From a96625fb216143164f12191526939f4c0afcd5a9 Mon Sep 17 00:00:00 2001 From: mike castleman Date: Sat, 15 Nov 2008 18:23:14 -0500 Subject: rename --- website/bugs/useful-information.mdwn | 10 ---------- website/bugs/useful_information.mdwn | 10 ++++++++++ 2 files changed, 10 insertions(+), 10 deletions(-) delete mode 100644 website/bugs/useful-information.mdwn create mode 100644 website/bugs/useful_information.mdwn diff --git a/website/bugs/useful-information.mdwn b/website/bugs/useful-information.mdwn deleted file mode 100644 index 0750354..0000000 --- a/website/bugs/useful-information.mdwn +++ /dev/null @@ -1,10 +0,0 @@ -I would like to know, at INFO (default) log level, when the -monkeyspehere makes a "real" modification to my known_hosts file; that -is, when it adds or deletes a key. - -Apparently this is hard because monkeysphere is currently configured to -delete all keys and then add good keys, so a key added for the first -time seems to the monkeysphere very similar to a key re-added ten -seconds after last login. - -Still, from a UI perspective, I want to know what monkeysphere is doing. diff --git a/website/bugs/useful_information.mdwn b/website/bugs/useful_information.mdwn new file mode 100644 index 0000000..0750354 --- /dev/null +++ b/website/bugs/useful_information.mdwn @@ -0,0 +1,10 @@ +I would like to know, at INFO (default) log level, when the +monkeyspehere makes a "real" modification to my known_hosts file; that +is, when it adds or deletes a key. + +Apparently this is hard because monkeysphere is currently configured to +delete all keys and then add good keys, so a key added for the first +time seems to the monkeysphere very similar to a key re-added ten +seconds after last login. + +Still, from a UI perspective, I want to know what monkeysphere is doing. -- cgit v1.2.3 From d91a9e05ef6c351f40d931d2f7d19e3a3979279c Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sun, 16 Nov 2008 17:26:14 -0500 Subject: add some more informative debug output to key processing. --- src/common | 6 +++++- src/monkeysphere-ssh-proxycommand | 14 +++++++++----- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/src/common b/src/common index efee9bd..51b0470 100644 --- a/src/common +++ b/src/common @@ -639,7 +639,7 @@ process_user_id() { ;; 'uid') # user ids if [ "$lastKey" != pub ] ; then - log verbose " - got a user ID after a sub key?! user IDs should only follow primary keys!" + log verbose " ! got a user ID after a sub key?! user IDs should only follow primary keys!" continue fi # if an acceptable user ID was already found, skip @@ -652,6 +652,8 @@ process_user_id() { if [ "$validity" = 'u' -o "$validity" = 'f' ] ; then # mark user ID acceptable uidOK=true + else + log debug " - unacceptable user ID validity ($validity)." fi else continue @@ -693,10 +695,12 @@ process_user_id() { # if sub key validity is not ok, skip if [ "$validity" != 'u' -a "$validity" != 'f' ] ; then + log debug " - unacceptable sub key validity ($validity)." continue fi # if sub key capability is not ok, skip if ! check_capability "$usage" $requiredCapability ; then + log debug " - unacceptable sub key capability ($usage)." continue fi diff --git a/src/monkeysphere-ssh-proxycommand b/src/monkeysphere-ssh-proxycommand index b039844..aeea30d 100755 --- a/src/monkeysphere-ssh-proxycommand +++ b/src/monkeysphere-ssh-proxycommand @@ -45,20 +45,24 @@ output_no_valid_key() { local sshKeyGPG local sshFingerprint - log "OpenPGP keys with*out* full validity found for this host:" + userID="ssh://${HOSTP}" + + log "Monkeysphere found only OpenPGP keys for this host with*out* full validity." + log "host: $userID" log # retrieve the actual ssh key sshKeyOffered=$(ssh-keyscan -t rsa -p "$PORT" "$HOST" 2>/dev/null | awk '{ print $2, $3 }') + # FIXME: should we do any checks for failed keyscans, eg host not + # found? - userID="ssh://${HOSTP}" - - # output gpg info for (exact) userid and store + # output gpg info for userid and store gpgOut=$(gpg --list-key --fixed-list-mode --with-colon \ --with-fingerprint --with-fingerprint \ ="$userID" 2>/dev/null) - # loop over all lines in the gpg output and process. + # find all 'pub' and 'sub' lines in the gpg output, which each + # represent a retrieved key for the user ID echo "$gpgOut" | cut -d: -f1,2,5,10,12 | \ while IFS=: read -r type validity keyid uidfpr usage ; do case $type in -- cgit v1.2.3 From 864a89f60b05f0f32cf8ef2bb5677c2d50062749 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sun, 16 Nov 2008 19:10:03 -0500 Subject: fix quoting in output of ssh_host_rsa_key.pub.gpg. remember, at the moment the gpg_authentication function can only accept a single argument, so the entire gpg command string needs to be in a single quoted string. --- src/monkeysphere-server | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/monkeysphere-server b/src/monkeysphere-server index bb26c04..018a1ec 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -402,7 +402,7 @@ EOF log info "SSH host private key output to file: ${SYSDATADIR}/ssh_host_rsa_key" ssh-keygen -y -f "${SYSDATADIR}/ssh_host_rsa_key" > "${SYSDATADIR}/ssh_host_rsa_key.pub" log info "SSH host public key output to file: ${SYSDATADIR}/ssh_host_rsa_key.pub" - gpg_authentication --export-options export-minimal --export "0x${fingerprint}!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" + gpg_authentication "--export-options export-minimal --export 0x${fingerprint}!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" log info "SSH host public key in OpenPGP form: ${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" } -- cgit v1.2.3 From 11a42a66941cc1bb4c1268895ac4522ecb5fb6e6 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sun, 16 Nov 2008 19:32:58 -0500 Subject: really fix the ssh_host_rsa_key.pub.gpg output. --- src/monkeysphere-server | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/monkeysphere-server b/src/monkeysphere-server index 018a1ec..34b06b7 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -402,7 +402,7 @@ EOF log info "SSH host private key output to file: ${SYSDATADIR}/ssh_host_rsa_key" ssh-keygen -y -f "${SYSDATADIR}/ssh_host_rsa_key" > "${SYSDATADIR}/ssh_host_rsa_key.pub" log info "SSH host public key output to file: ${SYSDATADIR}/ssh_host_rsa_key.pub" - gpg_authentication "--export-options export-minimal --export 0x${fingerprint}!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" + gpg_authentication "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" log info "SSH host public key in OpenPGP form: ${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" } -- cgit v1.2.3 From f7dfcead0281c9f6dd26908f76282efc843a7e52 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Mon, 17 Nov 2008 01:14:20 -0500 Subject: More work on the marginal case output for the ssh-proxycommand. For a key matching that offered by the host, now outputs just the information (including sigs) of the relevant user ID. There is some other useful output for other cases as well. I also added a couple of FIXMEs for some other cases that I think we should think about and maybe tweak behavior for. --- src/monkeysphere-ssh-proxycommand | 74 +++++++++++++++++++++++++++++++++------ 1 file changed, 63 insertions(+), 11 deletions(-) diff --git a/src/monkeysphere-ssh-proxycommand b/src/monkeysphere-ssh-proxycommand index aeea30d..b3dc562 100755 --- a/src/monkeysphere-ssh-proxycommand +++ b/src/monkeysphere-ssh-proxycommand @@ -43,20 +43,21 @@ output_no_valid_key() { local uidfpr local usage local sshKeyGPG + local tmpkey local sshFingerprint + local gpgSigOut userID="ssh://${HOSTP}" - log "Monkeysphere found only OpenPGP keys for this host with*out* full validity." - log "host: $userID" - log + log "-------------------- Monkeysphere warning -------------------" + log "Monkeysphere found OpenPGP keys for this hostname, but none had full validity." # retrieve the actual ssh key sshKeyOffered=$(ssh-keyscan -t rsa -p "$PORT" "$HOST" 2>/dev/null | awk '{ print $2, $3 }') - # FIXME: should we do any checks for failed keyscans, eg host not + # FIXME: should we do any checks for failed keyscans, eg. host not # found? - # output gpg info for userid and store + # get the gpg info for userid gpgOut=$(gpg --list-key --fixed-list-mode --with-colon \ --with-fingerprint --with-fingerprint \ ="$userID" 2>/dev/null) @@ -73,26 +74,68 @@ output_no_valid_key() { # if one of keys found matches the one offered by the # host, then output info if [ "$sshKeyGPG" = "$sshKeyOffered" ] ; then + log "An OpenPGP key matching the ssh key offered by the host was found:" + log # get the fingerprint of the ssh key tmpkey=$(mktemp ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX) echo "$sshKeyGPG" > "$tmpkey" - sshFingerprint=$(ssh-keygen -l -f "$tmpkey" | awk '{ print $2 }') + sshFingerprint=$(ssh-keygen -l -f "$tmpkey" | \ + awk '{ print $2 }') rm -rf "$tmpkey" - # output gpg info - gpg --check-sigs \ + # get the sigs for the matching key + gpgSigOut=$(gpg --check-sigs \ --list-options show-uid-validity \ - "$keyid" >&2 + "$keyid") + + # output the sigs, but only those on the user ID + # we are looking for + echo "$gpgSigOut" | awk ' +{ +if (match($0,"^pub")) { print; } +if (match($0,"^uid")) { ok=0; } +if (match($0,"^uid.*'$userID'$")) { ok=1; print; } +if (ok) { if (match($0,"^sig")) { print; } } +} +' >&2 + log + + # output the other user IDs for reference + if (echo "$gpgSigOut" | grep "^uid" | grep -v -q "$userID") ; then + log "Other user IDs on this key:" + echo "$gpgSigOut" | grep "^uid" | grep -v "$userID" >&2 + log + fi # output ssh fingerprint log "RSA key fingerprint is ${sshFingerprint}." - log "Falling through to standard ssh host checking." - log + + # this whole process is in a "while read" + # subshell. the only way to get information out + # of the subshell is to change the return code. + # therefore we return 1 here to indicate that a + # matching gpg key was found for the ssh key + # offered by the host + return 1 fi ;; esac done + + # if no key match was made (and the "while read" subshell returned + # 1) output how many keys were found + if (($? != 1)) ; then + log "None of the found keys matched the key offered by the host." + log "Run the following command for more info about the found keys:" + log "gpg --check-sigs --list-options show-uid-validity =${userID}" + # FIXME: should we do anything extra here if the retrieved + # host key is actually in the known_hosts file and the ssh + # connection will succeed? Should the user be warned? + # prompted? + fi + + log "-------------------- ssh continues below --------------------" } ######################################################################## @@ -186,6 +229,15 @@ case $? in ;; esac +# FIXME: what about the case where monkeysphere successfully finds a +# valid key for the host and adds it to the known_hosts file, but a +# different non-monkeysphere key for the host already exists in the +# known_hosts, and it is this non-ms key that is offered by the host? +# monkeysphere will succeed, and the ssh connection will succeed, and +# the user will be left with the impression that they are dealing with +# a OpenPGP/PKI host key when in fact they are not. should we use +# ssh-keyscan to compare the keys first? + # exec a netcat passthrough to host for the ssh connection if [ -z "$NO_CONNECT" ] ; then if (which nc 2>/dev/null >/dev/null); then -- cgit v1.2.3 From 9751169042746ae5208edfb5c40ea62b30504735 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Mon, 17 Nov 2008 12:05:05 -0500 Subject: add comment to bug about notification of modifications to known_hosts file. --- website/bugs/useful_information.mdwn | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/website/bugs/useful_information.mdwn b/website/bugs/useful_information.mdwn index 62094bb..dd0077a 100644 --- a/website/bugs/useful_information.mdwn +++ b/website/bugs/useful_information.mdwn @@ -1,5 +1,5 @@ I would like to know, at INFO (default) log level, when the -monkeyspehere makes a "real" modification to my known_hosts file; that +monkeyspehere makes a "real" modification to my known\_hosts file; that is, when it adds or deletes a key. Apparently this is hard because monkeysphere is currently configured to @@ -22,3 +22,19 @@ known_hosts file, i get the following to stderr: This doesn't fully close this bug, because we aren't notifying on key deletion, afaict. + +------ + +So current log level DEBUG will output a message if the known host +file has been modified. If the issue is that you want to know at the +default log level everytime the known\_hots file is modified, then we +should just move this message to INFO instead of debug, and then maybe +remove the message that I added above. I was under the impression +that the issue was more about notification that a *new* key was added +to the known\_hosts file, and therefore the new INFO message above +fixed that problem. Should we do this instead? + +In general, more verbose log levels *do* tell the user what the +monkeysphere is doing. Moving to DEBUG log level will tell you pretty +much everything that happens. I do *not* think that this should be +the default log level, though. -- cgit v1.2.3 From efa094bae5f15055a22431cb20e79555144d6d33 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Mon, 17 Nov 2008 14:56:38 -0500 Subject: Added new web page about server key signing. --- website/doc.mdwn | 6 +- website/getting-started-admin.mdwn | 2 + website/getting-started-user.mdwn | 7 +- website/signing-server-keys.mdwn | 131 +++++++++++++++++++++++++++++++++++++ 4 files changed, 144 insertions(+), 2 deletions(-) create mode 100644 website/signing-server-keys.mdwn diff --git a/website/doc.mdwn b/website/doc.mdwn index b60cf28..02b4184 100644 --- a/website/doc.mdwn +++ b/website/doc.mdwn @@ -8,6 +8,10 @@ * Getting started as a [user](/getting-started-user) * Getting started as a [server admin](/getting-started-admin) +## Going further ## + + * [Signing server keys](/signing-server-keys) + ## Under the hood ## * [Developing the monkeysphere](/community) @@ -15,7 +19,7 @@ ## References ## - * [Initial specifications at CMRG](http://cmrg.fifthhorseman.net/wiki/OpenPGPandSSH) + * [Initial Monkeysphere specifications at CMRG](http://cmrg.fifthhorseman.net/wiki/OpenPGPandSSH) * [OpenPGP (RFC 4880)](http://tools.ietf.org/html/rfc4880) * [Secure Shell Authentication Protocol (RFC 4252)](http://tools.ietf.org/html/rfc4252) * [URI scheme for SSH, RFC draft](http://tools.ietf.org/wg/secsh/draft-ietf-secsh-scp-sftp-ssh-uri/) diff --git a/website/getting-started-admin.mdwn b/website/getting-started-admin.mdwn index 6c8ad53..1c373ac 100644 --- a/website/getting-started-admin.mdwn +++ b/website/getting-started-admin.mdwn @@ -7,6 +7,7 @@ so that your users can have it automatically verified, and you can set up your machine to automatically identify connecting users by their presence in the OpenPGP web of trust. + Server host key publication --------------------------- To generate and publish a server host key: @@ -48,6 +49,7 @@ effect. As with any change to `sshd_config`, be sure to retain an existing session to the machine while you test your changes so you don't get locked out. + Monkeysphere authorized_keys maintenance ---------------------------------------- diff --git a/website/getting-started-user.mdwn b/website/getting-started-user.mdwn index 5dcb0d6..9b04edc 100644 --- a/website/getting-started-user.mdwn +++ b/website/getting-started-user.mdwn @@ -20,6 +20,7 @@ done with a simple cronjob. An example of crontab line to do this is: This would refresh your keychain every day at noon. + Install the monkeysphere software on your system ------------------------------------------------ @@ -31,8 +32,9 @@ installed on your system. If you can't (or don't want to) upgrade to GnuTLS 2.6 or later, there are patches for GnuTLS 2.4 available in [the Monkeysphere git repo](/community). + Keeping your `known_hosts` file in sync with your keyring ------------------------------------------------------------ +--------------------------------------------------------- With your keyring updated, you want to make sure that OpenSSH can still see the most recent trusted information about who the various @@ -47,6 +49,7 @@ key for that host to the `known_hosts` file if one is found. This command could be added to a crontab as well, if desired. + Using `monkeysphere-ssh-proxycommand`(1) ---------------------------------------- @@ -91,6 +94,7 @@ If you have more than one secret key, you'll need to specify the key you want to add the subkey to on the command line. + Using your OpenPGP authentication key for SSH --------------------------------------------- @@ -105,6 +109,7 @@ you can feed your authentication subkey to your ssh agent by running: FIXME: using the key with a single ssh connection? + Establish trust --------------- diff --git a/website/signing-server-keys.mdwn b/website/signing-server-keys.mdwn new file mode 100644 index 0000000..151f975 --- /dev/null +++ b/website/signing-server-keys.mdwn @@ -0,0 +1,131 @@ +# Signing a server OpenPGP key # + +This page is meant to address the issue of signing server OpenPGP +keys. Server's are not people (or monkeys), obviously, so the +circumstances under which one should sign a server key is a big +different than those under which a person should sign another person's +key. + + +# Why are signatures on the server key important? # + +In order for users to connect to a server in a monkeysphere-enabled +network, the server key must have *full* validity for the connecting +user. If the user has not themselves signed the server's key, then +the server's key can only be valid if other people that the user +trusts have signed the key. + +If only one person has signed the server's key, then the user must +fully trust the single person who has signed the server key. Full +trust should be granted sparingly and with consideration, though, so +unless the user knows the server admin very well, they will in general +not have full trust of this person. + +However, full trust of the server key can also be achieved if the +server key has been signed by three or more people that the user has + *marginal* trust of. In other words, three or more *marginally* +trusted signatures equals one *fully* trusted signature. It is much +more common for users to have marginal trust of other users in the Web +of Trust. For this reason, it is important to have as many people +sign the server key as possible. + + +## What information should you have before signing a server key? ## + +When signing the key of a person, you want to do two things: + +1. verify the identity of the person. +2. verify that the person is actually in control of the key that you +are signing. + +For a server, you want to do basically the same thing: + +1. verify the identity of the server. +2. verify that the server is actually in control of the key that you +are signing. + +However, with a server, verifying these things is a little trickier. + +Verifying that the server is in control of the key is, in principle, +straightforward. If you are logged on to the machine in question, +then you can check directly that the key exists on the system. + +What is not so straightforward is what exactly it means to "verify the +identity" of a remote server on the web? The identity in this case is +the fully qualified domain name (FQDN) of the host. Verifying this +identity amounts to being sure that the host in question really is +located at that FQDN. + + +## Signing the server key ## + +If you are the person (or persons) that actually setup the server and +configured Monkeysphere and ssh on the server, then clearly you should +definitely sign the server key right away. When the server is first +setup, the persons who set it up are the only ones who can actually +vouch for the server key, so their signatures are necessary to get +things going. Their signatures are also necessary so that they can +verify the host key themselves and log into the server via +monkeysphere-enabled ssh in the future. + +If you did not set up the server initially, you do not have an +accumulated full trust of the person(s) who did, and you do not +necessarily have console access to the server directly, it's hard to +confidently verify the server identity and key ownership. You would +like to be able to walk up to the server, log in at the console, and +get the fingerprint of the ssh host key directly. But this is usually +untenable. + +However, it is still possible to verify the server identity *and* +server ownership of the key, even in this case. + + +## Remotely verifying server identify and key possession ## + +It is in fact possible to verify the identity and key ownership of a +server in one fell swoop with monkeysphere-enabled ssh. Here is the +procedure: + +> **Attempt to make a monkeysphere-enabled ssh connection to the host in +question. Monkeysphere will check that the ssh host key offered by the +host matches the OpenPGP key with the correct host FQDN user ID. If +the ssh host key and the OpenPGP key with the correct user ID match, +then you will have effectively:** + +>**1. verified the host identity, because you actually connected to the +host in question, which you know because you:** + +>**2. verified the host is in control of the key, because the ssh host +key offered by the host matches the OpenPGP key with correct host FQDN +user ID.** + +Here is an example: + + servo:~ 0$ ssh zimmermann.mayfirst.org + -------------------- Monkeysphere warning ------------------- + Monkeysphere found OpenPGP keys for this hostname, but none had full validity. + An OpenPGP key matching the ssh key offered by the host was found: + + pub 2048R/860E8F9C 2008-10-29 [expires: 2009-02-26] + uid [marginal] ssh://zimmermann.mayfirst.org + sig! 76CC057D 2008-11-15 Jamie McClelland + sig!3 860E8F9C 2008-10-29 ssh://zimmermann.mayfirst.org + sig! D21739E9 2008-10-29 Daniel Kahn Gillmor + sig! 1CF2D62A 2008-11-16 Micah Anderson + + RSA key fingerprint is 81:96:13:3e:24:c9:3c:5b:3c:6d:55:ba:58:85:e9:9e. + -------------------- ssh continues below -------------------- + The authenticity of host 'zimmermann.mayfirst.org ()' can't be established. + RSA key fingerprint is 81:96:13:3e:24:c9:3c:5b:3c:6d:55:ba:58:85:e9:9e. + No matching host key fingerprint found in DNS. + Are you sure you want to continue connecting (yes/no)? no + Host key verification failed. + servo:~ 255$ + +I have attempted to connect to the host zimmermann.mayfirst.org. +zimmermann's host key has only *marginal* validity for the FQDN user +ID in question, so I am not able to connect. However, the +monkeysphere has checked that the ssh host key actually does match the +OpenPGP key with the correct user ID `ssh://zimmermann.mayfirst.org`. +I have therefore verified the identity of zimmermann, and verified +that zimmermann is in possession of the key in question. -- cgit v1.2.3 From 6a43a89f5b2cd6ce91fa9c0bfddb5e2d44e77200 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Mon, 17 Nov 2008 18:07:33 -0500 Subject: HA! I figured out how to get ssh-keygen to read stdin by using the bash "Here Strings" redirection. No more stupid tempfiles to get ssh key fingerprints. --- src/monkeysphere-server | 12 ++++++------ src/monkeysphere-ssh-proxycommand | 9 ++++----- 2 files changed, 10 insertions(+), 11 deletions(-) diff --git a/src/monkeysphere-server b/src/monkeysphere-server index 34b06b7..a1844ee 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -132,13 +132,13 @@ show_server_key() { fingerprint=$(fingerprint_server_key) gpg_authentication "--fingerprint --list-key --list-options show-unusable-uids $fingerprint" - # dumping to a file named ' ' so that the ssh-keygen output - # doesn't claim any potentially bogus hostname(s): - tmpkey=$(mktemp ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!" - gpg_authentication "--export $fingerprint" | openpgp2ssh "$fingerprint" 2>/dev/null > "$tmpkey" + # do some crazy "Here Strings" redirection to get the key to + # ssh-keygen, since it doesn't read from stdin cleanly echo -n "ssh fingerprint: " - ssh-keygen -l -f "$tmpkey" | awk '{ print $1, $2, $4 }' - rm -rf "$tmpkey" + ssh-keygen -l -f /dev/stdin \ + <<<$(gpg_authentication "--export $fingerprint" | \ + openpgp2ssh "$fingerprint" 2>/dev/null) | \ + awk '{ print $1, $2, $4 }' echo -n "OpenPGP fingerprint: " echo "$fingerprint" } diff --git a/src/monkeysphere-ssh-proxycommand b/src/monkeysphere-ssh-proxycommand index b3dc562..a609199 100755 --- a/src/monkeysphere-ssh-proxycommand +++ b/src/monkeysphere-ssh-proxycommand @@ -77,12 +77,11 @@ output_no_valid_key() { log "An OpenPGP key matching the ssh key offered by the host was found:" log - # get the fingerprint of the ssh key - tmpkey=$(mktemp ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX) - echo "$sshKeyGPG" > "$tmpkey" - sshFingerprint=$(ssh-keygen -l -f "$tmpkey" | \ + # do some crazy "Here Strings" redirection to get the key to + # ssh-keygen, since it doesn't read from stdin cleanly + sshFingerprint=$(ssh-keygen -l -f /dev/stdin \ + <<<$(echo "$sshKeyGPG") | \ awk '{ print $2 }') - rm -rf "$tmpkey" # get the sigs for the matching key gpgSigOut=$(gpg --check-sigs \ -- cgit v1.2.3 From 505ee50a409014b55afea3b04c097d976e8b3766 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Mon, 17 Nov 2008 18:16:04 -0500 Subject: update changelog. --- packaging/debian/changelog | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/packaging/debian/changelog b/packaging/debian/changelog index 3b7432b..39e4b33 100644 --- a/packaging/debian/changelog +++ b/packaging/debian/changelog @@ -6,6 +6,7 @@ monkeysphere (0.22~pre-1) UNRELEASED; urgency=low - added info log output when a new key is added to known_hosts file. - added some useful output to the ssh-proxycommand for "marginal" cases where keys are found for host but do not have full validity. + - force ssh-keygen to read from stdin to get ssh key fingerprint. [ Daniel Kahn Gillmor ] @@ -13,7 +14,7 @@ monkeysphere (0.22~pre-1) UNRELEASED; urgency=low standard ssh public key file, and the other a minimal OpenPGP key with just the latest valid self-sig. - -- Jameson Graef Rollins Sun, 16 Nov 2008 03:22:08 -0500 + -- Jameson Graef Rollins Mon, 17 Nov 2008 18:15:43 -0500 monkeysphere (0.21-2) unstable; urgency=low -- cgit v1.2.3 From 909d963139377f573b4350745b60606d65214c17 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 18 Nov 2008 00:02:56 -0500 Subject: added steps taken on zimmerman to get sks setup --- doc/zimmerman/changelog | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/doc/zimmerman/changelog b/doc/zimmerman/changelog index e833b1e..a92557d 100644 --- a/doc/zimmerman/changelog +++ b/doc/zimmerman/changelog @@ -7,12 +7,21 @@ * changes to this system (first command at top, last at bottom) * ****************************************************************************** +2008-11-17 - micah + * verified the SHA256 values for the key material + * /usr/lib/sks/sks_build.sh (chose option #2: normalbuild) + * chown -R debian-sks:debian-sks /var/lib/sks + * edit /etc/default/sks to enable the initscript + * /etc/init.d/sks start + * rm -rf /var/lib/sks/dump + 2008-11-15 - micah * aptitude update && aptitude full-upgrade * aptitude install sks * cd /var/lib/sks/dump ; wget -q -r -np -nd -A bz2,SHA256,asc \ http://nynex.net/keydump/ -e robots=off * install monkeysphere 0.21-2 package + * apt-get install bzip2 ; bunzip2 /var/lib/sks/dump/*.bz2 2008-11-15 - jamie * aptitude install esmtp-run mailx -- cgit v1.2.3 From b8a60a2c3c6e66513c1e4b83b65a2f808c882843 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 18 Nov 2008 00:48:47 -0500 Subject: further commentary on proxy_command logging. --- website/bugs/useful_information.mdwn | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/website/bugs/useful_information.mdwn b/website/bugs/useful_information.mdwn index dd0077a..025d678 100644 --- a/website/bugs/useful_information.mdwn +++ b/website/bugs/useful_information.mdwn @@ -38,3 +38,13 @@ In general, more verbose log levels *do* tell the user what the monkeysphere is doing. Moving to DEBUG log level will tell you pretty much everything that happens. I do *not* think that this should be the default log level, though. + +------ + +I wouldn't want to see an extremely verbose default log level. But i +do think that saying something like "key blah blah blah was stripped +from your known\_hosts file because it was expired" (for example) +would be useful. I think this case would occur infrequently enough +that it is worth reporting in the UI at the regular log level. + + --dkg -- cgit v1.2.3 From 888c5cf2555732bcdadb214d19b5603b8d5dabed Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 18 Nov 2008 01:29:34 -0500 Subject: minor grammar/vocabulary nitpicking. --- website/signing-server-keys.mdwn | 29 +++++++++++++---------------- 1 file changed, 13 insertions(+), 16 deletions(-) diff --git a/website/signing-server-keys.mdwn b/website/signing-server-keys.mdwn index 151f975..e0d26a7 100644 --- a/website/signing-server-keys.mdwn +++ b/website/signing-server-keys.mdwn @@ -1,19 +1,17 @@ # Signing a server OpenPGP key # This page is meant to address the issue of signing server OpenPGP -keys. Server's are not people (or monkeys), obviously, so the -circumstances under which one should sign a server key is a big -different than those under which a person should sign another person's -key. - +keys. Servers are not people, so the circumstances under which one +should sign a server key are different from those under which one +should sign another person's key. # Why are signatures on the server key important? # In order for users to connect to a server in a monkeysphere-enabled -network, the server key must have *full* validity for the connecting -user. If the user has not themselves signed the server's key, then -the server's key can only be valid if other people that the user -trusts have signed the key. +network, the server key must have *full* calculated validity from the +perspective of the connecting user. If the user has not themselves +signed the server's key, then the server's key can only be valid if +other people that the user trusts have signed the key. If only one person has signed the server's key, then the user must fully trust the single person who has signed the server key. Full @@ -26,13 +24,12 @@ server key has been signed by three or more people that the user has *marginal* trust of. In other words, three or more *marginally* trusted signatures equals one *fully* trusted signature. It is much more common for users to have marginal trust of other users in the Web -of Trust. For this reason, it is important to have as many people +of Trust. For this reason, it is advisable to have as many people sign the server key as possible. - ## What information should you have before signing a server key? ## -When signing the key of a person, you want to do two things: +Before signing the key of a person, you want to do two things: 1. verify the identity of the person. 2. verify that the person is actually in control of the key that you @@ -51,10 +48,10 @@ straightforward. If you are logged on to the machine in question, then you can check directly that the key exists on the system. What is not so straightforward is what exactly it means to "verify the -identity" of a remote server on the web? The identity in this case is -the fully qualified domain name (FQDN) of the host. Verifying this -identity amounts to being sure that the host in question really is -located at that FQDN. +identity" of a remote server on the internet? The identity in this +case is the fully qualified domain name (FQDN) of the host. Verifying +this identity amounts to being sure that the host in question really +is located at that FQDN. ## Signing the server key ## -- cgit v1.2.3 From d89e9293654cfd6330e2aa398768eca0fc8fa621 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 18 Nov 2008 01:30:32 -0500 Subject: renaming page about signing host keys. --- website/signing-host-keys.mdwn | 128 +++++++++++++++++++++++++++++++++++++++ website/signing-server-keys.mdwn | 128 --------------------------------------- 2 files changed, 128 insertions(+), 128 deletions(-) create mode 100644 website/signing-host-keys.mdwn delete mode 100644 website/signing-server-keys.mdwn diff --git a/website/signing-host-keys.mdwn b/website/signing-host-keys.mdwn new file mode 100644 index 0000000..e0d26a7 --- /dev/null +++ b/website/signing-host-keys.mdwn @@ -0,0 +1,128 @@ +# Signing a server OpenPGP key # + +This page is meant to address the issue of signing server OpenPGP +keys. Servers are not people, so the circumstances under which one +should sign a server key are different from those under which one +should sign another person's key. + +# Why are signatures on the server key important? # + +In order for users to connect to a server in a monkeysphere-enabled +network, the server key must have *full* calculated validity from the +perspective of the connecting user. If the user has not themselves +signed the server's key, then the server's key can only be valid if +other people that the user trusts have signed the key. + +If only one person has signed the server's key, then the user must +fully trust the single person who has signed the server key. Full +trust should be granted sparingly and with consideration, though, so +unless the user knows the server admin very well, they will in general +not have full trust of this person. + +However, full trust of the server key can also be achieved if the +server key has been signed by three or more people that the user has + *marginal* trust of. In other words, three or more *marginally* +trusted signatures equals one *fully* trusted signature. It is much +more common for users to have marginal trust of other users in the Web +of Trust. For this reason, it is advisable to have as many people +sign the server key as possible. + +## What information should you have before signing a server key? ## + +Before signing the key of a person, you want to do two things: + +1. verify the identity of the person. +2. verify that the person is actually in control of the key that you +are signing. + +For a server, you want to do basically the same thing: + +1. verify the identity of the server. +2. verify that the server is actually in control of the key that you +are signing. + +However, with a server, verifying these things is a little trickier. + +Verifying that the server is in control of the key is, in principle, +straightforward. If you are logged on to the machine in question, +then you can check directly that the key exists on the system. + +What is not so straightforward is what exactly it means to "verify the +identity" of a remote server on the internet? The identity in this +case is the fully qualified domain name (FQDN) of the host. Verifying +this identity amounts to being sure that the host in question really +is located at that FQDN. + + +## Signing the server key ## + +If you are the person (or persons) that actually setup the server and +configured Monkeysphere and ssh on the server, then clearly you should +definitely sign the server key right away. When the server is first +setup, the persons who set it up are the only ones who can actually +vouch for the server key, so their signatures are necessary to get +things going. Their signatures are also necessary so that they can +verify the host key themselves and log into the server via +monkeysphere-enabled ssh in the future. + +If you did not set up the server initially, you do not have an +accumulated full trust of the person(s) who did, and you do not +necessarily have console access to the server directly, it's hard to +confidently verify the server identity and key ownership. You would +like to be able to walk up to the server, log in at the console, and +get the fingerprint of the ssh host key directly. But this is usually +untenable. + +However, it is still possible to verify the server identity *and* +server ownership of the key, even in this case. + + +## Remotely verifying server identify and key possession ## + +It is in fact possible to verify the identity and key ownership of a +server in one fell swoop with monkeysphere-enabled ssh. Here is the +procedure: + +> **Attempt to make a monkeysphere-enabled ssh connection to the host in +question. Monkeysphere will check that the ssh host key offered by the +host matches the OpenPGP key with the correct host FQDN user ID. If +the ssh host key and the OpenPGP key with the correct user ID match, +then you will have effectively:** + +>**1. verified the host identity, because you actually connected to the +host in question, which you know because you:** + +>**2. verified the host is in control of the key, because the ssh host +key offered by the host matches the OpenPGP key with correct host FQDN +user ID.