X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Fmonkeysphere;h=341b9fdbd4fefa8366a5d38205e99559d19e84d0;hb=b5913c4e5fe08f332317221ad05e60ec4d51b39d;hp=0d8f4ff8011adb8882ee6f6a4b6b47212b02723d;hpb=dbb8acd9a45eb2b9f3f412b98d6a777d39b368ac;p=monkeysphere.git diff --git a/src/monkeysphere b/src/monkeysphere index 0d8f4ff..341b9fd 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -18,7 +18,8 @@ PGRM=$(basename $0) SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"} export SYSSHAREDIR -. "${SYSSHAREDIR}/common" || exit 1 +. "${SYSSHAREDIR}/defaultenv" +. "${SYSSHAREDIR}/common" # sharedir for host functions MSHAREDIR="${SYSSHAREDIR}/m" @@ -46,8 +47,10 @@ subcommands: update-authorized_keys (a) update authorized_keys file gen-subkey (g) [KEYID] generate an authentication subkey --length (-l) BITS key length in bits (2048) - ssh-proxycommand monkeysphere ssh ProxyCommand + ssh-proxycommand HOST [PORT] monkeysphere ssh ProxyCommand + --no-connect do not make TCP connection to host subkey-to-ssh-agent (s) store authentication subkey in ssh-agent + sshfpr (f) KEYID output ssh fingerprint of gpg key version (v) show version number help (h,?) this help @@ -59,6 +62,23 @@ gpg_user() { gpg --no-greeting --quiet --no-tty "$@" } +# output the ssh fingerprint of a gpg key +gpg_ssh_fingerprint() { + keyid="$1" + local tmpfile=$(mktemp) + + # trap to remove tmp file if break + trap "rm -f $tmpfile" EXIT + + # use temporary file, since ssh-keygen won't accept keys on stdin + gpg_user --export "$keyid" | openpgp2ssh "$keyid" >"$tmpfile" + ssh-keygen -l -f "$tmpfile" | awk '{ print $1, $2, $4 }' + + # remove the tmp file + trap - EXIT + rm -rf "$tmpfile" +} + # take a secret key ID and check that only zero or one ID is provided, # and that it corresponds to only a single secret key ID check_gpg_sec_key_id() { @@ -69,7 +89,7 @@ check_gpg_sec_key_id() { gpgSecOut=$(gpg_user --fixed-list-mode --list-secret-keys --with-colons 2>/dev/null | egrep '^sec:') ;; 1) - gpgSecOut=$(gpg_user --fixed-list-mode --list-secret-keys --with-colons "$keyID" | egrep '^sec:') || failure + gpgSecOut=$(gpg_user --fixed-list-mode --list-secret-keys --with-colons "$1" | egrep '^sec:') || failure ;; *) failure "You must specify only a single primary key ID." @@ -86,12 +106,10 @@ check_gpg_sec_key_id() { echo "$gpgSecOut" | cut -d: -f5 ;; *) - echo "Multiple primary secret keys found:" - for key in $(echo "$gpgSecOut" | cut -d: -f5) ; do - echo " $key" - done - echo "Please specify which primary key to use." - failure + local seckeys=$(echo "$gpgSecOut" | cut -d: -f5) + failure "Multiple primary secret keys found: +$seckeys +Please specify which primary key to use." ;; esac } @@ -124,9 +142,10 @@ check_gpg_authentication_subkey() { fi # if authentication key is valid, prompt to continue if [ "$validity" = 'u' ] ; then - echo "A valid authentication key already exists for primary key '$keyID'." + echo "A valid authentication key already exists for primary key '$keyID'." 1>&2 if [ "$PROMPT" = "true" ] ; then - read -p "Are you sure you would like to generate another one? (y/N) " OK; OK=${OK:N} + printf "Are you sure you would like to generate another one? (y/N) " >&2 + read OK; OK=${OK:N} if [ "${OK/y/Y}" != 'Y' ] ; then failure "aborting." fi @@ -183,6 +202,9 @@ AUTHORIZED_KEYS=${MONKEYSPHERE_AUTHORIZED_KEYS:=$AUTHORIZED_KEYS} AUTHORIZED_USER_IDS=${MONKEYSPHERE_AUTHORIZED_USER_IDS:="${MONKEYSPHERE_HOME}/authorized_user_ids"} REQUIRED_HOST_KEY_CAPABILITY=${MONKEYSPHERE_REQUIRED_HOST_KEY_CAPABILITY:="a"} REQUIRED_USER_KEY_CAPABILITY=${MONKEYSPHERE_REQUIRED_USER_KEY_CAPABILITY:="a"} +# note that only using '=' instead of ':=' tests only if the variable +# in unset, not if it's "null" +LOG_PREFIX=${MONKEYSPHERE_LOG_PREFIX='ms: '} # export GNUPGHOME and make sure gpg home exists with proper # permissions @@ -240,8 +262,12 @@ case $COMMAND in subkey_to_ssh_agent "$@" ;; + 'sshfpr'|'f') + gpg_ssh_fingerprint "$@" + ;; + 'version'|'v') - echo "$VERSION" + version ;; '--help'|'help'|'-h'|'h'|'?')