: + + Host foo + HostKeyAlias bar + +for a host which is *not* participating in the monkeysphere. + +For such a host, when using `monkeysphere-ssh-proxy-command`, the +public keyservers will be queried on each attempted ssh connection +(even after a successful connection). + +This appears to be because: + +* `ssh` itself will write a line to `~/.ssh/known_hosts`, but it will + be labeled with `bar` because of the `HostKeyAlias`. + +* `monkeysphere` won't be able to find any mention of it in the + keyring (it's not in the monkeysphere) + +* `monkeysphere-ssh-proxycommand` won't be able to find it in the + `known_hosts` file because it looks for `foo`, which is never + matched. + +excessive keyserver querying is bad behavior, because it causes delays +for the users, and puts excessive load on the public keyserver +infrastructure. + +How can we resolve this? diff --git a/website/bugs/monkeysphere-ignores-HashKnownHosts-directive.mdwn b/website/bugs/monkeysphere-ignores-HashKnownHosts-directive.mdwn new file mode 100644 index 0000000..6b5b53d --- /dev/null +++ b/website/bugs/monkeysphere-ignores-HashKnownHosts-directive.mdwn @@ -0,0 +1,10 @@ +In `~/.ssh/config`, i have: + + HashKnownHosts No + +But when `monkeysphere-ssh-proxycommand` adds new hosts to +`~/.ssh/known_hosts`, they appear to be added in a hashed form, +instead of in the clear. + +fwiw: i'm using OpenSSH 5.1p1 on a debian lenny system (backported +from sid) diff --git a/website/dev.mdwn b/website/dev.mdwn deleted file mode 100644 index b149f9c..0000000 --- a/website/dev.mdwn +++ /dev/null @@ -1,13 +0,0 @@ -# Monkeysphere Development # - -The Monkeysphere is attempting to use a completely distributed -development model. Please feel free to clone any of our developer git -repositories, and send patches, modifications, or merge requests to -any of the upstream developers. - -## Contacts ## - -Please feel free to contact any of the Monkeysphere developers with -any questions, comments, bug reports, requests, etc: - -Jameson Graef Rollins <jrollins@phys.columbia.edu> diff --git a/website/download.mdwn b/website/download.mdwn index c2033a4..006654d 100644 --- a/website/download.mdwn +++ b/website/download.mdwn @@ -1,4 +1,4 @@ -##Downloading and Installing## +## Downloading and Installing ## If you are running a Debian system, you can install Monkeysphere by following these directions: @@ -13,14 +13,24 @@ The repository is currently signed by [Daniel Kahn Gillmor's OpenPGP key](http:/ (fingerprint: `0EE5 BE97 9282 D80B 9F75 40F1 CCD2 ED94 D217 39E9`). To cryptographically verify the packages, you'll want to [add `dkg`'s key to your apt configuration](http://cmrg.fifthhorseman.net/wiki/apt/importing-keys "Instructions for adding dkg's key to apt") -##git repositories## +## git repositories ## -Development is done in an extremely distributed manner using -[git](http://git.or.cz/). Once you've -[installed git](http://www.spheredev.org/wiki/Git_for_the_lazy), you can -clone the repository by doing +The Monkeysphere is attempting to use a completely distributed +development model with [git](http://git.or.cz/). Once you've +[installed git](http://www.spheredev.org/wiki/Git_for_the_lazy), you +can [git +clone](http://www.kernel.org/pub/software/scm/git/docs/git-clone.html) +any of the developer repositories, including: - git clone http://lair.fifthhorseman.net/~dkg/git/monkeysphere.git/ monkeysphere +[Jameson Graef Rollins](mailto:jrollins@phys.columbia.edu): -Other developers have their own repositories, which you can substitute -for dkg's if you like. + git clone http://lair.fifthhorseman.net/~jrollins/git/monkeysphere.git monkeysphere + +[Daniel Kahn Gillmor](http://cmrg.fifthhorseman.net/wiki/dkg): + + git clone http://lair.fifthhorseman.net/~dkg/git/monkeysphere.git monkeysphere + +## Contact ## + +Please feel free to contact any of the Monkeysphere developers with +any questions, comments, bug reports, requests, etc. diff --git a/website/index.mdwn b/website/index.mdwn index 5c8a694..853c75b 100644 --- a/website/index.mdwn +++ b/website/index.mdwn @@ -2,15 +2,14 @@ The Monkeysphere project's goal is to extend the web of trust model and other features of OpenPGP to other areas of the Internet to help us securely identify each other while we work online. -Specifically, the Monkeysphere is a framework to leverage the OpenPGP +Specifically, monkeysphere is a framework to leverage the OpenPGP web of trust for OpenSSH authentication. In other words, it allows you to use your OpenPGP keys when using secure shell to both identify yourself and the servers you administer or connect to. OpenPGP keys are tracked via GnuPG, and managed in the `known_hosts` and `authorized_keys` files used by OpenSSH for connection authentication. -[[bugs]] | [[download]] | [[news]] | [[documentation|doc]] | -[[development|dev]] +[[bugs]] | [[download]] | [[news]] | [[documentation|doc]] ## Conceptual overview ## diff --git a/website/news/release-0.7-1.mdwn b/website/news/release-0.7-1.mdwn new file mode 100644 index 0000000..1d744e5 --- /dev/null +++ b/website/news/release-0.7-1.mdwn @@ -0,0 +1,6 @@ +# MonkeySphere 0.7-1 released! # + +MonkeySphere 0.7-1 has been released. This release contains bugfixes, +a new `monkeysphere-server diagnostics` subcommand, and marks a +transition to the new [Git-based debian packaging +format](http://wiki.debian.org/GitSrc). [[download]] it now! |