From 1a19643197dafa975de9cae717cef3f4608879d8 Mon Sep 17 00:00:00 2001
From: Jameson Graef Rollins <jrollins@phys.columbia.edu>
Date: Wed, 18 Jun 2008 23:31:35 -0400
Subject: Add more nuanced keyserver checking policy, including a defered check
 if key is not in keyring, but is in known_hosts.

---
 src/monkeysphere-ssh-proxycommand | 46 +++++++++++++++++++++++++++++----------
 1 file changed, 35 insertions(+), 11 deletions(-)

diff --git a/src/monkeysphere-ssh-proxycommand b/src/monkeysphere-ssh-proxycommand
index 4b90a0d..4cbcd51 100755
--- a/src/monkeysphere-ssh-proxycommand
+++ b/src/monkeysphere-ssh-proxycommand
@@ -13,9 +13,6 @@
 # established.  Can be added to ~/.ssh/config as follows:
 #  ProxyCommand monkeysphere-ssh-proxycommand %h %p
 
-HOST="$1"
-PORT="$2"
-
 usage() {
 cat <<EOF >&2
 usage: ssh -o ProxyCommand="$(basename $0) %h %p" ...
@@ -26,6 +23,14 @@ log() {
     echo "$@" >&2
 }
 
+if [ "$1" = '--no-connect' ] ; then
+    NO_CONNECT='true'
+    shift 1
+fi
+
+HOST="$1"
+PORT="$2"
+
 if [ -z "$HOST" ] ; then
     log "host must be specified."
     usage
@@ -37,20 +42,39 @@ if [ -z "$PORT" ] ; then
     exit 1
 fi
 
-# check for the host key in the known_hosts file
-hostKey=$(ssh-keygen -F "$HOST")
+# set the host URI
+URI="ssh://${HOST}"
+if [ "$PORT" != '22' ] ; then
+    URI="${URI}:$PORT"
+fi
 
-# if the host key is found in the known_hosts file,
-# don't check the keyserver
-if [ "$hostKey" ] ; then
+# if the host is in the gpg keyring...
+if gpg --list-key ="${URI}" >/dev/null ; then
+    # do not check the keyserver
     CHECK_KEYSERVER="false"
+# if the host is NOT in the keyring...
 else
-    CHECK_KEYSERVER="true"
+    # if the host key is found in the known_hosts file...
+    # FIXME: this only works for default known_hosts location
+    hostKey=$(ssh-keygen -F "$HOST")
+    if [ "$hostKey" ] ; then
+	# if the check keyserver variable is NOT set to true...
+	if  [ "$CHECK_KEYSERVER" != 'true' ] ; then
+	    # schedule a keyserver check for host at a later time
+	    echo "monkeysphere update-known_hosts $HOST" | at noon
+	fi
+    # if the host key is not found in the known_hosts file...
+    else
+	# check the keyserver
+	CHECK_KEYSERVER="true"
+    fi
 fi
 export CHECK_KEYSERVER
 
 # update the known_hosts file for the host
-monkeysphere update-known-hosts "$HOST"
+monkeysphere update-known_hosts "$HOST"
 
 # exec a netcat passthrough to host for the ssh connection
-exec nc "$HOST" "$PORT"
+if [ -z "$NO_CONNECT" ] ; then
+    exec nc "$HOST" "$PORT"
+fi
-- 
cgit v1.2.3


From dcba8ebebf480a051f2b872f89ccbe68ad642f61 Mon Sep 17 00:00:00 2001
From: Jameson Graef Rollins <jrollins@phys.columbia.edu>
Date: Wed, 18 Jun 2008 23:48:37 -0400
Subject: Update to new agreed default host key usage flag (only "a" required
 for users and hosts). Update TODO file. Some other small changes.