** + +Here is an example: + + servo:~ 0$ ssh zimmermann.mayfirst.org + -------------------- Monkeysphere warning ------------------- + Monkeysphere found OpenPGP keys for this hostname, but none had full validity. + An OpenPGP key matching the ssh key offered by the host was found: + + pub 2048R/860E8F9C 2008-10-29 [expires: 2009-02-26] + uid [marginal] ssh://zimmermann.mayfirst.org + sig! 76CC057D 2008-11-15 Jamie McClelland + sig!3 860E8F9C 2008-10-29 ssh://zimmermann.mayfirst.org + sig! D21739E9 2008-10-29 Daniel Kahn Gillmor + sig! 1CF2D62A 2008-11-16 Micah Anderson + + RSA key fingerprint is 81:96:13:3e:24:c9:3c:5b:3c:6d:55:ba:58:85:e9:9e. + -------------------- ssh continues below -------------------- + The authenticity of host 'zimmermann.mayfirst.org ()' can't be established. + RSA key fingerprint is 81:96:13:3e:24:c9:3c:5b:3c:6d:55:ba:58:85:e9:9e. + No matching host key fingerprint found in DNS. + Are you sure you want to continue connecting (yes/no)? no + Host key verification failed. + servo:~ 255$ + +I have attempted to connect to the host zimmermann.mayfirst.org. +zimmermann's host key has only *marginal* validity for the FQDN user +ID in question, so I am not able to connect. However, the +monkeysphere has checked that the ssh host key actually does match the +OpenPGP key with the correct user ID `ssh://zimmermann.mayfirst.org`. +I have therefore verified the identity of zimmermann, and verified +that zimmermann is in possession of the key in question. diff --git a/website/signing-server-keys.mdwn b/website/signing-server-keys.mdwn deleted file mode 100644 index e0d26a7..0000000 --- a/website/signing-server-keys.mdwn +++ /dev/null @@ -1,128 +0,0 @@ -# Signing a server OpenPGP key # - -This page is meant to address the issue of signing server OpenPGP -keys. Servers are not people, so the circumstances under which one -should sign a server key are different from those under which one -should sign another person's key. - -# Why are signatures on the server key important? # - -In order for users to connect to a server in a monkeysphere-enabled -network, the server key must have *full* calculated validity from the -perspective of the connecting user. If the user has not themselves -signed the server's key, then the server's key can only be valid if -other people that the user trusts have signed the key. - -If only one person has signed the server's key, then the user must -fully trust the single person who has signed the server key. Full -trust should be granted sparingly and with consideration, though, so -unless the user knows the server admin very well, they will in general -not have full trust of this person. - -However, full trust of the server key can also be achieved if the -server key has been signed by three or more people that the user has - *marginal* trust of. In other words, three or more *marginally* -trusted signatures equals one *fully* trusted signature. It is much -more common for users to have marginal trust of other users in the Web -of Trust. For this reason, it is advisable to have as many people -sign the server key as possible. - -## What information should you have before signing a server key? ## - -Before signing the key of a person, you want to do two things: - -1. verify the identity of the person. -2. verify that the person is actually in control of the key that you -are signing. - -For a server, you want to do basically the same thing: - -1. verify the identity of the server. -2. verify that the server is actually in control of the key that you -are signing. - -However, with a server, verifying these things is a little trickier. - -Verifying that the server is in control of the key is, in principle, -straightforward. If you are logged on to the machine in question, -then you can check directly that the key exists on the system. - -What is not so straightforward is what exactly it means to "verify the -identity" of a remote server on the internet? The identity in this -case is the fully qualified domain name (FQDN) of the host. Verifying -this identity amounts to being sure that the host in question really -is located at that FQDN. - - -## Signing the server key ## - -If you are the person (or persons) that actually setup the server and -configured Monkeysphere and ssh on the server, then clearly you should -definitely sign the server key right away. When the server is first -setup, the persons who set it up are the only ones who can actually -vouch for the server key, so their signatures are necessary to get -things going. Their signatures are also necessary so that they can -verify the host key themselves and log into the server via -monkeysphere-enabled ssh in the future. - -If you did not set up the server initially, you do not have an -accumulated full trust of the person(s) who did, and you do not -necessarily have console access to the server directly, it's hard to -confidently verify the server identity and key ownership. You would -like to be able to walk up to the server, log in at the console, and -get the fingerprint of the ssh host key directly. But this is usually -untenable. - -However, it is still possible to verify the server identity *and* -server ownership of the key, even in this case. - - -## Remotely verifying server identify and key possession ## - -It is in fact possible to verify the identity and key ownership of a -server in one fell swoop with monkeysphere-enabled ssh. Here is the -procedure: - -> **Attempt to make a monkeysphere-enabled ssh connection to the host in -question. Monkeysphere will check that the ssh host key offered by the -host matches the OpenPGP key with the correct host FQDN user ID. If -the ssh host key and the OpenPGP key with the correct user ID match, -then you will have effectively:** - ->**1. verified the host identity, because you actually connected to the -host in question, which you know because you:** - ->**2. verified the host is in control of the key, because the ssh host -key offered by the host matches the OpenPGP key with correct host FQDN -user ID.** - -Here is an example: - - servo:~ 0$ ssh zimmermann.mayfirst.org - -------------------- Monkeysphere warning ------------------- - Monkeysphere found OpenPGP keys for this hostname, but none had full validity. - An OpenPGP key matching the ssh key offered by the host was found: - - pub 2048R/860E8F9C 2008-10-29 [expires: 2009-02-26] - uid [marginal] ssh://zimmermann.mayfirst.org - sig! 76CC057D 2008-11-15 Jamie McClelland - sig!3 860E8F9C 2008-10-29 ssh://zimmermann.mayfirst.org - sig! D21739E9 2008-10-29 Daniel Kahn Gillmor - sig! 1CF2D62A 2008-11-16 Micah Anderson - - RSA key fingerprint is 81:96:13:3e:24:c9:3c:5b:3c:6d:55:ba:58:85:e9:9e. - -------------------- ssh continues below -------------------- - The authenticity of host 'zimmermann.mayfirst.org ()' can't be established. - RSA key fingerprint is 81:96:13:3e:24:c9:3c:5b:3c:6d:55:ba:58:85:e9:9e. - No matching host key fingerprint found in DNS. - Are you sure you want to continue connecting (yes/no)? no - Host key verification failed. - servo:~ 255$ - -I have attempted to connect to the host zimmermann.mayfirst.org. -zimmermann's host key has only *marginal* validity for the FQDN user -ID in question, so I am not able to connect. However, the -monkeysphere has checked that the ssh host key actually does match the -OpenPGP key with the correct user ID `ssh://zimmermann.mayfirst.org`. -I have therefore verified the identity of zimmermann, and verified -that zimmermann is in possession of the key in question. -- cgit v1.2.3 From d8d26503748dc78a843ad35a2e12cdae277f1415 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 18 Nov 2008 01:33:44 -0500 Subject: really fixing utils/build-releasenote after the packaging reorganization. --- utils/build-releasenote | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/build-releasenote b/utils/build-releasenote index 522917c..b25a87c 100755 --- a/utils/build-releasenote +++ b/utils/build-releasenote @@ -4,7 +4,7 @@ VERSION=`head -n1 packaging/debian/changelog | sed 's/.*(\([^)]*\)).*/\1/'` { sed "s/__VERSION__/$VERSION/g" < utils/releasenote.header - head -n$(( $(grep -n '^ --' debian/changelog | head -n1 | cut -f1 -d:) - 2 )) debian/changelog | tail -n+3 + head -n$(( $(grep -n '^ --' packaging/debian/changelog | head -n1 | cut -f1 -d:) - 2 )) packaging/debian/changelog | tail -n+3 sed "s/__VERSION__/$VERSION/g" < utils/releasenote.footer } > "website/news/release-$VERSION.mdwn" -- cgit v1.2.3 From b399dbcddb7bce2cfe9a470a019fc58165793b6e Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 18 Nov 2008 01:40:28 -0500 Subject: changing terminology from server key to host key --- website/signing-host-keys.mdwn | 59 +++++++++++++++++++++--------------------- 1 file changed, 29 insertions(+), 30 deletions(-) diff --git a/website/signing-host-keys.mdwn b/website/signing-host-keys.mdwn index e0d26a7..1eb61a0 100644 --- a/website/signing-host-keys.mdwn +++ b/website/signing-host-keys.mdwn @@ -1,25 +1,25 @@ -# Signing a server OpenPGP key # +# Signing a host's SSH key using OpenPGP # -This page is meant to address the issue of signing server OpenPGP -keys. Servers are not people, so the circumstances under which one -should sign a server key are different from those under which one +This page is meant to address the issue of signing OpenPGP-based SSH +host keys. Machines are not people, so the circumstances under which +one should sign a host key are different from those under which one should sign another person's key. -# Why are signatures on the server key important? # +# Why are signatures on an SSH host key important? # -In order for users to connect to a server in a monkeysphere-enabled -network, the server key must have *full* calculated validity from the -perspective of the connecting user. If the user has not themselves -signed the server's key, then the server's key can only be valid if -other people that the user trusts have signed the key. +In order for users to validate a host (an SSH server) in a +monkeysphere-enabled network, the host key must have *full* calculated +validity from the perspective of the connecting user. If the user has +not themselves signed the server's key, then the server's key can only +be valid if other people that the user trusts have signed the key. If only one person has signed the server's key, then the user must -fully trust the single person who has signed the server key. Full -trust should be granted sparingly and with consideration, though, so -unless the user knows the server admin very well, they will in general -not have full trust of this person. +fully trust the single person who has signed the host key. Full trust +should be granted sparingly and with consideration, though, so unless +the user knows the server admin very well, they will in general not +have full trust of this person. -However, full trust of the server key can also be achieved if the +However, full trust of the host key can also be achieved if the server key has been signed by three or more people that the user has *marginal* trust of. In other words, three or more *marginally* trusted signatures equals one *fully* trusted signature. It is much @@ -27,7 +27,7 @@ more common for users to have marginal trust of other users in the Web of Trust. For this reason, it is advisable to have as many people sign the server key as possible. -## What information should you have before