# unset some environment variables that could screw things up
unset GREP_OPTIONS
-# default return code
-RETURN=0
-
########################################################################
# FUNCTIONS
########################################################################
Monkeysphere host admin tool.
subcommands:
- import-key (i) [NAME[:PORT]] import existing ssh key to gpg
+ import-key (i) FILE NAME[:PORT] import existing ssh key to gpg
show-key (s) output all host key information
- set-expire (e) EXPIRE set host key expiration
+ publish-key (p) publish host key to keyserver
+ set-expire (e) [EXPIRE] set host key expiration
add-hostname (n+) NAME[:PORT] add hostname user ID to host key
revoke-hostname (n-) NAME[:PORT] revoke hostname user ID
- add-revoker (o) FINGERPRINT add a revoker to the host key
- revoke-key (r) revoke host key
- publish-key (p) publish host key to keyserver
+ add-revoker (r+) [KEYID|FILE] add a revoker to the host key
+ revoke-key generate and/or publish revocation
+ certificate for host key
version (v) show version number
help (h,?) this help
# show info about the host key
show_key() {
local GNUPGHOME
+ local TMPSSH
+ local revokers
# tmp gpghome dir
export GNUPGHOME=$(msmktempdir)
| grep -v "^${GNUPGHOME}/pubring.gpg$" \
| egrep -v '^-+$'
+ # list revokers, if there are any
+ revokers=$(gpg --list-keys --with-colons --fixed-list-mode \
+ | awk -F: '/^rvk:/{ print $10 }' )
+ if [ "$revokers" ] ; then
+ echo "The following keys are allowed to revoke this host key:"
+ for key in $revokers ; do
+ echo "revoker: $key"
+ done
+ echo
+ fi
+
# list the pgp fingerprint
echo "OpenPGP fingerprint: $HOST_FINGERPRINT"
shift
case $COMMAND in
+ 'import-key'|'i')
+ check_host_key
+ source "${MHSHAREDIR}/import_key"
+ import_key "$@"
+ ;;
+
'show-key'|'show'|'s')
check_host_no_key
show_key
revoke_hostname "$@"
;;
- 'add-revoker'|'o')
+ 'add-revoker'|'r+')
check_host_no_key
load_fingerprint
source "${MHSHAREDIR}/add_revoker"
add_revoker "$@"
;;
- 'revoke-key'|'r')
+ 'revoke-key')
check_host_no_key
load_fingerprint
source "${MHSHAREDIR}/revoke_key"
publish_key
;;
- 'import-key'|'i')
- check_host_key
- source "${MHSHAREDIR}/import_key"
- import_key "$@"
- ;;
-
'diagnostics'|'d')
load_fingerprint
source "${MHSHAREDIR}/diagnostics"
;;
'version'|'v')
- echo "$VERSION"
+ version
;;
'--help'|'help'|'-h'|'h'|'?')
Type '$PGRM help' for usage."
;;
esac
-
-exit "$RETURN"