SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere/host"}
export SYSDATADIR
-# monkeysphere temp directory, in sysdatadir to enable atomic moves of
-# authorized_keys files
-MSTMPDIR="${SYSDATADIR}/tmp"
-export MSTMPDIR
-
# UTC date in ISO 8601 format if needed
DATE=$(date -u '+%FT%T')
publish-key (p) publish server host key to keyserver
expert
- import-key (i) import existing ssh key to gpg
- --hostname (-h) NAME[:PORT] hostname for key user ID
+ import-key (i) [NAME[:PORT]] import existing ssh key to gpg
--keyfile (-f) FILE key file to import
--expire (-e) EXPIRE date to expire
- gen-key (g) generate gpg key for the host
- --hostname (-h) NAME[:PORT] hostname for key user ID
+ gen-key (g) [NAME[:PORT]] generate gpg key for the host
--length (-l) BITS key length in bits (2048)
--expire (-e) EXPIRE date to expire
- --revoker (-r) FINGERPRINT add a revoker
diagnostics (d) monkeysphere host status
version (v) show version number
return "$returnCode"
}
-# check if user is root
-is_root() {
- [ $(id -u 2>/dev/null) = '0' ]
-}
-
-# check that user is root, for functions that require root access
-check_user() {
- is_root || failure "You must be root to run this command."
-}
-
# output just key fingerprint
fingerprint_server_key() {
# set the pipefail option so functions fails if can't read sec key
;;
'extend-key'|'e')
- check_user
check_host_keyring
extend_key "$@"
;;
'add-hostname'|'add-name'|'n+')
- check_user
check_host_keyring
add_hostname "$@"
;;
'revoke-hostname'|'revoke-name'|'n-')
- check_user
check_host_keyring
revoke_hostname "$@"
;;
'add-revoker'|'o')
- check_user
check_host_keyring
add_revoker "$@"
;;
'revoke-key'|'r')
- check_user
check_host_keyring
revoke_key "$@"
;;
'publish-key'|'publish'|'p')
- check_user
check_host_keyring
publish_server_key
;;