signing a server key? ## +## What information should you have before signing a host key? ## Before signing the key of a person, you want to do two things: @@ -41,9 +41,10 @@ For a server, you want to do basically the same thing: 2. verify that the server is actually in control of the key that you are signing. -However, with a server, verifying these things is a little trickier. +However, verifying these things for a server is less intuitive than it +is for a human. -Verifying that the server is in control of the key is, in principle, +Verifying that the host is in control of the key is, in principle, straightforward. If you are logged on to the machine in question, then you can check directly that the key exists on the system. @@ -53,16 +54,15 @@ case is the fully qualified domain name (FQDN) of the host. Verifying this identity amounts to being sure that the host in question really is located at that FQDN. - -## Signing the server key ## +## Signing the host key ## If you are the person (or persons) that actually setup the server and -configured Monkeysphere and ssh on the server, then clearly you should -definitely sign the server key right away. When the server is first -setup, the persons who set it up are the only ones who can actually -vouch for the server key, so their signatures are necessary to get -things going. Their signatures are also necessary so that they can -verify the host key themselves and log into the server via +configured Monkeysphere and ssh on the server, then you should sign +the host key as part of that process. When the server is first set +up, the administrators who set it up are the only ones who can +actually vouch for the server key, so their signatures are necessary +to get things going. Their signatures are also necessary so that they +can validate the host key themselves and log into the server via monkeysphere-enabled ssh in the future. If you did not set up the server initially, you do not have an @@ -71,13 +71,12 @@ necessarily have console access to the server directly, it's hard to confidently verify the server identity and key ownership. You would like to be able to walk up to the server, log in at the console, and get the fingerprint of the ssh host key directly. But this is usually -untenable. +impossible. However, it is still possible to verify the server identity *and* server ownership of the key, even in this case. - -## Remotely verifying server identify and key possession ## +## Remotely verifying host identity and key possession ## It is in fact possible to verify the identity and key ownership of a server in one fell swoop with monkeysphere-enabled ssh. Here is the @@ -122,7 +121,7 @@ Here is an example: I have attempted to connect to the host zimmermann.mayfirst.org. zimmermann's host key has only *marginal* validity for the FQDN user ID in question, so I am not able to connect. However, the -monkeysphere has checked that the ssh host key actually does match the +Monkeysphere has checked that the ssh host key actually does match the OpenPGP key with the correct user ID `ssh://zimmermann.mayfirst.org`. I have therefore verified the identity of zimmermann, and verified that zimmermann is in possession of the key in question. -- cgit v1.2.3 From 489006a448bff91a36378bf1917e630994a8fe87 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Tue, 18 Nov 2008 01:59:50 -0500 Subject: update link in docs. --- website/doc.mdwn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/doc.mdwn b/website/doc.mdwn index 02b4184..cd7bc76 100644 --- a/website/doc.mdwn +++ b/website/doc.mdwn @@ -10,7 +10,7 @@ ## Going further ## - * [Signing server keys](/signing-server-keys) + * [Signing host keys](/signing-host-keys) ## Under the hood ## -- cgit v1.2.3 From 67a77f6306e15f7f7cf2d1e2fc5cc258f9398cef Mon Sep 17 00:00:00 2001 From: mike castleman Date: Wed, 19 Nov 2008 01:16:19 -0500 Subject: explain how it is that zimmermann speaks https --- doc/zimmerman/changelog | 7 +++++++ doc/zimmerman/https-proxy | 14 ++++++++++++++ 2 files changed, 21 insertions(+) create mode 100644 doc/zimmerman/https-proxy diff --git a/doc/zimmerman/changelog b/doc/zimmerman/changelog index a92557d..46160a2 100644 --- a/doc/zimmerman/changelog +++ b/doc/zimmerman/changelog @@ -7,6 +7,13 @@ * changes to this system (first command at top, last at bottom) * ****************************************************************************** +2008-11-19 - mlc + * aptitude install nginx + * get rid of /etc/nginx/sites-enabled/default + * create /etc/nginx/sites-available/https-proxy and make a symlink + to it in the sites-enabled directory + * invoke-rc.d nginx start + 2008-11-17 - micah * verified the SHA256 values for the key material * /usr/lib/sks/sks_build.sh (chose option #2: normalbuild) diff --git a/doc/zimmerman/https-proxy b/doc/zimmerman/https-proxy new file mode 100644 index 0000000..c4521a7 --- /dev/null +++ b/doc/zimmerman/https-proxy @@ -0,0 +1,14 @@ +server { + listen 443; + server_name zimmermann.mayfirst.org; + ssl on; + ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; + ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; + ssl_ciphers HIGH:MEDIUM:!ADH; + + access_log off; + + location / { + proxy_pass http://localhost:11371/; + } +} -- cgit v1.2.3 From dcf50556743294744c5a39e045474ae242e0bccf Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Wed, 19 Nov 2008 11:36:46 -0500 Subject: document zimmermann SKS peers. --- doc/zimmerman/changelog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/doc/zimmerman/changelog b/doc/zimmerman/changelog index 46160a2..c054486 100644 --- a/doc/zimmerman/changelog +++ b/doc/zimmerman/changelog @@ -7,6 +7,9 @@ * changes to this system (first command at top, last at bottom) * ****************************************************************************** +2008-11-19 - dkg + * added 9 SKS peers as a result of feedback from sks-devel. + 2008-11-19 - mlc * aptitude install nginx * get rid of /etc/nginx/sites-enabled/default -- cgit v1.2.3 From e2854b865c01e4eb2547a7dd581de20bddec41d5 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Wed, 19 Nov 2008 11:37:08 -0500 Subject: fixing the spelling of zimmermann. --- doc/zimmerman/changelog | 38 -------------------------------------- doc/zimmerman/https-proxy | 14 -------------- doc/zimmermann/changelog | 38 ++++++++++++++++++++++++++++++++++++++ doc/zimmermann/https-proxy | 14 ++++++++++++++ 4 files changed, 52 insertions(+), 52 deletions(-) delete mode 100644 doc/zimmerman/changelog delete mode 100644 doc/zimmerman/https-proxy create mode 100644 doc/zimmermann/changelog create mode 100644 doc/zimmermann/https-proxy diff --git a/doc/zimmerman/changelog b/doc/zimmerman/changelog deleted file mode 100644 index c054486..0000000 --- a/doc/zimmerman/changelog +++ /dev/null @@ -1,38 +0,0 @@ -****************************************************************************** -* * -* zimmerman system log * -* * -****************************************************************************** -* Please add new entries in reverse chronological order whenever you make * -* changes to this system (first command at top, last at bottom) * -****************************************************************************** - -2008-11-19 - dkg - * added 9 SKS peers as a result of feedback from sks-devel. - -2008-11-19 - mlc - * aptitude install nginx - * get rid of /etc/nginx/sites-enabled/default - * create /etc/nginx/sites-available/https-proxy and make a symlink - to it in the sites-enabled directory - * invoke-rc.d nginx start - -2008-11-17 - micah - * verified the SHA256 values for the key material - * /usr/lib/sks/sks_build.sh (chose option #2: normalbuild) - * chown -R debian-sks:debian-sks /var/lib/sks - * edit /etc/default/sks to enable the initscript - * /etc/init.d/sks start - * rm -rf /var/lib/sks/dump - -2008-11-15 - micah - * aptitude update && aptitude full-upgrade - * aptitude install sks - * cd /var/lib/sks/dump ; wget -q -r -np -nd -A bz2,SHA256,asc \ - http://nynex.net/keydump/ -e robots=off - * install monkeysphere 0.21-2 package - * apt-get install bzip2 ; bunzip2 /var/lib/sks/dump/*.bz2 - -2008-11-15 - jamie - * aptitude install esmtp-run mailx - * edited /etc/esmtp-run, configured to relay to bulk.mayfirst.org diff --git a/doc/zimmerman/https-proxy b/doc/zimmerman/https-proxy deleted file mode 100644 index c4521a7..0000000 --- a/doc/zimmerman/https-proxy +++ /dev/null @@ -1,14 +0,0 @@ -server { - listen 443; - server_name zimmermann.mayfirst.org; - ssl on; - ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; - ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; - ssl_ciphers HIGH:MEDIUM:!ADH; - - access_log off; - - location / { - proxy_pass http://localhost:11371/; - } -} diff --git a/doc/zimmermann/changelog b/doc/zimmermann/changelog new file mode 100644 index 0000000..c054486 --- /dev/null +++ b/doc/zimmermann/changelog @@ -0,0 +1,38 @@ +****************************************************************************** +* * +* zimmerman system log * +* * +****************************************************************************** +* Please add new entries in reverse chronological order whenever you make * +* changes to this system (first command at top, last at bottom) * +****************************************************************************** + +2008-11-19 - dkg + * added 9 SKS peers as a result of feedback from sks-devel. + +2008-11-19 - mlc + * aptitude install nginx + * get rid of /etc/nginx/sites-enabled/default + * create /etc/nginx/sites-available/https-proxy and make a symlink + to it in the sites-enabled directory + * invoke-rc.d nginx start + +2008-11-17 - micah + * verified the SHA256 values for the key material + * /usr/lib/sks/sks_build.sh (chose option #2: normalbuild) + * chown -R debian-sks:debian-sks /var/lib/sks + * edit /etc/default/sks to enable the initscript + * /etc/init.d/sks start + * rm -rf /var/lib/sks/dump + +2008-11-15 - micah + * aptitude update && aptitude full-upgrade + * aptitude install sks + * cd /var/lib/sks/dump ; wget -q -r -np -nd -A bz2,SHA256,asc \ + http://nynex.net/keydump/ -e robots=off + * install monkeysphere 0.21-2 package + * apt-get install bzip2 ; bunzip2 /var/lib/sks/dump/*.bz2 + +2008-11-15 - jamie + * aptitude install esmtp-run mailx + * edited /etc/esmtp-run, configured to relay to bulk.mayfirst.org diff --git a/doc/zimmermann/https-proxy b/doc/zimmermann/https-proxy new file mode 100644 index 0000000..c4521a7 --- /dev/null +++ b/doc/zimmermann/https-proxy @@ -0,0 +1,14 @@ +server { + listen 443; + server_name zimmermann.mayfirst.org; + ssl on; + ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; + ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; + ssl_ciphers HIGH:MEDIUM:!ADH; + + access_log off; + + location / { + proxy_pass http://localhost:11371/; + } +} -- cgit v1.2.3 From afbaf20af5e2106ced3c3abde815530e78df1071 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Wed, 19 Nov 2008 11:51:10 -0500 Subject: more updates for zimmermann --- doc/zimmermann/changelog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/zimmermann/changelog b/doc/zimmermann/changelog index c054486..5801cb9 100644 --- a/doc/zimmermann/changelog +++ b/doc/zimmermann/changelog @@ -9,6 +9,8 @@ 2008-11-19 - dkg * added 9 SKS peers as a result of feedback from sks-devel. + * set localtime to America/New_York via dpkg-reconfigure tzdata + * aptitude update && aptitude full-upgrade 2008-11-19 - mlc * aptitude install nginx -- cgit v1.2.3 From 32695b249c69a547fd31f088906e6318ece1f771 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Wed, 19 Nov 2008 15:22:37 -0500 Subject: added simple index.html for people to read if they decide to visit zimmermann with a browser. --- doc/zimmermann/index.html | 73 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) create mode 100644 doc/zimmermann/index.html diff --git a/doc/zimmermann/index.html b/doc/zimmermann/index.html new file mode 100644 index 0000000..e8e36e0 --- /dev/null +++ b/doc/zimmermann/index.html @@ -0,0 +1,73 @@ + + + + SKS Search Page + + + + +

