From 9e5a8d819afd3ded051bef739dbc4bfb1446dc2e Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sat, 21 Feb 2009 17:06:47 -0500 Subject: correct return codes for monkeysphere subkey-to-ssh-agent --- src/share/m/subkey_to_ssh_agent | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/src/share/m/subkey_to_ssh_agent b/src/share/m/subkey_to_ssh_agent index 7fb2fdb..4ce14f8 100644 --- a/src/share/m/subkey_to_ssh_agent +++ b/src/share/m/subkey_to_ssh_agent @@ -13,6 +13,9 @@ # try to add all authentication subkeys to the agent +# FIXME: what if you only want to add one authentication subkey to the +# agent? + subkey_to_ssh_agent() { local sshaddresponse=0 local secretkeys @@ -68,7 +71,6 @@ You might want to 'monkeysphere gen-subkey'" trap "rm -rf $workingdir" EXIT umask 077 mkfifo "$workingdir/passphrase" - keysuccess=1 # FIXME: we're currently allowing any other options to get passed # through to ssh-add. should we limit it to known ones? For @@ -88,7 +90,7 @@ You might want to 'monkeysphere gen-subkey'" if [ "$1" = '-d' ]; then # we're removing the subkey: gpg_user --export "0x${subkey}!" | openpgp2ssh "$subkey" > "$workingdir/$kname" - (cd "$workingdir" && ssh-add -d "$kname") + (cd "$workingdir" && ssh-add -d "$kname") || keysuccess="$?" else # we're adding the subkey: mkfifo "$workingdir/$kname" @@ -98,8 +100,8 @@ You might want to 'monkeysphere gen-subkey'" (cd "$workingdir" && DISPLAY=nosuchdisplay SSH_ASKPASS=/bin/false ssh-add "$@" "$kname" Date: Sat, 21 Feb 2009 17:12:33 -0500 Subject: fix bug in ssh connection test --- tests/basic | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/basic b/tests/basic index 9c5b280..9308e21 100755 --- a/tests/basic +++ b/tests/basic @@ -51,6 +51,8 @@ gpgadmin() { # test ssh connection # first argument is expected return code from ssh connection ssh_test() { + local RETURN=0 + umask 0077 CODE=${1:-0} -- cgit v1.2.3 From 086122c884086aae030d8e0a337048ee1bc5dbbd Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sat, 21 Feb 2009 17:12:49 -0500 Subject: add FIXME to show key about how it should show revokers as well. --- src/monkeysphere-host | 1 + 1 file changed, 1 insertion(+) diff --git a/src/monkeysphere-host b/src/monkeysphere-host index 540a8ab..baa7a87 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -184,6 +184,7 @@ show_key() { # list the host key info # FIXME: make no-show-keyring work so we don't have to do the grep'ing # FIXME: can we show uid validity somehow? + # FIXME: show revokers as well gpg --list-keys --fingerprint \ --list-options show-unusable-uids 2>/dev/null \ | grep -v "^${GNUPGHOME}/pubring.gpg$" \ -- cgit v1.2.3 From 609154c350df229c288428a6aecc4c8b47bea810 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sat, 21 Feb 2009 17:24:25 -0500 Subject: fixing up some documentation, including version notes in getting started. --- packaging/debian/NEWS | 2 +- website/getting-started-admin.mdwn | 3 +++ website/getting-started-user.mdwn | 3 +++ 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/packaging/debian/NEWS b/packaging/debian/NEWS index 3fceea2..8551c87 100644 --- a/packaging/debian/NEWS +++ b/packaging/debian/NEWS @@ -6,7 +6,7 @@ monkeysphere (0.23-1) unstable; urgency=low its functionality has been folded into monkeysphere as a subcommand. So if you are currently using: ssh -oProxyCommand='monkeysphere-ssh-proxycommand %h %p' - plese use instead: + please use instead: ssh -oProxyCommand='monkeysphere ssh-proxycommand %h %p' * For sysadmins: monkeysphere-server has been split into monkeysphere-host (for publishing the ssh host key of your machine) diff --git a/website/getting-started-admin.mdwn b/website/getting-started-admin.mdwn index ca44956..bff1773 100644 --- a/website/getting-started-admin.mdwn +++ b/website/getting-started-admin.mdwn @@ -1,6 +1,9 @@ Monkeysphere Server Administrator README ======================================== + Note: This documentation is for Monkeysphere version 0.23 or later. + If you are running a version prior to 0.23, we recommend that you upgrade. + As the administrator of an SSH server, you can take advantage of the Monkeysphere in two ways: diff --git a/website/getting-started-user.mdwn b/website/getting-started-user.mdwn index 9e2be26..96fd54e 100644 --- a/website/getting-started-user.mdwn +++ b/website/getting-started-user.mdwn @@ -1,6 +1,9 @@ Monkeysphere User README ======================== + Note: This documentation is for Monkeysphere version 0.23 or later. + If you are running a version prior to 0.23, we recommend that you upgrade. + You don't have to be an OpenSSH or OpenPGP expert to use the Monkeysphere. However, you should be comfortable using secure shell (ssh), and you should already have an OpenPGP key before you begin. -- cgit v1.2.3 From 97c0b4f9ba18f9e09b430ece4f1b762958238f31 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sat, 21 Feb 2009 17:25:11 -0500 Subject: extend show-key to show fingerprints of revokers as well. --- src/monkeysphere-host | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/src/monkeysphere-host b/src/monkeysphere-host index baa7a87..0dba1f6 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -163,6 +163,8 @@ find_host_userid() { # show info about the host key show_key() { local GNUPGHOME + local TMPSSH + local revokers # tmp gpghome dir export GNUPGHOME=$(msmktempdir) @@ -184,12 +186,22 @@ show_key() { # list the host key info # FIXME: make no-show-keyring work so we don't have to do the grep'ing # FIXME: can we show uid validity somehow? - # FIXME: show revokers as well gpg --list-keys --fingerprint \ --list-options show-unusable-uids 2>/dev/null \ | grep -v "^${GNUPGHOME}/pubring.gpg$" \ | egrep -v '^-+$' + # list revokers, if there are any + revokers=$(gpg --list-keys --with-colons --fixed-list-mode \ + | grep '^rvk:' | cut -d: -f10) + if [ "$revokers" ] ; then + echo "The following keys are allowed to revoke this host key:" + for key in $revokers ; do + echo "revoker: $key" + done + echo + fi + # list the pgp fingerprint echo "OpenPGP fingerprint: $HOST_FINGERPRINT" -- cgit v1.2.3 From fa47d0b373ae70733c50420821cf2ef8e1ad7466 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sat, 21 Feb 2009 17:30:54 -0500 Subject: make show-key so that it works even if there are no revokers. --- src/monkeysphere-host | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/monkeysphere-host b/src/monkeysphere-host index 0dba1f6..fc3b607 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -193,7 +193,7 @@ show_key() { # list revokers, if there are any revokers=$(gpg --list-keys --with-colons --fixed-list-mode \ - | grep '^rvk:' | cut -d: -f10) + | grep '^rvk:' | cut -d: -f10) || true if [ "$revokers" ] ; then echo "The following keys are allowed to revoke this host key:" for key in $revokers ; do -- cgit v1.2.3 From 46fe34d78ca1acb59c996064e4b85f922cf9e9e6 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sat, 21 Feb 2009 17:34:15 -0500 Subject: adjusting extraction of revokers. --- src/monkeysphere-host | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/monkeysphere-host b/src/monkeysphere-host index fc3b607..1b0de0c 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -193,7 +193,7 @@ show_key() { # list revokers, if there are any revokers=$(gpg --list-keys --with-colons --fixed-list-mode \ - | grep '^rvk:' | cut -d: -f10) || true + | awk -F: '/^rvk:/{ print $10 }' ) if [ "$revokers" ] ; then echo "The following keys are allowed to revoke this host key:" for key in $revokers ; do -- cgit v1.2.3