MonkeySphere server admin tool.
subcommands:
- update-users (s) [USER]... update users authorized_keys files
gen-key (g) [HOSTNAME] generate gpg key for the server
+ show-fingerprint (f) show server's host key fingerprint
publish-key (p) publish server key to keyserver
trust-keys (t) KEYID... mark keyids as trusted
+
+ update-users (s) [USER]... update users authorized_keys files
update-user-userids (u) USER UID... add/update user IDs for a user
remove-user-userids (r) USER UID... remove user IDs for a user
help (h,?) this help
# set key defaults
KEY_TYPE=${KEY_TYPE:-"RSA"}
KEY_LENGTH=${KEY_LENGTH:-"2048"}
- KEY_USAGE=${KEY_USAGE:-"auth,encrypt"}
+ KEY_USAGE=${KEY_USAGE:-"auth"}
cat <<EOF
Please specify how long the key should be valid.
0 = key does not expire
)
# add the revoker field if requested
+# FIXME: the 1: below assumes that $REVOKER's key is an RSA key. why?
+# FIXME: why is this marked "sensitive"? how will this signature ever
+# be transmitted to the expected revoker?
if [ "$REVOKER" ] ; then
keyParameters="${keyParameters}"$(cat <<EOF
log -n "generating server key... "
echo "$keyParameters" | gpg --batch --gen-key
loge "done."
+ fingerprint_server_key
+}
+
+fingerprint_server_key() {
+ gpg --fingerprint --list-secret-keys =ssh://$(hostname --fqdn)
}
########################################################################
if [ "$USER_CONTROLLED_AUTHORIZED_KEYS" != '-' ] ; then
userHome=$(getent passwd "$uname" | cut -d: -f6)
userAuthorizedKeys=${USER_CONTROLLED_AUTHORIZED_KEYS/\%h/"$userHome"}
- log -n "adding user's authorized_keys file... "
- cat "$userAuthorizedKeys" >> "$AUTHORIZED_KEYS"
- loge "done."
+ if [ -f "$userAuthorizedKeys" ] ; then
+ log -n "adding user's authorized_keys file... "
+ cat "$userAuthorizedKeys" >> "$AUTHORIZED_KEYS"
+ loge "done."
+ fi
fi
# move the temp authorized_keys file into place
gen_key "$1"
;;
+ 'show-fingerprint'|'f')
+ fingerprint_server_key
+ ;;
+
'publish-key'|'p')
publish_server_key
;;