SKS OpenPGP Keyserver
@zimmermann.mayfirst.org

+

SKS is a OpenPGP keyserver whose goal is to provide easy to deploy, decentralized, and highly reliable synchronization. That means that a key submitted to one SKS server will quickly be distributed to all key servers, and even wildly out-of-date servers, or servers that experience spotty connectivity, can fully synchronize with rest of the system.

+

You can find out more about SKS, along with links to graphs of the network status here.

+ + + + + + + + + + + +
+

Extract a key

+

You can extract a key by typing in some words that appear in the userid + of the key you're looking for, or by typing in the keyid in hex format ("0x...")

+

+

+ Search String:
+ Show PGP "fingerprints" for keys +
+ Show SKS full-key hashes +
+ Search for keys:
+ get index of matching keys
+ get verbose index of matching keys
+ retrieve ascii-armored keys
+ retrieve keys by full-key hash +
+ + +
+
+
+

Submit a key

+ You can submit a key by simply pasting in the ASCII-armored version + of your key and clicking on submit. +
+
+ + +
+
+

+ Access +

+ To use this server directly via HKP add this to your .PGP keyserver list:
+ +
x-hkp://zimmermann.mayfirst.org
+http://zimmermann.mayfirst.org:11371
+ + You can also select a random server by adding this to your keyserver list:
+ +
x-hkp://pool.sks-keyservers.net
+http://pool.sks-keyservers.net:11371
+ +
+ +
+ [Server Status] If you have any questions + about or problems with this server, please open a ticket. + + -- cgit v1.2.3 From da2b427d69b516a376441764927e478ce0a9a8b7 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Wed, 19 Nov 2008 15:32:33 -0500 Subject: noted changes to zimmermann config. --- doc/zimmermann/changelog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/zimmermann/changelog b/doc/zimmermann/changelog index 5801cb9..d5868b6 100644 --- a/doc/zimmermann/changelog +++ b/doc/zimmermann/changelog @@ -11,6 +11,8 @@ * added 9 SKS peers as a result of feedback from sks-devel. * set localtime to America/New_York via dpkg-reconfigure tzdata * aptitude update && aptitude full-upgrade + * set up /var/lib/sks/www/index.html based on + doc/zimmermann/index.html from this repo. 2008-11-19 - mlc * aptitude install nginx -- cgit v1.2.3 From c94bebd604d07566cd51e85f552867d09d599cbf Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Wed, 19 Nov 2008 15:56:14 -0500 Subject: notes about using zimmermann port 80. --- doc/zimmermann/changelog | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/doc/zimmermann/changelog b/doc/zimmermann/changelog index d5868b6..841f3c9 100644 --- a/doc/zimmermann/changelog +++ b/doc/zimmermann/changelog @@ -12,7 +12,9 @@ * set localtime to America/New_York via dpkg-reconfigure tzdata * aptitude update && aptitude full-upgrade * set up /var/lib/sks/www/index.html based on - doc/zimmermann/index.html from this repo. + doc/zimmermann/index.html from this repo. + * made nginx proxy plain ol' HTTP on port 80 also so that SKS does + not need to try to listen on a privileged port. 2008-11-19 - mlc * aptitude install nginx -- cgit v1.2.3 From 574215cda48da32ada49751edab459fb21d7f469 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Wed, 19 Nov 2008 16:19:20 -0500 Subject: configured statistics calculations at SKS boot and at 03:00 (i think). --- doc/zimmermann/changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/zimmermann/changelog b/doc/zimmermann/changelog index 841f3c9..cb48a95 100644 --- a/doc/zimmermann/changelog +++ b/doc/zimmermann/changelog @@ -15,6 +15,7 @@ doc/zimmermann/index.html from this repo. * made nginx proxy plain ol' HTTP on port 80 also so that SKS does not need to try to listen on a privileged port. + * turned on initial_stat and stat_hour: 3 in /etc/sks/sksconf 2008-11-19 - mlc * aptitude install nginx -- cgit v1.2.3 From c21e955e6fdc33c289a5609ef240084bbffbacbc Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Wed, 19 Nov 2008 16:44:07 -0500 Subject: added one more SKS peer. --- doc/zimmermann/changelog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/zimmermann/changelog b/doc/zimmermann/changelog index cb48a95..cb84b43 100644 --- a/doc/zimmermann/changelog +++ b/doc/zimmermann/changelog @@ -8,7 +8,7 @@ ****************************************************************************** 2008-11-19 - dkg - * added 9 SKS peers as a result of feedback from sks-devel. + * added 10 SKS peers as a result of feedback from sks-devel. * set localtime to America/New_York via dpkg-reconfigure tzdata * aptitude update && aptitude full-upgrade * set up /var/lib/sks/www/index.html based on -- cgit v1.2.3 From c6f5594bec3301041115c8632d265ae35792bee3 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sat, 22 Nov 2008 12:41:58 -0500 Subject: Add attempt at rpm packaging. --- packaging/rpm/howto | 1 + packaging/rpm/monkeysphere.spec | 47 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+) create mode 100644 packaging/rpm/howto create mode 100644 packaging/rpm/monkeysphere.spec diff --git a/packaging/rpm/howto b/packaging/rpm/howto new file mode 100644 index 0000000..add951e --- /dev/null +++ b/packaging/rpm/howto @@ -0,0 +1 @@ +http://www.rpm-based.org/how-to-create-rpm-package diff --git a/packaging/rpm/monkeysphere.spec b/packaging/rpm/monkeysphere.spec new file mode 100644 index 0000000..5bfc774 --- /dev/null +++ b/packaging/rpm/monkeysphere.spec @@ -0,0 +1,47 @@ +Name: monkeysphere +Summary: use the OpenPGP web of trust to verify ssh connections +Version: 0.22~pre +Release: 1 +License: GPLv3 +Group: net +URL: http://web.monkeysphere.info/ + +Source: http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_%{version}.orig.tar.gz +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root + +BuildRequires: libgnutls-dev + +%description +SSH key-based authentication is tried-and-true, but it lacks a true +Public Key Infrastructure for key certification, revocation and +expiration. Monkeysphere is a framework that uses the OpenPGP web of +trust for these PKI functions. It can be used in both directions: for +users to get validated host keys, and for hosts to authenticate users. + +Monkeysphere is free software released under the GNU General Public +License (GPL). + +%prep +%setup -q + +%build +%configure --disable-debug +%{__make} + +%install +%{__rm} -rf %{buildroot} +%makeinstall +%find_lang %{name} + +%clean +%{__rm} -rf %{buildroot} + +%files -f %{name}.lang +%defattr(-, root, root, 0755) +%doc AUTHORS ChangeLog INSTALL NEWS TODO README COPYING +%{_bindir}/monkeysphere +%{_datadir}/monkeysphere/ + +%changelog +* Sat Nov 22 2008 - +- Initial release. -- cgit v1.2.3 From 4ef516a39c3783287b4efa9f1147df1e0499e4fd Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 25 Nov 2008 12:15:51 -0500 Subject: fixing dependency information -- should be procmail, not procfile. --- packaging/debian/changelog | 4 +++- packaging/debian/control | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/packaging/debian/changelog b/packaging/debian/changelog index 39e4b33..a4b1f66 100644 --- a/packaging/debian/changelog +++ b/packaging/debian/changelog @@ -13,8 +13,10 @@ monkeysphere (0.22~pre-1) UNRELEASED; urgency=low - automatically output two copies of the host's public key: one standard ssh public key file, and the other a minimal OpenPGP key with just the latest valid self-sig. + - debian/control: corrected alternate dependency from procfile to + procmail (which provides /usr/bin/lockfile) - -- Jameson Graef Rollins Mon, 17 Nov 2008 18:15:43 -0500 + -- Daniel Kahn Gillmor Tue, 25 Nov 2008 12:13:58 -0500 monkeysphere (0.21-2) unstable; urgency=low diff --git a/packaging/debian/control b/packaging/debian/control index 4c836b4..52eccf3 100644 --- a/packaging/debian/control +++ b/packaging/debian/control @@ -11,7 +11,7 @@ Dm-Upload-Allowed: yes Package: monkeysphere Architecture: any -Depends: openssh-client, gnupg, coreutils (>= 6) | base64, lockfile-progs | procfile, adduser, ${shlibs:Depends} +Depends: openssh-client, gnupg, coreutils (>= 6) | base64, lockfile-progs | procmail, adduser, ${shlibs:Depends} Recommends: netcat | socat, ssh-askpass Enhances: openssh-client, openssh-server Description: use the OpenPGP web of trust to verify ssh connections -- cgit v1.2.3 From 17d1afbd637b8e14fbbd7ec690952b0b49a30d81 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Fri, 28 Nov 2008 14:57:44 -0500 Subject: 0.22 release preperation. --- packaging/debian/changelog | 6 +++--- packaging/freebsd/security/monkeysphere/Makefile | 2 +- packaging/freebsd/security/monkeysphere/distinfo | 6 +++--- packaging/rpm/monkeysphere.spec | 11 ++--------- 4 files changed, 9 insertions(+), 16 deletions(-) diff --git a/packaging/debian/changelog b/packaging/debian/changelog index a4b1f66..c917562 100644 --- a/packaging/debian/changelog +++ b/packaging/debian/changelog @@ -1,7 +1,7 @@ -monkeysphere (0.22~pre-1) UNRELEASED; urgency=low +monkeysphere (0.22-1) unstable; urgency=low * New upstream release: - [ Jameson Rollins ] + [ Jameson Graef Rollins ] - added info log output when a new key is added to known_hosts file. - added some useful output to the ssh-proxycommand for "marginal" @@ -16,7 +16,7 @@ monkeysphere (0.22~pre-1) UNRELEASED; urgency=low - debian/control: corrected alternate dependency from procfile to procmail (which provides /usr/bin/lockfile) - -- Daniel Kahn Gillmor Tue, 25 Nov 2008 12:13:58 -0500 + -- Jameson Graef Rollins Fri, 28 Nov 2008 14:23:31 -0500 monkeysphere (0.21-2) unstable; urgency=low diff --git a/packaging/freebsd/security/monkeysphere/Makefile b/packaging/freebsd/security/monkeysphere/Makefile index 984bc87..976f543 100644 --- a/packaging/freebsd/security/monkeysphere/Makefile +++ b/packaging/freebsd/security/monkeysphere/Makefile @@ -6,7 +6,7 @@ # PORTNAME= monkeysphere -PORTVERSION= 0.19 +PORTVERSION= 0.22~pre CATEGORIES= security MASTER_SITES= http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/ # hack for debian orig tarballs diff --git a/packaging/freebsd/security/monkeysphere/distinfo b/packaging/freebsd/security/monkeysphere/distinfo index 86aecd1..51edfbe 100644 --- a/packaging/freebsd/security/monkeysphere/distinfo +++ b/packaging/freebsd/security/monkeysphere/distinfo @@ -1,3 +1,3 @@ -MD5 (monkeysphere_0.19.orig.tar.gz) = 64c643dd0ab642bbc8814aec1718000e -SHA256 (monkeysphere_0.19.orig.tar.gz) = 321b77c1e10fe48ffbef8491893f5dd22842c35c11464efa7893150ce756a522 -SIZE (monkeysphere_0.19.orig.tar.gz) = 68335 +MD5 (monkeysphere_0.22~pre.orig.tar.gz) = fd19f09ed9a720f673d74c9cb58e9d6d +SHA256 (monkeysphere_0.22~pre.orig.tar.gz) = 337c7fdb93b697fba5a9e35cdff2b5faf0e4914fd8beab7994b456d58d19abb6 +SIZE (monkeysphere_0.22~pre.orig.tar.gz) = 69345 diff --git a/packaging/rpm/monkeysphere.spec b/packaging/rpm/monkeysphere.spec index 5bfc774..9e32837 100644 --- a/packaging/rpm/monkeysphere.spec +++ b/packaging/rpm/monkeysphere.spec @@ -7,9 +7,6 @@ Group: net URL: http://web.monkeysphere.info/ Source: http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_%{version}.orig.tar.gz -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root - -BuildRequires: libgnutls-dev %description SSH key-based authentication is tried-and-true, but it lacks a true @@ -25,22 +22,18 @@ License (GPL). %setup -q %build -%configure --disable-debug %{__make} %install %{__rm} -rf %{buildroot} +Prefix=%{buildroot}/usr %makeinstall -%find_lang %{name} %clean %{__rm} -rf %{buildroot} -%files -f %{name}.lang +%files %defattr(-, root, root, 0755) -%doc AUTHORS ChangeLog INSTALL NEWS TODO README COPYING -%{_bindir}/monkeysphere -%{_datadir}/monkeysphere/ %changelog * Sat Nov 22 2008 - -- cgit v1.2.3 From f3e2dfe4463e234ed023fdf06ca019273f1597d5 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Fri, 28 Nov 2008 21:01:29 -0500 Subject: added release note for 0.22-1 --- website/download.mdwn | 36 ++++++++++++++++++------------------ website/news/release-0.22-1.mdwn | 25 +++++++++++++++++++++++++ 2 files changed, 43 insertions(+), 18 deletions(-) create mode 100644 website/news/release-0.22-1.mdwn diff --git a/website/download.mdwn b/website/download.mdwn index 6d5a73f..a5c7479 100644 --- a/website/download.mdwn +++ b/website/download.mdwn @@ -75,38 +75,38 @@ For those that would like to download the source directly, [the source is available](/community) via [git](http://git.or.cz/). The [latest -tarball](http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_0.21.orig.tar.gz) +tarball](http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_0.22.orig.tar.gz) is also available, and has these checksums: 
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
 
