From d8ece7d101fb16c99dfcc1224cc48f2c9cd4024d Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Mon, 18 Aug 2008 15:21:11 -0400 Subject: added 'monkeysphere-server extend-key' subcommand --- man/man8/monkeysphere-server.8 | 29 ++++++++++++++++++++++------- 1 file changed, 22 insertions(+), 7 deletions(-) (limited to 'man/man8/monkeysphere-server.8') diff --git a/man/man8/monkeysphere-server.8 b/man/man8/monkeysphere-server.8 index 8e7278b..416cc87 100644 --- a/man/man8/monkeysphere-server.8 +++ b/man/man8/monkeysphere-server.8 @@ -36,13 +36,28 @@ specified, then all accounts on the system are processed. `u' may be used in place of `update-users'. .TP .B gen-key [HOSTNAME] -Generate a OpenPGP key pair for the host. If HOSTNAME is not -specified, then the system fully-qualified domain name will be user. -An alternate key bit length can be specified with the `-l' or -`--length' option (default 2048). An expiration length can be -specified with the `-e' or `--expire' option (prompt otherwise). A -key revoker fingerprint can be specified with the `-r' or `--revoker' -option. `g' may be used in place of `gen-key'. +Generate a OpenPGP key for the host. If HOSTNAME is not specified, +then the system fully-qualified domain name will be user. An +alternate key bit length can be specified with the `-l' or `--length' +option (default 2048). An expiration length can be specified with the +`-e' or `--expire' option (prompt otherwise). The expiration format +is the same as that of \fBextend-key\fP, below. A key revoker +fingerprint can be specified with the `-r' or `--revoker' option. `g' +may be used in place of `gen-key'. +.TP +.B extend-key EXPIRE +Extend the validity of the OpenPGP key for the host until EXPIRE from +the present. If EXPIRE is not specified, then the user will be +prompted for the extension term. Expiration is specified like GnuPG +does: +.nf + 0 = key does not expire + = key expires in n days + w = key expires in n weeks + m = key expires in n months + y = key expires in n years +.fi +`e' may be used in place of `extend-key'. .TP .B add-hostname HOSTNAME Add a hostname user ID to the server host key. `n+' may be used in -- cgit v1.2.3 From 823a697e77cb01eb4dfc2606e4e0e8d6c1f8f558 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Mon, 18 Aug 2008 15:41:12 -0400 Subject: collapsed "show-fingerprint" with "show-key" for monkeysphere-server. --- man/man8/monkeysphere-server.8 | 4 ---- src/monkeysphere-server | 19 +++++++++++++------ 2 files changed, 13 insertions(+), 10 deletions(-) (limited to 'man/man8/monkeysphere-server.8') diff --git a/man/man8/monkeysphere-server.8 b/man/man8/monkeysphere-server.8 index 416cc87..5985f24 100644 --- a/man/man8/monkeysphere-server.8 +++ b/man/man8/monkeysphere-server.8 @@ -71,10 +71,6 @@ in place of `revoke-hostname'. Output gpg information about host's OpenPGP key. `s' may be used in place of `show-key'. .TP -.B fingerprint -Output just the fingerprint for the host's OpenPGP key. `f' may be -used in place of `fingerprint'. -.TP .B publish-key Publish the host's OpenPGP key to the keyserver. `p' may be used in place of `publish-key'. diff --git a/src/monkeysphere-server b/src/monkeysphere-server index 91e2121..99e5f80 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -48,7 +48,6 @@ subcommands: add-hostname (n+) NAME[:PORT] add hostname user ID to server key revoke-hostname (n-) NAME[:PORT] revoke hostname user ID show-key (s) output all server host key information - fingerprint (f) output just the key fingerprint publish-key (p) publish server host key to keyserver diagnostics (d) report on server monkeysphere status @@ -113,8 +112,20 @@ fingerprint_server_key() { # output key information show_server_key() { local fingerprint + local tmpkey + fingerprint=$(fingerprint_server_key) - gpg_host --fingerprint --list-secret-key "$fingerprint" + gpg_authentication "--fingerprint --list-key $fingerprint" + + # dumping to a file named ' ' so that the ssh-keygen output + # doesn't claim any potentially bogus hostname(s): + tmpkey=$(mktemp -d) + gpg_authentication "--export $fingerprint" | openpgp2ssh "$fingerprint" 2>/dev/null > "$tmpkey/ " + echo -n "ssh fingerprint: " + (cd "$tmpkey" && ssh-keygen -l -f ' ') + rm -rf "$tmpkey" + echo -n "OpenPGP fingerprint: " + echo "$fingerprint" } # update authorized_keys for users @@ -899,10 +910,6 @@ case $COMMAND in show_server_key ;; - 'show-fingerprint'|'fingerprint'|'f') - fingerprint_server_key - ;; - 'publish-key'|'publish'|'p') publish_server_key ;; -- cgit v1.2.3