From 6d4dbe49e803c76d1c8ac3550aff6c246a251371 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Thu, 14 Aug 2008 21:05:26 -0700 Subject: commit bug comment --- website/bugs/setup-test-server-for-public.mdwn | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/website/bugs/setup-test-server-for-public.mdwn b/website/bugs/setup-test-server-for-public.mdwn index aa6da61..c926dc6 100644 --- a/website/bugs/setup-test-server-for-public.mdwn +++ b/website/bugs/setup-test-server-for-public.mdwn @@ -67,3 +67,11 @@ Which would create the `foo` account, populate someplace, and send a welcome letter. --dkg + +--- + +That idea really seems like a lot more trouble than it's worth to me, +and I'm not really willing to maintain it myself, but if someone else +wants to handle that, that would be fine with me. + +-- jgr -- cgit v1.2.3 From 2f89210eb11ccb0a7289f89a545697029b2bb9d7 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Thu, 14 Aug 2008 21:05:40 -0700 Subject: Add sorting of the processed key lines so that "good" keys are output at the end. This is done so that they take precedence over "bad" when being processed in key files. If bad keys are processed after good keys, there is a possibility of malicious bad key causing good keys to be continually removed from key files, which would be a big nuisance. --- src/common | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/common b/src/common index 9c76bd1..17955a7 100644 --- a/src/common +++ b/src/common @@ -484,7 +484,10 @@ process_user_id() { fi ;; esac - done + done | sort -t: -k1 -n -r + # NOTE: this last sort is important so that the "good" keys (key + # flag '0') come last. This is so that they take precedence when + # being processed in the key files over "bad" keys (key flag '1') } # process a single host in the known_host file @@ -498,16 +501,15 @@ process_host_known_hosts() { local tmpfile host="$1" + userID="ssh://${host}" log "processing: $host" - userID="ssh://${host}" - nKeys=0 nKeysOK=0 IFS=$'\n' - for line in $(process_user_id "ssh://${host}") ; do + for line in $(process_user_id "${userID}") ; do # note that key was found nKeys=$((nKeys+1)) -- cgit v1.2.3 From d9f2518ac29723403af5069953eec07b47ea21be Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Thu, 14 Aug 2008 21:12:51 -0700 Subject: update changelog for last commit. --- debian/changelog | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index d4fdf9c..0d6155e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -8,8 +8,11 @@ monkeysphere (0.8-1) UNRELEASED; urgency=low [ Jameson Graef Rollins ] * fix another bug for when ssh key files are missing. + * sort processed keys so that "good" keys are processed after "bad" + keys. This will prevent malicious bad keys from causing good keys to + be removed from key files. - -- Jameson Graef Rollins Tue, 12 Aug 2008 17:58:09 -0700 + -- Jameson Graef Rollins Thu, 14 Aug 2008 21:12:43 -0700 monkeysphere (0.7-1) experimental; urgency=low -- cgit v1.2.3 From 0181b6fc50824941e4f7ac3f535a216b8189568e Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Thu, 14 Aug 2008 22:34:17 -0700 Subject: reorganize shortcuts for monkeysphere-server --- man/man8/monkeysphere-server.8 | 6 +++--- src/monkeysphere-server | 20 ++++++++++---------- .../reorganize-monkeysphere-server-shortcuts.mdwn | 3 +++ 3 files changed, 16 insertions(+), 13 deletions(-) diff --git a/man/man8/monkeysphere-server.8 b/man/man8/monkeysphere-server.8 index 527cae7..74e9a10 100644 --- a/man/man8/monkeysphere-server.8 +++ b/man/man8/monkeysphere-server.8 @@ -68,15 +68,15 @@ domain (e.g. "trust KEYID to certify user identities within the @example.org domain"). A certifier trust level can be specified with the `-t' or `--trust' option (possible values are `marginal' and `full' (default is `full')). A certifier trust depth can be specified -with the `-d' or `--depth' option (default is 1). `a' may be used in +with the `-d' or `--depth' option (default is 1). `c+' may be used in place of `add-identity-certifier'. .TP .B remove-identity-certifier KEYID Instruct system to ignore user identity certifications made by KEYID. -`r' may be used in place of `remove-identity-certifier'. +`c-' may be used in place of `remove-identity-certifier'. .TP .B list-identity-certifiers -List key IDs trusted by the system to certify user identities. `l' +List key IDs trusted by the system to certify user identities. `c' may be used in place of `list-identity-certifiers'. .TP .B gpg-authentication-cmd diff --git a/src/monkeysphere-server b/src/monkeysphere-server index d9b8676..21973dd 