-checksums for the monkeysphere 0.21 release:
+checksums for the monkeysphere 0.22 release:
 
 MD5:
-15fe181983565aca0fbe4c41f9f6752e  monkeysphere_0.21.orig.tar.gz
+2bb00c86323409b98aff53f94d9ce0a6  monkeysphere_0.22.orig.tar.gz
 
 SHA1:
-27e915a45cdbe50a139ed4f4b13746b17c165b0f  monkeysphere_0.21.orig.tar.gz
+312882ad192b8e7303e3e0ac9db20ac8ddc529b3  monkeysphere_0.22.orig.tar.gz
 
 SHA256:
-1535c3f722f5f5c1646a4981efef4a262ac7b23bf4b980c9aee11af2600eedc2  monkeysphere_0.21.orig.tar.gz
+2566facda807a67a4d2d6de3833cccfa0b78b454909e8d25f47a235a9e621b24  monkeysphere_0.22.orig.tar.gz
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.9 (GNU/Linux)
 
-iQIVAwUBSR8+7BjmZ/HrivMUAQLeKg/+JT4LCXBR/06p/w2KBd1MKqch5Qf2ryIo
-mxCTWtZRgVQSeOFUJ5SXX+Tfs7VZfkV5HuahUH3NmGC6EMhYyB2olwBOOoIAqEKw
-1zVyn49bowCee+gTc3QHyT0Eqgt2ARtzl3/VrHkiw2MaJN3IZXseovyL8ksnEu+u
-s8fq26imtBrrucIxp4ZtHUw/h/YrJohHcJ8QQN5/UWFLug4C4aRFmnzL+oCySxAa
-0au/zFxxRZE5pMhLUvRwwCwPFx2CGBz6y9lAOiDPhhUqh+Bf7JKWJzk35Dj5Tm+2
-lCIzYtfpBkuF9ehCrm8WYF5aFg+gto8Bc6IJci9J6h2npBYIG0IbWOknMZz3+Ti2
-c3EltlJjK0LKEHujDYjf9tkNAxbBdtlYuw8x925ILeK7n8xX0Jr1TDzPyAIYaogv
-IVqsgnvQ489K8k06173kyrPaetyvOlU3bN1zcPdqTyCD6+eBbeCeKXO4324C8iMF
-rQPW4HScOdIidqFuzHyIT7PoY4DwWMgeAVymRSEufifvRcdCvQdlC4MaxxVf5I8A
-ATkD3CrY+5NZeERAGbmlu7Uz+sUk5tLUH0Q2qvjZUIQRctfr4BMheuBubsLR9yP3
-FZ4Q4kl34eU/WU7NtTmIFy7gDhLSIoeQINfYZlNEXQ7Y/RZUOEwoPI/spAXgw6De
-Xpsw0wPZtcM=
-=JDaA
+iQIVAwUBSTCiPRjmZ/HrivMUAQLg/BAAsdLsCQYSmvYLrYy1HiARtZOckqSOFv5e
+lnoOYEXKCXVjKqYUn4gjOkP2kQlnEOazfXrT/pO4u0AKUbf3C8bPDpIeao8uuPXI
+GG6HOWtsY93a2g8DM9fOzadIwhhBc9U7VwizBwFsxMw6xFTIKfoqqQonfEYFFLb6
+zyJVcfhmmGjgoJ9qA3AlYAf/i3Y/fcXh+YMI5J3Gez3BTVcep41UlcQUyd33pHF6
+aHdSWCzrotFual3fbf0meQewbBCW3JRBsbmCHQltbO/kNrtyfXb3Rp4oLiffcmpI
+DhfpFeonVHnUI9CVHmL7qbnBsgu5Q8l8Fxzu5pyzrGJxlvqBCpG8JM2FI0jJxw6o
+LQkmXCHteYKyopqKz5X0ATCot2Eoc9+kNEHwNWI37XbY7AV1XOOzGiaMjl+w8aUR
+QM8+Gi0h7SU2KuEogIsq1TghsDp3BJpTyBnc72ttLt2BvMzANOJnM8cmQqW8bOpz
+9Jdob+ISKkKG9q0wp61gb+8/f7mZKNtpr2rpRVYyjHgwR5XfbnS+gaD2B1NyG7NY
+yxW7fHpTsuwqcm2ONjZCDpEj0bXM0cL7r8c3J0L5kRCiN05c/KKYTNC70kTwCeQa
+ninihvIJal0Wu3LZxtYmtxuApq3wmc8NPo66C+TC24YGtxxJuZMS1qOlPFIPADIa
+EeBVdDmRbBw=
+=FmCP
 -----END PGP SIGNATURE-----
diff --git a/website/news/release-0.22-1.mdwn b/website/news/release-0.22-1.mdwn new file mode 100644 index 0000000..078b605 --- /dev/null +++ b/website/news/release-0.22-1.mdwn @@ -0,0 +1,25 @@ +[[meta title="Monkeysphere 0.22-1 released!"]] + +Monkeysphere 0.22-1 has been released. + +Notes from the changelog: + +
+  * New upstream release:
+  [ Jameson Graef Rollins ]
+
+    - added info log output when a new key is added to known_hosts file.
+    - added some useful output to the ssh-proxycommand for "marginal"
+      cases where keys are found for host but do not have full validity.
+    - force ssh-keygen to read from stdin to get ssh key fingerprint.
+
+  [ Daniel Kahn Gillmor ]
+
+    - automatically output two copies of the host's public key: one
+    standard ssh public key file, and the other a minimal OpenPGP key with
+    just the latest valid self-sig.
+    - debian/control: corrected alternate dependency from procfile to
+    procmail (which provides /usr/bin/lockfile)
+
+ +[[Download]] it now! -- cgit v1.2.3 From 08c0d045d6608ee7cba7b979ce007087d703693c Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sat, 29 Nov 2008 15:56:30 -0500 Subject: notes about zimmermann HTTPS --- doc/zimmermann/changelog | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/doc/zimmermann/changelog b/doc/zimmermann/changelog index cb84b43..8dedf58 100644 --- a/doc/zimmermann/changelog +++ b/doc/zimmermann/changelog @@ -1,12 +1,16 @@ ****************************************************************************** * * -* zimmerman system log * +* zimmermann system log * * * ****************************************************************************** * Please add new entries in reverse chronological order whenever you make * * changes to this system (first command at top, last at bottom) * ****************************************************************************** +2008-11-29 - dkg + * zimmermann now uses an X.509 certificate signed by the MF/PL CA + for its HTTPS connection. + 2008-11-19 - dkg * added 10 SKS peers as a result of feedback from sks-devel. * set localtime to America/New_York via dpkg-reconfigure tzdata -- cgit v1.2.3 From 7e0b85c35531d96ee4e2e06702fc53ae068ad23a Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 30 Nov 2008 12:18:40 -0500 Subject: gave example on gpg multi-keyring bug. --- .../problems-with-root-owned-gpg-keyrings.mdwn | 97 ++++++++++++++++++++++ 1 file changed, 97 insertions(+) diff --git a/website/bugs/problems-with-root-owned-gpg-keyrings.mdwn b/website/bugs/problems-with-root-owned-gpg-keyrings.mdwn index 65268c5..67bc9d2 100644 --- a/website/bugs/problems-with-root-owned-gpg-keyrings.mdwn +++ b/website/bugs/problems-with-root-owned-gpg-keyrings.mdwn @@ -22,3 +22,100 @@ be hiding a bug, rather than getting it fixed correctly. Are there other ways we can deal with this problem? --dkg + +Here is an example when using monkeysphere-server +add-identity-certifier on a host with a newly-installed monkeysphere +installaton. Note that running the same command a second time works +as expected: + + 0 pip:~# monkeysphere-server c+ 0EE5BE979282D80B9F7540F1CCD2ED94D21739E9 + gpg: requesting key D21739E9 from hkp server pool.sks-keyservers.net + gpg: key D21739E9: public key "Daniel Kahn Gillmor " imported + gpg: can't create `/var/lib/monkeysphere/gnupg-host/pubring.gpg.tmp': Permission denied + gpg: failed to rebuild keyring cache: file open error + gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model + gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u + gpg: next trustdb check due at 2009-03-30 + gpg: Total number processed: 1 + gpg: imported: 1 (RSA: 1) + Could not receive a key with this ID from the 'pool.sks-keyservers.net' keyserver. + 255 pip:~# monkeysphere-server c+ 0EE5BE979282D80B9F7540F1CCD2ED94D21739E9 + gpg: requesting key D21739E9 from hkp server pool.sks-keyservers.net + gpg: key D21739E9: "Daniel Kahn Gillmor " not changed + gpg: Total number processed: 1 + gpg: unchanged: 1 + + key found: + pub 4096R/D21739E9 2007-06-02 [expires: 2012-05-31] + Key fingerprint = 0EE5 BE97 9282 D80B 9F75 40F1 CCD2 ED94 D217 39E9 + uid [ unknown] Daniel Kahn Gillmor + uid [ unknown] Daniel Kahn Gillmor + uid [ unknown] Daniel Kahn Gillmor + uid [ unknown] Daniel Kahn Gillmor + uid [ unknown] [jpeg image of size 3515] + sub 2048R/4BFA08E4 2008-06-19 [expires: 2009-06-19] + sub 4096R/21484CFF 2007-06-02 [expires: 2012-05-31] + + Are you sure you want to add the above key as a + certifier of users on this system? (y/N) y + gpg: key D21739E9: public key "Daniel Kahn Gillmor " imported + gpg: Total number processed: 1 + gpg: imported: 1 (RSA: 1) + gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model + gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u + gpg: next trustdb check due at 2009-03-30 + gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc. + This is free software: you are free to change and redistribute it. + There is NO WARRANTY, to the extent permitted by law. + + + pub 4096R/D21739E9 created: 2007-06-02 expires: 2012-05-31 usage: SC + trust: unknown validity: unknown + [ unknown] (1). Daniel Kahn Gillmor + [ unknown] (2) Daniel Kahn Gillmor + [ unknown] (3) Daniel Kahn Gillmor + [ unknown] (4) Daniel Kahn Gillmor + [ unknown] (5) [jpeg image of size 3515] + + + pub 4096R/D21739E9 created: 2007-06-02 expires: 2012-05-31 usage: SC + trust: unknown validity: unknown + Primary key fingerprint: 0EE5 BE97 9282 D80B 9F75 40F1 CCD2 ED94 D217 39E9 + + Daniel Kahn Gillmor + Daniel Kahn Gillmor + Daniel Kahn Gillmor + Daniel Kahn Gillmor + [jpeg image of size 3515] + + This key is due to expire on 