diff options
Diffstat (limited to 'website')
-rw-r--r-- | website/archive-key.mdwn | 26 | ||||
-rw-r--r-- | website/bugs.mdwn | 3 | ||||
-rw-r--r-- | website/bugs/done.mdwn | 2 | ||||
-rw-r--r-- | website/bugs/handle-passphrase-locked-secret-keys.mdwn | 20 | ||||
-rw-r--r-- | website/bugs/monkeysphere-ssh-proxycommand-quiet-option.mdwn | 4 | ||||
-rw-r--r-- | website/bugs/setup-test-server-for-public.mdwn | 7 | ||||
-rw-r--r-- | website/community.mdwn | 7 | ||||
-rw-r--r-- | website/doc.mdwn | 1 | ||||
-rw-r--r-- | website/download.mdwn | 4 | ||||
-rw-r--r-- | website/index.mdwn | 70 | ||||
-rw-r--r-- | website/local.css | 62 | ||||
-rw-r--r-- | website/mirrors.mdwn | 81 | ||||
-rw-r--r-- | website/news.mdwn | 1 | ||||
-rw-r--r-- | website/news/apt-repo-moved.mdwn | 7 | ||||
-rw-r--r-- | website/news/release-0.12-1.mdwn | 9 | ||||
-rw-r--r-- | website/sidebar.mdwn (renamed from website/templates/nav.mdwn) | 0 | ||||
-rw-r--r-- | website/similar.mdwn | 1 | ||||
-rw-r--r-- | website/trust-models.mdwn | 21 | ||||
-rw-r--r-- | website/why.mdwn | 44 |
19 files changed, 262 insertions, 108 deletions
diff --git a/website/archive-key.mdwn b/website/archive-key.mdwn index 898c7e5..45ac86e 100644 --- a/website/archive-key.mdwn +++ b/website/archive-key.mdwn @@ -1,5 +1,4 @@ [[meta title="Monkeysphere archive signing key"]] -[[!template id="nav"]] [[toc ]] ## Verifying the key ## @@ -70,8 +69,21 @@ ly087Guvw8G8TdQcubteFYQDIxIc2atZkjEn3oCjtZgk8mdDlCjLQYgHV1/o+eWd S31RCBx16I7tJya0fwJJRC7qZWf7hrPdi7eqcecqyr26X5upV+Irjv5qYu/6HAGb 59W6n+8KTfMxEMaBQI6qZXxhaBr3HzEaSrz7jtkl+xxym2TGkbarXcm7e7MP66Hu GD5UCC3svhAAxKXf4K/8v7WhwBpekF9mXtgpq72Du2JG9q+OAWhxzZXbZku+RY7T -a83wKc1TaPvzK2WZlhNGjcCYSUXcfQOSn5noVTUukW3DNEKP5BmwkvVd -=Xex0 +a83wKc1TaPvzK2WZlhNGjcCYSUXcfQOSn5noVTUukW3DNEKP5BmwkvVdiEYEEBEC +AAYFAki9wXQACgkQ9n4qXRzy1ioXYwCgmzCV+o+Ai0gNx0pt9shofcjfJoAAoInV +mhn36lBeDh/E6cigrUlkdDGWiQIcBBABAgAGBQJIvdcSAAoJEO00zqvie6q8sB4Q +AKDLTKqtiONf4FkMCZFcMxQyiALcy76zTW9L2oK90zKRhKSt5RPnVmDVyiinBcRJ +h0lEkpxoqSrs+0XvASWC3RzWLEbW6XXsuHO1RXFsC3FNbe0HkHenirenFkitPMDX +Q5gHmCJ6yiq2ssuzXAG9vZ4HjkUINBgkeMASiTRC7o0we7jFSRzOTCs4WWdsavrx +7bhCadeC35ISldTSo6nOP3laPctPcLD83cJszzQyHr/LjF6KYr6n85NAwIt/oxHh +EUxmezx+lMwWHdr9TQzXzU8cxLSBZ+c+PuZ/NuHz9fOv87eaFDNEqKli9zhzh4eA +EMeiWKQXHYlmEUUWnZoea46jdjBrvHphogqlCjzMDHtg/pWOsYrGeXjjZ352SGN4 +vyinkdxwUppGQATz55WyiWIzCY1Kt7lqaQHfAM1NgVdoCQ0stlulIO4LVepHRiAY +HO4EPeQO6pVGGHWCzJyEcMcaBsYGpr9DndSNd66O+Gyeq8QobKnvTH25kwVt/8t1 +9nS+7NLwBrqXCISeDrOQYq5XeCdvpAuJy4CEN5muQWRdUPekE2dh7qcVUdROepq0 +1wMemkmgTLlA0Md7ZdZqsllKhVQ7/HOFzshEaj/VcFrQshuIAjDZFN/OrGLX/NcL +tcaBmD9lZSQ3CyxnBUTeMdJCOLOK050jNvsEsM89FL+g +=bJWl -----END PGP PUBLIC KEY BLOCK----- </pre> @@ -94,17 +106,17 @@ tag `$TAG` on architecture `$ARCH`, do: git clone git://git.monkeysphere.info/monkeysphere cd monkeysphere - git tag -v $TAG - git checkout $TAG + git tag -v "$TAG" + git checkout "$TAG" debuild -uc -us cd repo - reprepro -C monkeysphere include experimental ../$TAG_$ARCH.changes + reprepro -C monkeysphere include experimental "../$TAG_$ARCH.changes" When you get a binary package built from a separate architecture `$NEWARCH` that you want to include with the archive, do: cd repo - reprepro -C monkeysphere includedeb experimental ../$TAG_$NEWARCH.deb + reprepro -C monkeysphere includedeb experimental "../$TAG_$NEWARCH.deb" To publish the archive, make sure you have access to `archivemaster@george.riseup.net`, and then do: diff --git a/website/bugs.mdwn b/website/bugs.mdwn index 06a4d3a..30bccd1 100644 --- a/website/bugs.mdwn +++ b/website/bugs.mdwn @@ -1,5 +1,4 @@ -[[!template id="nav"]] -[[meta title="Bugs"]] +[[meta title="Open Bugs"]] This is Monkeysphere's bug list. You can also browse our [completed bugs](done). If you don't have commit access to the public