summaryrefslogtreecommitdiff
path: root/website/bugs/setup-test-server-for-public.mdwn
blob: 65fa893ab49886ef0fa62d2656b89afcfe8a8f96 (plain)

[[meta title="Setup test public server/gpg key"]]

It would be really useful for people trying out the monkeysphere to be able to test it with a participating server as soon as they've finished setting things up. Minimally - just testing the acceptance of the server's identity would be great.


I guess we don't really want to use george for this purpose? Does someone have a spare virtual machine that we could use for this purpose? The test machine wouldn't actually have to do any user authentication, I guess.

-- Big Jimmy.


Maybe we should use George? As you point out - it doesn't actually have to do any user authentication. It seems like a waste to have a virtual machine that does nothing but deny people's ssh connections. And - george is already setup and ready to go. -- Sir Jam Jam


I like the idea of using George for this. There's nothing wrong with denying people's ssh connections. Also, we could make public user account with limited shells that we could add User IDs that we want to encourage to try out the monkeysphere from that perspective. For example, if one of the George admins who is listed as an identity-certifier has already certified Foo T. Bar's key, we could write a simple note like:

Dear Foo T. Bar--

The user account "foo@george.riseup.net" has been created for
you.  You can ssh into it by adding an authentication subkey
to your OpenPGP key and publishing it to the public keyservers
(or to george.riseup.net).  The easiest way to do this is with
the monkeysphere.

You can verify george's ssh host key with the monkeysphere
before you connect to the host.  Here's how...

--dkg


So do we agree that george is doing what we want, and we can therefore close this bug?

-- BJ (jgr)


I'm fine with closing this bug, unless we want to set up the limited shell access/welcome letter like i described above. If we want to do that, it'd be worth keeping it open until those scripts are written.

I envision a script you'd invoke like:

root@george# addmsuser foo 'Foo T. Bar <foo@example.org>'

Which would create the foo account, populate ~foo/.monkeysphere/authorized_user_ids, make a note in a log someplace, and send a welcome letter.

--dkg


That idea really seems like a lot more trouble than it's worth to me, and I'm not really willing to maintain it myself, but if someone else wants to handle that, that would be fine with me.

-- jgr


i'm not really willing to maintain anything extra either, so i'm closing this ticket as [[bugs/done]].

--dkg