- THE MONKEYSPHERE
- ================
- Monkeysphere is authentication layer that allows the sysadmin to
- perform authorization on OpenPGP user identities instead of on keys.
- It also allows end users to authenticate/identify the ssh server they
- are connecting to by checking the sysadmin's certification.
- * GENERAL GOAL - use openpgp web-of-trust to authenticate ppl for SSH
- * SPECIFIC GOAL - allow openssh to tie into pgp web-of-trust without
- modifying the openpgp spec, gpg or openssh
- * DESIGN GOALS - authentication, use the existing generic OpenSSH
- client, the admin can make it default, although end-user should be
- decide to use monkeysphere or not
- * DESIGN GOAL - use of monkeysphere should not radically change
- connecting-to-server experience
- Host identity piece of monkeysphere could be used without buying into
- the user authentication component.
- USE CASE
- ========
- Dramatis Personae: http://en.wikipedia.org/wiki/Alice_and_Bob
- Backstory: http://www.conceptlabs.co.uk/alicebob.html
- Bob wants to sign on to the computer "mangabey.example.org" via
- monkeysphere framework. He doesn't yet have access to the machine,
- but he knows Alice, who is the admin of mangabey. Alice and Bob,
- being the conscientious netizens that they are, have already published
- their personal gpg keys to the web of trust, and being good friends,
- have both signed each other's keys and marked each others keys with
- "full" ownertrust.
- When Alice set up mangabey initially, she published an OpenPGP key for
- the machine with the special userid of "ssh://mangabey.example.org".
- She also signed mangabey's OpenPGP key and published this
- certification to commonly-used keyservers. Alice also configured
- mangabey to treat her own key with full ownertrust, so that it knows
- how to identify connecting users.
- Now, Alice creates a user account "bob" on mangabey, and puts Bob's
- userid ("Bob <bob@example.org>") in the authorized_user_ids file for
- user bob on mangabey. The monkeysphere automatically (via cron or
- inotify hook) takes each userid in bob's authorized_user_ids file, and
- looks on a keyserver to find all public keys associated with that user
- ID, with the goal of populating the authorized_keys file for
- bob@mangabey.
- In particular: for each key found, the server evaluates the calculated
- validity of the specified user ID based on the ownertrust rules it has
- configured ("trust alice's certifications fully", in this example).
- For each key for which the user ID in question is fully-valid, it
- extracts all DSA- or RSA-based primary or secondary keys marked with
- the authentication usage flag, and converts these OpenPGP public keys
- into ssh public keys. These keys are automatically placed into the
- authorized_keys file for bob.
- Bob now attempts to connect, by firing up a terminal and invoking:
- "ssh bob@mangabey.example.org". Bob's monkeysphere-enabled ssh client
- notices that mangabey.example.org isn't already available in bob's
- known_hosts file, and fetches the host key for mangabey from the
- public keyservers, with the goal of populating Bob's local known_hosts
- file.
- In particular: the monkeysphere queries its configured keyservers to
- find all public keys with User ID ssh://mangabey.example.org. For
- each public key found, it checks the relevant User ID's validity,
- converts any authentication-capable OpenPGP public keys into ssh
- public keys if the User ID validity is acceptable, and finally insert
- those keys into Bob's known_hosts file.
- On Bob's side, since mangabey's key had "full" validity (it was signed
- by Alice, whom he fully trusts), Bob's ssh client deems mangabey
- "known" and no further host key checking is required.
- On mangabey's side, since Bob's key has "full" validity (it had been
- signed by Alice, mangabey's trusted administrator), Bob is
- authenticated and therefore authorized to log into his account.
|