repo, we'd appreciate diff --git a/website/bugs/done.mdwn b/website/bugs/done.mdwn index 282e804..dc331f9 100644 --- a/website/bugs/done.mdwn +++ b/website/bugs/done.mdwn @@ -1,4 +1,4 @@ -[[!template id="nav"]] +[[meta title="Completed Bugs"]] Recently fixed [[bugs]]. diff --git a/website/bugs/handle-passphrase-locked-secret-keys.mdwn b/website/bugs/handle-passphrase-locked-secret-keys.mdwn index bc2a64c..b58650e 100644 --- a/website/bugs/handle-passphrase-locked-secret-keys.mdwn +++ b/website/bugs/handle-passphrase-locked-secret-keys.mdwn @@ -1,4 +1,4 @@ -[[meta title="MonkeySphere needs to be able to cleanly export passphrase-locked secret keys from the GPG keyring"]] +[[meta title="MonkeySphere can't deal with passphrase-locked primary keys"]] At the moment, the only tool we have to export passphrase-locked secret keys from the GPG keyring is `gpg` itself (and `gpg2`, which @@ -100,6 +100,18 @@ Other alternatives? Can this bug be closed? dkg [reported in a comment for a related bug](/bugs/install-seckey2sshagent-in-usr-bin/): - Version 0.11-1 now has the monkeysphere subkey-to-ssh-agent - subcommand, which works cleanly in the presence of a - functionally-patched GnuTLS. + Version 0.11-1 now has the monkeysphere subkey-to-ssh-agent + subcommand, which works cleanly in the presence of a + functionally-patched GnuTLS. + +-------- + +Even with the patched GnuTLS, monkeysphere currently can't currently +deal with passphrase-locked primary keys. I've changed the title of +this bug, but i'd like to keep it open until we are able to deal with +that. The other comments here seem still quite relevant to that +need. + +I've changed the title of this bug to reflect the narrowed scope. + + --dkg diff --git a/website/bugs/monkeysphere-ssh-proxycommand-quiet-option.mdwn b/website/bugs/monkeysphere-ssh-proxycommand-quiet-option.mdwn index 4070d0a..b814d35 100644 --- a/website/bugs/monkeysphere-ssh-proxycommand-quiet-option.mdwn +++ b/website/bugs/monkeysphere-ssh-proxycommand-quiet-option.mdwn @@ -245,3 +245,7 @@ I'll leave the bug open for a bit until it get more tested and 0.12 gets pushed out. -- BJ + +--- + +I think this is [[/bugs/done]] as of version 0.12-1. diff --git a/website/bugs/setup-test-server-for-public.mdwn b/website/bugs/setup-test-server-for-public.mdwn index c926dc6..5b05759 100644 --- a/website/bugs/setup-test-server-for-public.mdwn +++ b/website/bugs/setup-test-server-for-public.mdwn @@ -75,3 +75,10 @@ and I'm not really willing to maintain it myself, but if someone else wants to handle that, that would be fine with me. -- jgr + +--- + +i'm not really willing to maintain anything extra either, so i'm +closing this ticket as [[bugs/done]]. + +--dkg diff --git a/website/community.mdwn b/website/community.mdwn index b06637b..79e6da7 100644 --- a/website/community.mdwn +++ b/website/community.mdwn @@ -1,5 +1,3 @@ -[[!template id="nav"]] - [[meta title="Community"]] ## Mailing list ## @@ -41,10 +39,11 @@ offering: Micah Anderson: git clone git://labs.riseup.net/~micah/monkeysphere - ## Contact ## Please feel free to contact any of the Monkeysphere developers or post to the mailing list with questions, comments, bug reports, requests, -etc. +etc. If you contact a developer individually, please indicate if +there is any part of your note that can be made public (we might want +to post it to the web here). diff --git a/website/doc.mdwn b/website/doc.mdwn index 634afd9..997c34d 100644 --- a/website/doc.mdwn +++ b/website/doc.mdwn @@ -1,4 +1,3 @@ -[[!template id="nav"]] [[meta title="Documentation"]] ## Dependencies ## diff --git a/website/download.mdwn b/website/download.mdwn index ad14bce..cc83adf 100644 --- a/website/download.mdwn +++ b/website/download.mdwn @@ -1,4 +1,4 @@ -[[!template id="nav"]] +[[meta