From 186edf2e6dff7c966263d3638c56b41cc5d82fc2 Mon Sep 17 00:00:00 2001 From: mike castleman Date: Mon, 14 Apr 2008 16:05:55 -0400 Subject: include docs from obby --- doc/MonkeySpec | 105 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 105 insertions(+) create mode 100644 doc/MonkeySpec (limited to 'doc/MonkeySpec') diff --git a/doc/MonkeySpec b/doc/MonkeySpec new file mode 100644 index 0000000..7a19df0 --- /dev/null +++ b/doc/MonkeySpec @@ -0,0 +1,105 @@ +THE MONKEYSPHERE +================ + +AGENDA +====== +[x] clowning +[ ] work +[x] jrollins will talk and gesture - in progress + +COMPONENTS +========== +* client-side componants +** "Marmoset": update known_hosts file with public key of server(s): +*** be responsible for removing keys from the file as key revocation happens +*** be responsible for updating a key in the file where there is a key replacement +*** must result in a file that is parsable by the existing ssh client without errors +*** manual management must be allowed without stomping on it +*** provide a simple, intelligible, clear policy for key acceptance +*** questions: should this query keyserver & update known host files? (we already + have awesome tool that queries keyservers and updates a web of trust (gpg) +** "Howler": simple script that could be placed as a trigger function (in your .ssh/config) +*** runs on connection to a certain host +*** triggers update to known_hosts file then makes connection +*** proxy-command | pre-hook script | wrapper script +** "Langur": policy-editor for viewing/editing policies + +* server-side componants +** "Rhesus" updates a per-user authorized_keys file, instead of updating a + known_hosts file from a public key by matching a specified user-id (for given + user: update authkeys file with public keys derived from authorized_uids + file) +*** Needs to operate with the same principles that Marmoset client-side does +** "Tamarin" triggers Rhesus during an attempt to initiate a connection or a scheduler (or both) +** "Barbary" - policy editor / viewer + +* common componants +** Create a ssh keypair from a openpgp keypair + +from ssh_config(5): + LocalCommand + Specifies a command to execute on the local machine after suc‐ + cessfully connecting to the server. The command string extends + to the end of the line, and is executed with /bin/sh. This + directive is ignored unless PermitLocalCommand has been enabled. + + +NOTES +===== +* Daniel and Elliot lie. +* We will use a distributed VCS, each developer will create their own git repository and publish it publically for others to pull from, mail out +* public project page doesn't perhaps make sense yet +* approximate goal - using the web of trust to authenticate ppl for SSH +* outline of various components of monkeysphere +* M: what does it mean to be in the monkeysphere? not necessarily a great coder. +* J: interested in seeing project happen, not in actually doing it. anybody can contribute as much as they want. +* J: if we put the structure in place to work on monkeysphere then we don't have to do anything +* D: we are not creating +* understand gpg's keyring better, understanding tools better, building scripts +* Some debian packages allow automated configuration of config files. + + +* GENERAL GOAL - use openpgp web-of-trust to authenticate ppl for SSH +* SPECIFIC GOAL - allow openssh to tie into pgp web-of-trust without modifying either openpgp and openssh +* DESIGN GOALS - authentication, use the existing generic OpenSSH client, the admin can make it default, although end-user should be decide to use monkeysphere or not +* DESIGN GOAL - use of monkeysphere should not radically change connecting-to-server experience +* GOAL - pick a monkey-related name for each component + +Dramatis Personae: http://en.wikipedia.org/wiki/Alice_and_Bob +Backstory: http://www.conceptlabs.co.uk/alicebob.html + +* Use Case: Bob wants to sign on to the computer "mangabey" via monkeysphere + framework. He doesn't have access to the machine, but he knows Alice, who is + the admin of magabey. Alice creates a user bob and puts bob's userid in the + auth_user_ids file for bob. Tamarin triggers which causes Rhesus to take all + the things in the auth_userids file, takes those users, look son a keyserver + finds the public keys for the users, converts the gpg public keys into ssh + public keys and inserts those into a user_authorized_keys file. Bob goes to + connect, bob's ssh client which is monkeysphere enbaled, howler is triggered + which triggers marmoset which looks out into the web of trust and find an + OpenPGP key that has a userid that matches the URI of magabey. Marmoset checks + to see if this key for mangabey has been signed by any keys that you trust + (based on your policy). Has this key been signed by somebody that you trust? + If yes, connect, if no: abort or fail-through or whatever. Alice has signed + this uid, so Marmoset says "OK, this server has been verified" it then + converts the gpg public key into a ssh public key and then adds this gpg key + to the known_host file. ssh says, "you" are about to connect to magabey and + you know this is magabey because alice says so and you trust alice". The gpg + private key of bob has to be converted (somehow, via agent or something) into + a ssh private_key. SSH connection happens. + +Host identity piece of monkeysphere could be used without buying into the +authorization component. + +Monkeysphere is authentication layer that allows the sysadmin to perform +authorization on user identities instead of on keys, it additionally allows the +sysadmin also to authenticate the server to the end-user. + +git clone http://git.mlcastle.net/monkeysphere.git/ monkeysphere + +Fix gpgkey2ssh so that the entire key fingerprint will work, accept full fingerprint, or accept a pipe and do the conversion +Write manpage for gpgkey2ssh +gpg private key (start with passwordless) to PEM encoded private key: perl libraries, libopencdk / gnutls, gpgme +setup remote git repo +think through / plan merging of known_hosts (& auth_keys?) +think about policies and their representation \ No newline at end of file -- cgit v1.2.3