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -43,16 +43,16 @@ subcommands: -l|--length BITS key length in bits (2048) -e|--expire EXPIRE date to expire -r|--revoker FINGERPRINT add a revoker - show-fingerprint (f) show server's host key fingerprint - publish-key (p) publish server's host key to keyserver - diagnostics (d) report on the server's monkeysphere status + show-fingerprint (f) show server host key fingerprint + publish-key (p) publish server host key to keyserver + diagnostics (d) report on server monkeysphere status - add-identity-certifier (a) KEYID import and tsign a certification key - -n|--domain DOMAIN limit ID certifications to IDs in DOMAIN + add-id-certifier (c+) KEYID import and tsign a certification key + -n|--domain DOMAIN limit ID certifications to DOMAIN -t|--trust TRUST trust level of certifier (full) -d|--depth DEPTH trust depth for certifier (1) - remove-identity-certifier (r) KEYID remove a certification key - list-identity-certifiers (l) list certification keys + remove-id-certifier (c-) KEYID remove a certification key + list-id-certifiers (c) list certification keys gpg-authentication-cmd CMD gnupg-authentication command @@ -696,15 +696,15 @@ case $COMMAND in diagnostics ;; - 'add-identity-certifier'|'add-certifier'|'a') + 'add-identity-certifier'|'add-id-certifier'|'add-certifier'|'c+') add_certifier "$1" ;; - 'remove-identity-certifier'|'remove-certifier'|'r') + 'remove-identity-certifier'|'remove-id-certifier'|'remove-certifier'|'c-') remove_certifier "$1" ;; - 'list-identity-certifiers'|'list-certifiers'|'list-certifier'|'l') + 'list-identity-certifiers'|'list-id-certifiers'|'list-certifiers'|'list-certifier'|'c') list_certifiers "$@" ;; diff --git a/website/bugs/reorganize-monkeysphere-server-shortcuts.mdwn b/website/bugs/reorganize-monkeysphere-server-shortcuts.mdwn index 5a4b946..104bda7 100644 --- a/website/bugs/reorganize-monkeysphere-server-shortcuts.mdwn +++ b/website/bugs/reorganize-monkeysphere-server-shortcuts.mdwn @@ -17,3 +17,6 @@ This would let us create new subcommands like: * `revoke-host-name` (`n-`) * `list-host-names` (`n`) +--- + +[[bugs/done]] 2008-08-14 -- cgit v1.2.3 From bb35e6ff08dbd33d3f47e9c969eb3da3a9acf18d Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Fri, 15 Aug 2008 00:33:27 -0700 Subject: add start of add/revoke-hostname functions. revocation needs to be implemented. --- man/man8/monkeysphere-server.8 | 18 +++++++-- src/monkeysphere-server | 91 +++++++++++++++++++++++++++++++++++------- 2 files changed, 91 insertions(+), 18 deletions(-) diff --git a/man/man8/monkeysphere-server.8 b/man/man8/monkeysphere-server.8 index 74e9a10..8e7278b 100644 --- a/man/man8/monkeysphere-server.8 +++ b/man/man8/monkeysphere-server.8 @@ -44,9 +44,21 @@ specified with the `-e' or `--expire' option (prompt otherwise). A key revoker fingerprint can be specified with the `-r' or `--revoker' option. `g' may be used in place of `gen-key'. .TP -.B show-fingerprint -Show the fingerprint for the host's OpenPGP key. `f' may be used in place of -`show-fingerprint'. +.B add-hostname HOSTNAME +Add a hostname user ID to the server host key. `n+' may be used in +place of `add-hostname'. +.TP +.B revoke-hostname HOSTNAME +Revoke a hostname user ID from the server host key. `n-' may be used +in place of `revoke-hostname'. +.TP +.B show-key +Output gpg information about host's OpenPGP key. `s' may be used in +place of `show-key'. +.TP +.B fingerprint +Output just the fingerprint for the host's OpenPGP key. `f' may be +used in place of `fingerprint'. .TP .B publish-key Publish the host's OpenPGP key to the keyserver. `p' may be used in diff --git a/src/monkeysphere-server b/src/monkeysphere-server index 21973dd..598c3f7 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -39,11 +39,14 @@ MonkeySphere server admin tool. subcommands: update-users (u) [USER]... update user authorized_keys files - gen-key (g) [HOSTNAME] generate gpg key for the server + gen-key (g) [NAME[:PORT]] generate gpg key for the server -l|--length BITS key length in bits (2048) -e|--expire EXPIRE date to expire -r|--revoker FINGERPRINT add a revoker - show-fingerprint (f) show server host key fingerprint + add-hostname (n+) NAME[:PORT] add hostname user ID to server key + revoke-hostname (n-) NAME[:PORT] revoke hostname user ID + show-key (s) output all server host key information + fingerprint (f) output just the key fingerprint publish-key (p) publish server host key to keyserver diagnostics (d) report on server monkeysphere status @@ -97,6 +100,17 @@ gpg_authentication() { su_monkeysphere_user "gpg $@" } +# output