2012-05-31. + Please decide how far you trust this user to correctly verify other users' keys + (by looking at passports, checking fingerprints from different sources, etc.) + + 1 = I trust marginally + 2 = I trust fully + + + Please enter the depth of this trust signature. + A depth greater than 1 allows the key you are signing to make + trust signatures on your behalf. + + + Please enter a domain to restrict this signature, or enter for none. + + + Are you sure that you want to sign this key with your + key "ssh://pip.fifthhorseman.net" (9B83C17D) + + The signature will be marked as non-exportable. + + + gpg: can't create `/var/lib/monkeysphere/gnupg-host/pubring.gpg.tmp': Permission denied + gpg: failed to rebuild keyring cache: file open error + gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model + gpg: depth: 0 valid: 1 signed: 1 trust: 0-, 0q, 0n, 0m, 0f, 1u + gpg: depth: 1 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 1f, 0u + gpg: next trustdb check due at 2009-03-30 + + Identity certifier added. + 0 pip:~# -- cgit v1.2.3 From 34af6daef32adbb7964e4fd1354eaaa737adc4ac Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sun, 30 Nov 2008 17:15:56 -0500 Subject: add new check_host_keyring function for better checks for the existence of a host private key for functions that require it to be there. --- packaging/debian/changelog | 8 ++++++++ src/monkeysphere-server | 24 ++++++++++++++++++++---- 2 files changed, 28 insertions(+), 4 deletions(-) diff --git a/packaging/debian/changelog b/packaging/debian/changelog index c917562..2aaa9ca 100644 --- a/packaging/debian/changelog +++ b/packaging/debian/changelog @@ -1,3 +1,11 @@ +monkeysphere (0.23~pre-1) UNRELEASED; urgency=low + + * New upstream release: + - added better checks for the existence of a host private key for + functions that require it to be there. + + -- Jameson Graef Rollins Sun, 30 Nov 2008 17:14:50 -0500 + monkeysphere (0.22-1) unstable; urgency=low * New upstream release: diff --git a/src/monkeysphere-server b/src/monkeysphere-server index a1844ee..388e50b 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -117,6 +117,16 @@ gpg_authentication() { su_monkeysphere_user "gpg $@" } +# function to check for host secret keys +# fails if host sec key exists, exits true otherwise +check_host_keyring() { + if ! gpg_host --list-secret-keys --fingerprint \ + --with-colons --fixed-list-mode 2>/dev/null | grep -q '^sec:' ; then + + failure "You don't appear to have a Monkeysphere host key on this server. Please run 'monkeysphere-server gen-key' first." + fi +} + # output just key fingerprint fingerprint_server_key() { gpg_host --list-secret-keys --fingerprint \ @@ -337,6 +347,7 @@ gen_key() { userID="ssh://${hostName}" # check for presense of key with user ID + # FIXME: is this the proper test to be doing here? if gpg_host --list-key ="$userID" > /dev/null 2>&1 ; then failure "Key for '$userID' already exists" fi @@ -411,10 +422,6 @@ extend_key() { local fpr=$(fingerprint_server_key) local extendTo="$1" - if [ -z "$fpr" ] ; then - failure "You don't appear to have a MonkeySphere host key on this server. Try 'monkeysphere-server gen-key' first." - fi - # get the new expiration date extendTo=$(get_gpg_expiration "$extendTo") @@ -990,6 +997,7 @@ shift case $COMMAND in 'update-users'|'update-user'|'u') + check_host_keyring update_users "$@" ;; @@ -998,22 +1006,27 @@ case $COMMAND in ;; 'extend-key'|'e') + check_host_keyring extend_key "$@" ;; 'add-hostname'|'add-name'|'n+') + check_host_keyring add_hostname "$@" ;; 'revoke-hostname'|'revoke-name'|'n-') + check_host_keyring revoke_hostname "$@" ;; 'show-key'|'show'|'s') + check_host_keyring show_server_key ;; 'publish-key'|'publish'|'p') + check_host_keyring publish_server_key ;; @@ -1022,14 +1035,17 @@ case $COMMAND in ;; 'add-identity-certifier'|'add-id-certifier'|'add-certifier'|'c+') + check_host_keyring add_certifier "$@" ;; 'remove-identity-certifier'|'remove-id-certifier'|'remove-certifier'|'c-') + check_host_keyring remove_certifier "$@" ;; 'list-identity-certifiers'|'list-id-certifiers'|'list-certifiers'|'list-certifier'|'c') + check_host_keyring list_certifiers "$@" ;; -- cgit v1.2.3 From 53b6ca110b9a6f17a7c7bc22e4f10d55bb6c2fb1 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 30 Nov 2008 17:59:28 -0500 Subject: added yet another FIXME to m-s d --- src/monkeysphere-server | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/monkeysphere-server b/src/monkeysphere-server index 388e50b..a73b253 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -716,6 +716,10 @@ diagnostics() { echo " - Recommendation: remove the above HostKey lines from $sshd_config" problemsfound=$(($problemsfound+1)) fi + + # FIXME: test (with ssh-keyscan?) that the running ssh + # daemon is actually offering the monkeysphere host key. + fi fi -- cgit v1.2.3 From 2483b7de82423d6bf0dec774526a2ca9fef3d64d Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sun, 30 Nov 2008 23:27:36 -0500 Subject: add a couple of bugs about posix compliance and the use of getopts instead of getopt. --- src/common | 2 +- src/monkeysphere | 2 +- src/monkeysphere-server | 4 ++-- website/bugs/posix_compliance.mdwn | 9 +++++++++ website/bugs/use_getopts_instead_of_getopt.mdwn | 4 ++++ 5 files changed, 17 insertions(+), 4 deletions(-) create mode 100644 website/bugs/posix_compliance.mdwn create mode 100644 website/bugs/use_getopts_instead_of_getopt.mdwn diff --git a/src/common b/src/common index 51b0470..f6000d3 100644 --- a/src/common +++ b/src/common @@ -147,7 +147,7 @@ advance_date() { local shortunits # try things the GNU way first - if date -d "$number $longunits" "$format" >&/dev/null ; then + if date -d "$number $longunits" "$format" >/dev/null 2>&1; then date -d "$number $longunits" "$format" else # otherwise, convert to (a limited version of) BSD date syntax: diff --git a/src/monkeysphere b/src/monkeysphere index 7e800cc..523ddfe 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -158,7 +158,7 @@ EOF log verbose "done." } -function subkey_to_ssh_agent() { +subkey_to_ssh_agent() { # try to add all authentication subkeys to the agent: local sshaddresponse diff --git a/src/monkeysphere-server b/src/monkeysphere-server index a73b253..c4f6985 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -866,9 +866,9 @@ add_certifier() { # export the key to the host keyring gpg_authentication "--export 0x${fingerprint}!" | gpg_host --import - if [ "$trust" == marginal ]; then + if [ "$trust" = marginal ]; then trustval=1 - elif [ "$trust" == full ]; then + elif [ "$trust" = full ]; then trustval=2 else failure "Trust value requested ('$trust') was unclear (only 'marginal' or 'full' are supported)." diff --git a/website/bugs/posix_compliance.mdwn b/website/bugs/posix_compliance.mdwn new file mode 100644 index 0000000..c2908ad --- /dev/null +++ b/website/bugs/posix_compliance.mdwn @@ -0,0 +1,9 @@ +It would be nice to make all of the Monkeysphere scripts POSIX +compliant, for portability and light-weightedness. Better POSIX +compliance would probably at least be better for compatibility with +o{ther,lder} versions of bash. Unfortunately there are quite a few +bashism at the moment, so this may not be trivial. For instance: + + servo:~/cmrg/monkeysphere/git 0$ checkbashisms -f src/monkeysphere-server 2>&1 | wc -l + 50 + servo:~/cmrg/monkeysphere/git 0$ diff --git a/website/bugs/use_getopts_instead_of_getopt.mdwn b/website/bugs/use_getopts_instead_of_getopt.mdwn new file mode 100644 index 0000000..db087b4 --- /dev/null +++ b/website/bugs/use_getopts_instead_of_getopt.mdwn @@ -0,0 +1,4 @@ +Since Monkeysphere is using bash, it would be nice to use the shell +build in getopts function, instead of the external getopt program. +This would reduce an external dependency, which would definitely be +better for portability. -- cgit v1.2.3