title="Download"]] ## Downloading and Installing ## @@ -6,7 +6,7 @@ If you are running a Debian system, you can install Monkeysphere by following these directions: You can add this repo to your system by putting the following lines in -/etc/apt/sources.list.d/monkeysphere.list: +`/etc/apt/sources.list.d/monkeysphere.list`: deb http://archive.monkeysphere.info/debian experimental monkeysphere deb-src http://archive.monkeysphere.info/debian experimental monkeysphere diff --git a/website/index.mdwn b/website/index.mdwn index 5b757fa..a7d074e 100644 --- a/website/index.mdwn +++ b/website/index.mdwn @@ -1,17 +1,18 @@ -[[!template id="nav"]] +The Monkeysphere project's goal is to extend OpenPGP's web of trust to +new areas of the Internet to help us securely identify each other +while we work online. -The Monkeysphere project's goal is to extend the web of trust model -and other features of OpenPGP to other areas of the Internet to help -us securely identify each other while we work online. +Specifically, monkeysphere currently offers a framework to leverage +the OpenPGP web of trust for OpenSSH authentication. -Specifically, monkeysphere is a framework to leverage the OpenPGP web -of trust for OpenSSH authentication. In other words, it allows you to -use your OpenPGP keys when using secure shell to both identify -yourself and the servers you administer or connect to. OpenPGP keys -are tracked via GnuPG, and managed in the `known_hosts` and -`authorized_keys` files used by OpenSSH for connection authentication. +In other words, it allows you to use secure shell as you normally do, +but to identify yourself and the servers you administer or connect to +with your OpenPGP keys. OpenPGP keys are tracked via GnuPG, and +monkeysphere manages the `known_hosts` and `authorized_keys` files +used by OpenSSH for authentication, checking them for cryptographic +validity. -## Conceptual overview ## +## Overview ## Everyone who has used secure shell is familiar with the prompt given the first time you log in to a new server, asking if you want to trust @@ -50,8 +51,6 @@ invites broader participation in the [OpenPGP](http://en.wikipedia.org/wiki/Openpgp) [web of trust](http://en.wikipedia.org/wiki/Web_of_trust). -## Technical details ## - Under the Monkeysphere, both parties to an OpenSSH connection (client and server) explicitly designate who they trust to certify the identity of the other party. These trust designations are explicitly @@ -62,51 +61,10 @@ No modification is made to the SSH protocol on the wire (it continues to use raw RSA public keys), and no modification is needed to the OpenSSH software. -To emphasize: *no modifications to SSH are required to use the -Monkeysphere*. OpenSSH can be used as is; completely unpatched and +To emphasize: ***no modifications to SSH are required to use the +Monkeysphere***. OpenSSH can be used as is; completely unpatched and "out of the box". -## Philosophy ## - -Humans (and -[monkeys](http://www.scottmccloud.com/comics/mi/mi-17/mi-17.html)) -have the innate capacity to keep track of the identities of only a -finite number of people. After our social sphere exceeds several dozen -or several hundred (depending on the individual), our ability to -remember and distinguish people begins to break down. In other words, -at a certain point, we can't know for sure that the person we ran into -in the produce aisle really is the same person who we met at the party -last week. - -For most of us, this limitation has not posed much of a problem in our -daily, off-line lives. With the Internet, however, we have an ability -to interact with vastly larger numbers of people than we had -before. In addition, on the Internet we lose many of our tricks for -remembering and identifying people (physical characteristics, sound of -the voice, etc.). - -Fortunately, with online communications we have easy access to tools -that can help us navigate these problems. -[OpenPGP](http://en.wikipedia.org/wiki/Openpgp) (a cryptographic -protocol commonly used for sending signed and encrypted email -messages) is one such tool. In its simplest form, it allows us to -sign our communication in such a way that the recipient can verify the -sender. - -OpenPGP goes beyond this simple use to implement a feature known as -the [web of trust](http://en.wikipedia.org/wiki/Web_of_trust). The web -of trust allows people who have never met in person to communicate -with a reasonable degree of certainty that they are who they say they -are. It works like this: Person A trusts Person B. Person B verifies -Person C's identity. Then, Person A can verify Person C's identity -because of their trust of Person B. - -The Monkeyshpere's broader goals are to extend the use of OpenPGP from -email communications to other activities, such as: - - * conclusively identifying the remote server in a remote login session - * granting access to servers to people we've never directly met - ## Links ## * [OpenSSH](http://openssh.com/) diff --git a/website/local.css b/website/local.css index b9d7287..69defae 100644 --- a/website/local.css +++ b/website/local.css @@ -1,29 +1,28 @@ h2 { --moz-border-radius-topleft:4px; --moz-border-radius-topright:4px; -background-color:#B67B4E; -color:black; -display:block; -font-weight:bold; -padding:0 0 0 10px; + -moz-border-radius: 4px; + background-color: #B67B4E; + color: black; + display: block; + font-weight: bold; + padding: 0 0 0 10px; } body { -color:#3F403F; -font-family:"Liberation Sans",sans-serif; -font-size:0.95em; + color: #3F403F; + font-family: "Liberation Sans",sans-serif; + font-size: 0.95em; } *|*:visited -color:#f6a464; + color: #f6a464; } *|*:-moz-any-link { -text-decoration:none; + text-decoration: none; } :-moz-any-link { -cursor:pointer; + cursor: pointer; } a:link { @@ -40,23 +39,23 @@ a:hover { } pre { - background: #ddd; - border: 1px solid #aaa; - padding: 3px 3px 3px 3px; - margin-left: 2em; + background: #ddd; + border: 1px solid #aaa; + padding: 3px 3px 3px 3px; + margin-left: 2em; } table.sitenav { - border-bottom: 2px solid black; - padding: 0px; - width: 100%; - font-size: larger; + border-bottom: 2px solid black; + padding: 0px; + width: 100%; + font-size: larger; } table.sitenav img.logo { - margin: 0px; - padding: 0px; - vertical-align: bottom; + margin: 0px; + padding: 0px; + vertical-align: bottom; } table.sitenav a { @@ -71,9 +70,20 @@ table.sitenav span.selflink { } div.header { - text-align: right; + text-align: right; + display: none; } div.actions { - text-align: right; + text-align: right; + display: none; +} + +#sidebar { + line-height: normal; + width: 100%; + float: none; + margin: 0; + padding: 0; } + diff --git a/website/mirrors.mdwn b/website/mirrors.mdwn new file mode 100644 index 0000000..feee9bd --- /dev/null +++ b/website/mirrors.mdwn @@ -0,0 +1,81 @@ +[[meta title="Mirroring the web site"]] + +In keeping with the philosophy of distributed development, our web site is +stored in our git repositories and converted into html by +[ikiwiki](http://ikiwiki.info/). + +We're mirrored on several servers. Rather than using ikiwiki's [pinger/pingee +approach to distribution](http://ikiwiki.info/tips/distributed_wikis/), we've +opted for a method that uses ssh. + +The steps for creating a new mirror are: + +## Steps to take on the mirror server ## + +Add etch-backports to your /etc/apt/sources.list: + + deb http://www.backports.org/debian etch-backports main contrib non-free + +Add the following lines to your /etc/apt/preferences file: + + Package: ikiwiki + Pin: release a=etch-backports + Pin-Priority: 999 + + # needed by ikiwiki + Package: libcgi-formbuilder-perl + Pin: release a=etch-backports + Pin-Priority: 999 + + Package: git-core + Pin: release a=etch-backports + Pin-Priority: 999 + +Install git-core and ikiwiki + + aptitude update; aptitutde install git-core ikiwiki + +Create a new user. Change the new users shell to git-shell: + + adduser -s /usr/bin/git-shell <username> + +Add webmaster@george's public key to this user's ~/.ssh/authorized_keys file + +Add web site configuration that the user has write access to. If you are using Apache, include the following rewrite: + + RewriteEngine On + RewriteCond %{HTTP_HOST} !^(YOURHOSTNAME|web)\.monkeysphere\.info$ [NC] + RewriteCond %{HTTP_HOST} !^$ + RewriteRule ^/(.*) http://web.monkeysphere.info/$1 [L,R] + +Upload and edit ikiwiki.setup.sample from the docs directory + +As the new user, create two new git repos + + mkdir monkeysphere.git; cd monkeysphere.git; git init --bare; cd ../ + git clone monkeysphere.git # this will create a second git repo called monkeysphere + +Change the mode of monkeysphere.git/hooks/post-receive to 755 + + chmod 755 monkesphere.git/hooks/post-receive + +Edit the file so that it executes the post-receive hook ikiwiki generates (as +you specified in the ikiwiki.setup file) + +## Admin steps to take to enable the configuration ## + +Add a new dns record for SERVERNAME.monkeysphere.info. + +Test the ssh connection by logging in as webmaster@george.riseup.net + +Add the new server as a remote on webmaster@george.riseup.net:monkeysphere.git + + cd ~/monkeysphere.git + git add remote SERVERNAME USER@SERVERNAME.monkeysphere.info:/path/to/repo + +Test: + + git push SERVERNAME + + + diff --git a/website/news.mdwn b/website/news.mdwn index 7380eff..359e02b 100644 --- a/website/news.mdwn +++ b/website/news.mdwn @@ -1,4 +1,3 @@ -[[!template id="nav"]] [[meta title="News"]] Here are the latest announcements about the Monkeysphere. diff --git a/website/news/apt-repo-moved.mdwn b/website/news/apt-repo-moved.mdwn index 8f0bf81..501cc23 100644 --- a/website/news/apt-repo-moved.mdwn +++ b/website/news/apt-repo-moved.mdwn @@ -5,4 +5,11 @@ The monkeysphere APT repository has been moved from `http://archive.monkeysphere.info/debian`. You'll probably want to update your `sources.list` to match the [official lines](/download). +The monkeysphere APT repository is also using [a new archive signing +key](/archive-key): + + pub 4096R/EB8AF314 2008-09-02 [expires: 2009-09-02] + Key fingerprint = 2E8D D26C 53F1 197D DF40 3E61 18E6 67F1 EB8A F314 + uid [ full ] Monkeysphere Archive Signing Key (http://archive.monkeysphere.info/debian) + Apologies for any confusion or hassle this causes! diff --git a/website/news/release-0.12-1.mdwn b/website/news/release-0.12-1.mdwn new file mode 100644 index 0000000..ed1ecbb --- /dev/null +++ b/website/news/release-0.12-1.mdwn @@ -0,0 +1,9 @@ +[[meta title="MonkeySphere 0.12-1 released!"]] + +# MonkeySphere 0.12-1 released! # + +MonkeySphere 0.12-1 has been released. This release includes +documentation updates, and a re-organized logging subsystem with +various levels of verbosity, modeled after LogLevel in OpenSSH. + +[[download]] it now! diff --git a/website/templates/nav.mdwn b/website/sidebar.mdwn index 33ab8ce..33ab8ce 100644 --- a/website/templates/nav.mdwn +++ b/website/sidebar.mdwn diff --git a/website/similar.mdwn b/website/similar.mdwn index ae3f728..271d5ea 100644 --- a/website/similar.mdwn +++ b/website/similar.mdwn @@ -1,4 +1,3 @@ -[[!template id="nav"]] [[meta title="Similar Projects"]] The monkeysphere isn't the only project intending to implement a PKI diff --git a/website/trust-models.mdwn b/website/trust-models.mdwn new file mode 100644 index 0000000..60aa680 --- /dev/null +++ b/website/trust-models.mdwn @@ -0,0 +1,21 @@ +[[meta title +You can see your trust database parameters like this: + + gpg --with-colons --list-key bogusgarbagehere 2>/dev/null | head -n1 + +for me, it looks like this: + + tru::1:1220401097:1220465006:3:1:5 + +These colon-delimited records say (in order): + + * `tru`: this is a trust database record + * `<empty>`: the trust database is not stale (might be 'o' for old, or 't' for "built with different trust model and not yet updated") + * `1`: uses new "PGP" trust model: this is just the old trust model plus trust signatures. I'll go into trust signatures later. + * `1220401097`: seconds since the epoch that i created the trust db. + * `1220465006`: seconds after the epoch that the trustdb will need to be rechecked (usually due to the closest pending expiration, etc) + * `3`: Either 3 certifications from keys with marginal ownertrust are needed for full User ID+Key validity + * `1`: Or 1 certification from a key with full ownertrust is needed for full User ID+Key validity + * `5`: max_cert_depth (not sure exactly how this is used) + + diff --git a/website/why.mdwn b/website/why.mdwn index 5dc0e05..3366439 100644 --- a/website/why.mdwn +++ b/website/why.mdwn @@ -1,5 +1,3 @@ -[[!template id="nav"]] - [[meta title="Why should you be interested in the MonkeySphere?"]] [[toc ]] @@ -33,7 +31,7 @@ ever connected to? [Get started with the monkeysphere as a user!](/getting-started-user) -## As an system administrator ## +## As a system administrator ## As a system administrator, have you ever tried to re-key an SSH server? How did you communicate the key change to your users? How @@ -137,3 +135,43 @@ than the current infrastructure allows, and is more meaningful to actual humans using these tools than some message like "Certified by GloboTrust". +## Philosophy ## + +Humans (and +[monkeys](http://www.scottmccloud.com/comics/mi/mi-17/mi-17.html)) +have the innate capacity to keep track of the identities of only a +finite number of people. After our social sphere exceeds several dozen +or several hundred (depending on the individual), our ability to +remember and distinguish people begins to break down. In other words, +at a certain point, we can't know for sure that the person we ran into +in the produce aisle really is the same person who we met at the party +last week. + +For most of us, this limitation has not posed much of a problem in our +daily, off-line lives. With the Internet, however, we have an ability +to interact with vastly larger numbers of people than we had +before. In addition, on the Internet we lose many of our tricks for +remembering and identifying people (physical characteristics, sound of +the voice, etc.). + +Fortunately, with online communications we have easy access to tools +that can help us navigate these problems. +[OpenPGP](http://en.wikipedia.org/wiki/Openpgp) (a cryptographic +protocol commonly used for sending signed and encrypted email +messages) is one such tool. In its simplest form, it allows us to +sign our communication in such a way that the recipient can verify the +sender. + +OpenPGP goes beyond this simple use to implement a feature known as +the [web of trust](http://en.wikipedia.org/wiki/Web_of_trust). The web +of trust allows people who have never met in person to communicate +with a reasonable degree of certainty that they are who they say they +are. It works like this: Person A trusts Person B. Person B verifies +Person C's identity. Then, Person A can verify Person C's identity +because of their trust of Person B. + +The Monkeyshpere's broader goals are to extend the use of OpenPGP from +email communications to other activities, such as: + + * conclusively identifying the remote server in a remote login session + * granting access to servers to people we've never directly met |