key information +show_server_key() { + gpg_host --list-secret-keys --fingerprint +} + +# output just key fingerprint +fingerprint_server_key() { + gpg_host --list-secret-keys --fingerprint --with-colons --fixed-list-mode | \ + grep '^fpr:' | head -1 | cut -d: -f10 +} + # update authorized_keys for users update_users() { if [ "$1" ] ; then @@ -339,9 +353,8 @@ EOF # output the server fingerprint fingerprint_server_key "=${userID}" - # find the key fingerprint of the server primary key - fingerprint=$(gpg_host --list-key --with-colons --with-fingerprint "=${userID}" | \ - grep '^fpr:' | head -1 | cut -d: -f10) + # find the key fingerprint of the newly generated key + fingerprint=$(fingerprint_server_key) # export host ownertrust to authentication keyring log "setting ultimate owner trust for server key..." @@ -356,9 +369,47 @@ EOF log "Private SSH host key output to file: ${VARLIB}/ssh_host_rsa_key" } -# gpg output key fingerprint -fingerprint_server_key() { - gpg_host --fingerprint --list-secret-keys +# add hostname user ID to server key +add_hostname() { + if [ -z "$1" ] ; then + failure "You must specify a hostname to add." + fi + + userID="ssh://${1}" + + if [ "$(gpg_host --list-key "=${userID}")" ] ; then + failure "Host userID '$userID' already exists." + fi + + fingerprint=$(fingerprint_server_key) + + adduidCommand=$(cat < Date: Fri, 15 Aug 2008 00:49:49 -0700 Subject: enabled host key publication. be aware. --- debian/changelog | 3 ++- src/monkeysphere-server | 11 +++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/debian/changelog b/debian/changelog index 0d6155e..160d1d6 100644 --- a/debian/changelog +++ b/debian/changelog @@ -11,8 +11,9 @@ monkeysphere (0.8-1) UNRELEASED; urgency=low * sort processed keys so that "good" keys are processed after "bad" keys. This will prevent malicious bad keys from causing good keys to be removed from key files. + * enabled host key publication. - -- Jameson Graef Rollins Thu, 14 Aug 2008 21:12:43 -0700 + -- Jameson Graef Rollins Fri, 15 Aug 2008 00:48:22 -0700 monkeysphere (0.7-1) experimental; urgency=low diff --git a/src/monkeysphere-server b/src/monkeysphere-server index 598c3f7..3259e33 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -414,20 +414,19 @@ revoke_hostname() { # publish server key to keyserver publish_server_key() { - read -p "Really publish key to $KEYSERVER? (y/N) " OK; OK=${OK:=N} + read -p "Really publish host key to $KEYSERVER? (y/N) " OK; OK=${OK:=N} if [ ${OK/y/Y} != 'Y' ] ; then failure "aborting." fi + # find the key fingerprint + fingerprint=$(fingerprint_server_key) + # publish host key # FIXME: need to figure out better way to identify host key # dummy command so as not to publish fakes keys during testing # eventually: - #gpg_authentication "--keyserver $KEYSERVER --send-keys =ssh://$(hostname -f)" - echo "NOT PUBLISHED (to avoid permanent publication errors during monkeysphere development)." - echo "The following command should publish the key:" - echo "monkeysphere-server gpg-authentication-cmd '--keyserver $KEYSERVER --send-keys =ssh://$(hostname -f)'" - exit 255 + gpg_authentication "--keyserver $KEYSERVER --send-keys $fingerprint" } diagnostics() { -- cgit v1.2.3 From 6649b331ec60ae138c3c893d65e3465a57939c97 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Fri, 15 Aug 2008 00:52:25 -0700 Subject: update bugs --- website/bugs/allow-publishing-to-public-keyservers.mdwn | 4 ++++ website/bugs/reorganize-monkeysphere-server-shortcuts.mdwn | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/website/bugs/allow-publishing-to-public-keyservers.mdwn b/website/bugs/allow-publishing-to-public-keyservers.mdwn index c6c8057..1548775 100644 --- a/website/bugs/allow-publishing-to-public-keyservers.mdwn +++ b/website/bugs/allow-publishing-to-public-keyservers.mdwn @@ -14,3 +14,7 @@ using the public keyserver infrastructure. I suggest that we should actually enable this feature explicitly. (leaving in the prompt is fine, though it would be nice to be able to `--force` it or something). + +--- + +[[bugs/done]] 2008-08-15 in 6fb350a883fa4d8b1bc9b5e01cc3b01c96354d08 diff --git a/website/bugs/reorganize-monkeysphere-server-shortcuts.mdwn b/website/bugs/reorganize-monkeysphere-server-shortcuts.mdwn index 104bda7..ad66dd5 100644 --- a/website/bugs/reorganize-monkeysphere-server-shortcuts.mdwn +++ b/website/bugs/reorganize-monkeysphere-server-shortcuts.mdwn @@ -19,4 +19,4 @@ This would let us create new subcommands like: --- -[[bugs/done]] 2008-08-14 +[[bugs/done]] 2008-08-14 in 0181b6fc50824941e4f7ac3f535a216b8189568e -- cgit v1.2.3