add comment to bug about notification of modifications to known_hosts

[monkeysphere.git] / src / monkeysphere-server

diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index 0b63e5cefb476f637642ba46ee4bec58bb6c8600..34b06b73e99bf84212029831db8e69f3867a7132 100755 (executable)
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -134,10 +134,10 @@ show_server_key() {
 
     # dumping to a file named ' ' so that the ssh-keygen output
     # doesn't claim any potentially bogus hostname(s):
-    tmpkey=$(mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX)
-    gpg_authentication "--export $fingerprint" | openpgp2ssh "$fingerprint" 2>/dev/null > "$tmpkey/ "
+    tmpkey=$(mktemp ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!"
+    gpg_authentication "--export $fingerprint" | openpgp2ssh "$fingerprint" 2>/dev/null > "$tmpkey"
     echo -n "ssh fingerprint: "
-    (cd "$tmpkey" && ssh-keygen -l -f ' ' | awk '{ print $2 }')
+    ssh-keygen -l -f "$tmpkey" | awk '{ print $1, $2, $4 }'
     rm -rf "$tmpkey"
     echo -n "OpenPGP fingerprint: "
     echo "$fingerprint"
@@ -180,7 +180,7 @@ update_users() {
        log verbose "----- user: $uname -----"
 
         # make temporary directory
-        TMPLOC=$(mktemp -d ${MSTMPDIR}/tmp.XXXXXXXXXX)
+        TMPLOC=$(mktemp -d ${MSTMPDIR}/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!"
 
        # trap to delete temporary directory on exit
        trap "rm -rf $TMPLOC" EXIT
@@ -230,7 +230,7 @@ update_users() {
        # add user-controlled authorized_keys file if specified
        # translate ssh-style path variables
        rawAuthorizedKeys=$(translate_ssh_variables "$uname" "$RAW_AUTHORIZED_KEYS")
-       if [ "$rawAuthorizedKeys" ] ; then
+       if [ "$rawAuthorizedKeys" != 'none' ] ; then
            log debug "checking for raw authorized_keys..."
            if [ -s "$rawAuthorizedKeys" ] ; then
                # check permissions on the authorized_keys file path
@@ -399,7 +399,11 @@ EOF
     (umask 077 && \
        gpg_host --export-secret-key "$fingerprint" | \
        openpgp2ssh "$fingerprint" > "${SYSDATADIR}/ssh_host_rsa_key")
-    log info "private SSH host key output to file: ${SYSDATADIR}/ssh_host_rsa_key"
+    log info "SSH host private key output to file: ${SYSDATADIR}/ssh_host_rsa_key"
+    ssh-keygen -y -f "${SYSDATADIR}/ssh_host_rsa_key" > "${SYSDATADIR}/ssh_host_rsa_key.pub"
+    log info "SSH host public key output to file: ${SYSDATADIR}/ssh_host_rsa_key.pub"
+    gpg_authentication "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg"
+    log info "SSH host public key in OpenPGP form: ${SYSDATADIR}/ssh_host_rsa_key.pub.gpg"
 }
 
 # extend the lifetime of a host key: