update-authorized_keys (a) update authorized_keys file
gen-subkey (g) [KEYID] generate an authentication subkey
--length (-l) BITS key length in bits (2048)
- ssh-proxycommand monkeysphere ssh ProxyCommand
+ ssh-proxycommand HOST [PORT] monkeysphere ssh ProxyCommand
+ --no-connect do not make TCP connection to host
subkey-to-ssh-agent (s) store authentication subkey in ssh-agent
+ sshfpr (f) KEYID output ssh fingerprint of gpg key
version (v) show version number
help (h,?) this help
gpg --no-greeting --quiet --no-tty "$@"
}
+# output the ssh fingerprint of a gpg key
+gpg_ssh_fingerprint() {
+ keyid="$1"
+ local tmpfile=$(mktemp)
+
+ # trap to remove tmp file if break
+ trap "rm -f $tmpfile" EXIT
+
+ # use temporary file, since ssh-keygen won't accept keys on stdin
+ gpg_user --export "$keyid" | openpgp2ssh "$keyid" >"$tmpfile"
+ ssh-keygen -l -f "$tmpfile" | awk '{ print $1, $2, $4 }'
+
+ # remove the tmp file
+ trap - EXIT
+ rm -rf "$tmpfile"
+}
+
# take a secret key ID and check that only zero or one ID is provided,
# and that it corresponds to only a single secret key ID
check_gpg_sec_key_id() {
AUTHORIZED_USER_IDS=${MONKEYSPHERE_AUTHORIZED_USER_IDS:="${MONKEYSPHERE_HOME}/authorized_user_ids"}
REQUIRED_HOST_KEY_CAPABILITY=${MONKEYSPHERE_REQUIRED_HOST_KEY_CAPABILITY:="a"}
REQUIRED_USER_KEY_CAPABILITY=${MONKEYSPHERE_REQUIRED_USER_KEY_CAPABILITY:="a"}
-LOG_PREFIX=${MONKEYSPHERE_LOG_PREFIX:='ms: '}
+# note that only using '=' instead of ':=' tests only if the variable
+# in unset, not if it's "null"
+LOG_PREFIX=${MONKEYSPHERE_LOG_PREFIX='ms: '}
# export GNUPGHOME and make sure gpg home exists with proper
# permissions
subkey_to_ssh_agent "$@"
;;
+ 'sshfpr'|'f')
+ gpg_ssh_fingerprint "$@"
+ ;;
+
'version'|'v')
version
;;
projects / monkeysphere.git / blobdiff