---
 doc/TODO              | 31 +++++++++++++++++++++++++++----
 etc/monkeysphere.conf |  6 +++++-
 src/common            |  8 ++++----
 src/monkeysphere      |  2 +-
 4 files changed, 37 insertions(+), 10 deletions(-)

diff --git a/doc/TODO b/doc/TODO
index 905d198..0402b46 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -4,13 +4,11 @@ Next-Steps Monkeysphere Projects:
 Handle unknown hosts in such a way that they're not always removed
    from known_hosts file.  Ask user to lsign the host key?
 
-Handle multiple multiple hostnames (multiple user IDs?) when
-   generating host keys with gen-key.
+Handle multiple hostnames (multiple user IDs?) when generating host
+   keys with gen-key.
 
 Make sure alternate ports are handled for known_hosts.
 
-Add environment variables sections to man pages.
-
 Script to import private key into ssh agent.
 
 Provide a friendly interactive UI for marginal or failing client-side
@@ -49,3 +47,28 @@ Make it easier to do domain-relative ssh host trust signatures with
    "tsign" in gpg(1).
 
 Fix the order of questions when user does a tsign in gpg or gpg2.
+
+File bug against ssh-keygen about how "-R" option removes comments
+   from known_hosts file.
+
+File bug against ssh-keygen to see if we can get it to write to hash a
+   known_hosts file to/from stdout/stdin.
+
+Note all threat model reductions (with diagrams).
+
+Add environment variables sections to man pages.
+
+Environment variable scoping.
+
+Move environment variable precedence before conf file.
+
+Handle lockfiles when modifying known_hosts or authorized_keys.
+
+When using ssh-proxycommand, if only host keys found are expired or
+   revoked, then output loud warning with prompt, or fail hard.
+
+Update monkeysphere-ssh-proxycommand man page with new keyserver
+   checking policy info.
+
+Update monkeysphere-ssh-proxycommand man page with info about
+   no-connect option.
diff --git a/etc/monkeysphere.conf b/etc/monkeysphere.conf
index 17c1a14..f2ba4a7 100644
--- a/etc/monkeysphere.conf
+++ b/etc/monkeysphere.conf
@@ -15,7 +15,7 @@
 #   s = sign
 #   c = certify
 #   a = authentication
-#REQUIRED_HOST_KEY_CAPABILITY="e a"
+#REQUIRED_HOST_KEY_CAPABILITY="a"
 #REQUIRED_USER_KEY_CAPABILITY="a"
 
 # ssh known_hosts file
@@ -27,3 +27,7 @@
 
 # ssh authorized_keys file
 #AUTHORIZED_KEYS=~/.ssh/known_hosts
+
+# This overrides other environment variables
+# NOTE: there is leakage
+#CHECK_KEYRING=true
diff --git a/src/common b/src/common
index ac43f0a..9b06b1d 100644
--- a/src/common
+++ b/src/common
@@ -73,7 +73,7 @@ unescape() {
 }
 
 # remove all lines with specified string from specified file
-remove_file_line() {
+remove_line() {
     local file
     local string
 
@@ -395,7 +395,7 @@ remove_userid() {
 
     # remove user ID from file
     log -n " removing user ID '$userID'... "
-    remove_file_line "$AUTHORIZED_USER_IDS" "^${userID}$"
+    remove_line "$AUTHORIZED_USER_IDS" "^${userID}$"
     loge "done."
 }
 
