usage() {
cat <<EOF
usage: $PGRM <subcommand> [args]
-Monkeysphere client tool.
+MonkeySphere client tool.
subcommands:
update-known_hosts (k) [HOST]... update known_hosts file
- update-userids (u) [USERID]... add/update userid
+ update-userids (u) [USERID]... add/update user IDs
+ remove-userids (r) [USERID]... remove user IDs
update-authorized_keys (a) update authorized_keys file
gen-ae-subkey (g) KEYID generate an 'ae' capable subkey
help (h,?) this help
AUTHORIZED_USER_IDS=${AUTHORIZED_USER_IDS:-"${MS_HOME}/authorized_user_ids"}
GNUPGHOME=${GNUPGHOME:-"${HOME}/.gnupg"}
KEYSERVER=${KEYSERVER:-"subkeys.pgp.net"}
-REQUIRED_KEY_CAPABILITY=${REQUIRED_KEY_CAPABILITY:-"e a"}
+REQUIRED_HOST_KEY_CAPABILITY=${REQUIRED_HOST_KEY_CAPABILITY:-"e a"}
+REQUIRED_USER_KEY_CAPABILITY=${REQUIRED_USER_KEY_CAPABILITY:-"a"}
USER_CONTROLLED_AUTHORIZED_KEYS=${USER_CONTROLLED_AUTHORIZED_KEYS:-"%h/.ssh/authorized_keys"}
USER_KNOWN_HOSTS=${USER_KNOWN_HOSTS:-"${HOME}/.ssh/known_hosts"}
HASH_KNOWN_HOSTS=${HASH_KNOWN_HOSTS:-"true"}
mkdir -p -m 0700 "$MS_HOME"
mkdir -p "$hostKeysCacheDir"
mkdir -p "$userKeysCacheDir"
+touch "$AUTHORIZED_USER_IDS"
case $COMMAND in
'update-known_hosts'|'update-known-hosts'|'k')
fi
;;
+ 'update-userids'|'update-userid'|'u')
+ if [ -z "$1" ] ; then
+ failure "you must specify at least one userid."
+ fi
+ for userID ; do
+ update_userid "$userID" "$userKeysCacheDir"
+ done
+ log "run the following to update your monkeysphere authorized_keys file:"
+ log "$PGRM update-authorized_keys"
+ ;;
+
+ 'remove-userids'|'remove-userid'|'r')
+ if [ -z "$1" ] ; then
+ failure "you must specify at least one userid."
+ fi
+ for userID ; do
+ remove_userid "$userID"
+ done
+ log "run the following to update your monkeysphere authorized_keys file:"
+ log "$PGRM update-authorized_keys"
+ ;;
+
'update-authorized_keys'|'update-authorized-keys'|'a')
MODE='authorized_keys'
- # make sure authorized_user_ids file exists
+ # fail if the authorized_user_ids file is empty
if [ ! -s "$AUTHORIZED_USER_IDS" ] ; then
- failure "authorized_user_ids file is empty or does not exist."
+ failure "$AUTHORIZED_USER_IDS is empty."
fi
# set user-controlled authorized_keys file path
update_authorized_keys "$msAuthorizedKeys" "$userAuthorizedKeys" "$userKeysCacheDir"
;;
- 'update-userids'|'u')
- if [ -z "$1" ] ; then
- failure "you must specify at least one userid."
- fi
- for userID ; do
- update_userid "$userID" "$userKeysCacheDir"
- done
- ;;
-
'gen-ae-subkey'|'g')
keyID="$1"
if [ -z "$keyID" ] ; then
*)
failure "Unknown command: '$COMMAND'
-Type 'cereal-admin help' for usage."
+Type '$PGRM help' for usage."
;;
esac