From 21f5859c43fb539b6b4a852bc1d92aa3fbab26a2 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Thu, 7 Aug 2008 12:27:53 -0700 Subject: Better key parsing for monkeyspher gen-subkey. Allow seckey2sshagent to output to file. --- src/monkeysphere-server | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/monkeysphere-server') diff --git a/src/monkeysphere-server b/src/monkeysphere-server index a0b7067..7fac3ee 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -32,7 +32,7 @@ RETURN=0 ######################################################################## usage() { -cat < [options] [args] MonkeySphere server admin tool. @@ -475,7 +475,7 @@ diagnostics() { if badhostkeys=$(grep '^HostKey' | grep -q -v "^HostKey ${VARLIB}/ssh_host_rsa_key$") ; then echo "! /etc/sshd_config refers to some non-monkeysphere host keys:" echo "$badhostkeys" - echo "- Recommendation: remove the above HostKey lines from /etc/ssh/sshd_config" + echo " - Recommendation: remove the above HostKey lines from /etc/ssh/sshd_config" fi fi fi -- cgit v1.2.3 From 0565fa2f4dd1e6b563d00771bf71142c4004aa9d Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Mon, 11 Aug 2008 18:10:46 -0400 Subject: added monkeysphere-server diagnostics to check for (and advise) AuthorizedKeysFile changes for monkeysphere-enabled authorized_keys --- src/monkeysphere-server | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) (limited to 'src/monkeysphere-server') diff --git a/src/monkeysphere-server b/src/monkeysphere-server index 7fac3ee..9e025f9 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -468,11 +468,11 @@ diagnostics() { fi # propose changes needed for sshd_config (if any) - if ! grep -q "^HostKey ${VARLIB}/ssh_host_rsa_key$" /etc/ssh/sshd_config; then + if ! grep -q "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$" /etc/ssh/sshd_config; then echo "! /etc/ssh/sshd_config does not point to the monkeysphere host key (${VARLIB}/ssh_host_rsa_key)." echo " - Recommendation: add a line to /etc/ssh/sshd_config: 'HostKey ${VARLIB}/ssh_host_rsa_key'" fi - if badhostkeys=$(grep '^HostKey' | grep -q -v "^HostKey ${VARLIB}/ssh_host_rsa_key$") ; then + if badhostkeys=$(grep -i '^HostKey' | grep -q -v "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$") ; then echo "! /etc/sshd_config refers to some non-monkeysphere host keys:" echo "$badhostkeys" echo " - Recommendation: remove the above HostKey lines from /etc/ssh/sshd_config" @@ -489,6 +489,19 @@ diagnostics() { # FIXME: make sure that at least one identity certifier exists + echo "Checking for MonkeySphere-enabled public-key authentication for users ..." + # Ensure that User ID authentication is enabled: + if ! grep -q "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$" /etc/ssh/sshd_config; then + echo "! /etc/ssh/sshd_config does not point to monkeysphere authorized keys." + echo " - Recommendation: add a line to /etc/ssh/sshd_config: 'AuthorizedKeysFile ${VARLIB}/authorized_keys/%u'" + fi + if badauthorizedkeys=$(grep -i '^AuthorizedKeysFile' | grep -q -v "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$") ; then + echo "! /etc/sshd_config refers to non-monkeysphere authorized_keys files:" + echo "$badauthorizedkeys" + echo " - Recommendation: remove the above AuthorizedKeysFile lines from /etc/ssh/sshd_config" + fi + + } # retrieve key from web of trust, import it into the host keyring, and -- cgit v1.2.3