@@ -416,7 +416,7 @@ process_host_known_hosts() {
     while read -r ok keyid ; do
 	sshKey=$(gpg2ssh "$keyid")
 	# remove the old host key line
-	remove_file_line "$KNOWN_HOSTS" "$sshKey"
+	remove_line "$KNOWN_HOSTS" "$sshKey"
 	# if key OK, add new host line
 	if [ "$ok" -eq '0' ] ; then
 	    # hash if specified
@@ -449,7 +449,7 @@ process_uid_authorized_keys() {
     while read -r ok keyid ; do
 	sshKey=$(gpg2ssh "$keyid")
 	# remove the old host key line
-	remove_file_line "$AUTHORIZED_KEYS" "$sshKey"
+	remove_line "$AUTHORIZED_KEYS" "$sshKey"
 	# if key OK, add new host line
 	if [ "$ok" -eq '0' ] ; then
 	    ssh2authorized_keys "$userID" "$sshKey" >> "$AUTHORIZED_KEYS"
diff --git a/src/monkeysphere b/src/monkeysphere
index 6853f58..a6cecfd 100755
--- a/src/monkeysphere
+++ b/src/monkeysphere
@@ -115,7 +115,7 @@ AUTHORIZED_USER_IDS=${AUTHORIZED_USER_IDS:-"${MS_HOME}/authorized_user_ids"}
 GNUPGHOME=${GNUPGHOME:-"${HOME}/.gnupg"}
 KEYSERVER=${KEYSERVER:-"subkeys.pgp.net"}
 CHECK_KEYSERVER=${CHECK_KEYSERVER:="true"}
-REQUIRED_HOST_KEY_CAPABILITY=${REQUIRED_HOST_KEY_CAPABILITY:-"e a"}
+REQUIRED_HOST_KEY_CAPABILITY=${REQUIRED_HOST_KEY_CAPABILITY:-"a"}
 REQUIRED_USER_KEY_CAPABILITY=${REQUIRED_USER_KEY_CAPABILITY:-"a"}
 KNOWN_HOSTS=${KNOWN_HOSTS:-"${HOME}/.ssh/known_hosts"}
 AUTHORIZED_KEYS=${AUTHORIZED_KEYS:-"${HOME}/.ssh/authorized_keys"}
-- 
cgit v1.2.3


From 6ee67a218916f6f9c30dfe9787109017c11e8185 Mon Sep 17 00:00:00 2001
From: Jameson Graef Rollins <jrollins@phys.columbia.edu>
Date: Wed, 18 Jun 2008 23:53:09 -0400
Subject: Update TODO after merge.

---
 doc/TODO | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/doc/TODO b/doc/TODO
index c17ef61..3538fbf 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -3,10 +3,10 @@ Next-Steps Monkeysphere Projects:
 
 Detail advantages of monkeysphere: detail the race conditions in ssh,
    and how the monkeysphere can help you reduce these threat vectors:
-   threat model reduction diagrams 
+   threat model reduction diagrams.
 
 Determine how openssh handles multiple processes writing to
-   known_hosts file (atomic appends?)
+   known_hosts/authorized_keys files (lockfile, atomic appends?)
 
 Handle unknown hosts in such a way that they're not always removed
    from known_hosts file.  Ask user to lsign the host key?
@@ -61,16 +61,12 @@ File bug against ssh-keygen about how "-R" option removes comments
 File bug against ssh-keygen to see if we can get it to write to hash a
    known_hosts file to/from stdout/stdin.
 
-Note all threat model reductions (with diagrams).
-
 Add environment variables sections to man pages.
 
 Environment variable scoping.
 
 Move environment variable precedence before conf file.
 
-Handle lockfiles when modifying known_hosts or authorized_keys.
-
 When using ssh-proxycommand, if only host keys found are expired or
    revoked, then output loud warning with prompt, or fail hard.
 
-- 
cgit v1.2.3


From fadd814ce4351c3869e49d91b31aa5b2efc68a01 Mon Sep 17 00:00:00 2001
From: Jameson Graef Rollins <jrollins@phys.columbia.edu>
Date: Wed, 18 Jun 2008 23:58:01 -0400
Subject: update george changelog

---
 doc/george/changelog | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/doc/george/changelog b/doc/george/changelog
index 2442061..5d35355 100644
--- a/doc/george/changelog
+++ b/doc/george/changelog
@@ -7,6 +7,9 @@
 *  changes to this system 					             *
 ******************************************************************************
 
+2008-06-18 - jrollins
+	* installed less, emacs;
+	* aptitude update && aptitude dist-upgrade
 
 2008-06-18 - micah
 	* debootstrap'd debian etch install
-- 
cgit v1.2.3