X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Fmonkeysphere-server;h=2b9b7443c1c4fc44ff4a020fb39ab54dc8b81f64;hb=b0ea15c8e359a908583e08da0663d69e353c77dc;hp=6ffd41ffb78b3b3c8d36bed25434c42060235769;hpb=617f03c948b66774e6765206bed2c56d30157187;p=monkeysphere.git diff --git a/src/monkeysphere-server b/src/monkeysphere-server index 6ffd41f..2b9b744 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -413,9 +413,9 @@ revoke_hostname() { fi fpr=$(fingerprint_server_key) - tmpuidMatch="u:$(escape "$1")" + tmpuidMatch="u:$(escape "ssh://$1")" - if linenum=$(gpg_host --list-keys --with-colons --fixed-list-mode "$fpr" | egrep '^(uid|uat):' | cut -f2,10 -d: | grep -n -x -F 'r:Foo T. Bar (DO NOT USE!) ') ; then + if linenum=$(gpg_host --list-keys --with-colons --fixed-list-mode "0x$fpr"\! | egrep '^(uid|uat):' | cut -f2,10 -d: | grep -n -x -F "$tmpuidMatch") ; then uidNum=${linenum%%:*} else failure "no non-revoked hostname '$1' is listed." @@ -436,7 +436,7 @@ save EOF ) - echo "$revuidCommand" | gpg_host --quiet --command-fd 0 --edit-key "0x$fingerprint"\! + echo "$revuidCommand" | gpg_host --quiet --command-fd 0 --edit-key "0x$fpr"\! echo "NOTE: host userID revokation has not been published." echo "Use '$PGRM publish-key' to publish these changes." @@ -468,7 +468,10 @@ diagnostics() { local uid local fingerprint local badhostkeys + local sshd_config + # FIXME: what's the correct, cross-platform answer? + sshd_config=/etc/ssh/sshd_config seckey=$(fingerprint_server_key) keysfound=$(echo "$seckey" | grep -c ^sec:) curdate=$(date +%s) @@ -545,14 +548,14 @@ diagnostics() { fi # propose changes needed for sshd_config (if any) - if ! grep -q "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$" /etc/ssh/sshd_config; then - echo "! /etc/ssh/sshd_config does not point to the monkeysphere host key (${VARLIB}/ssh_host_rsa_key)." - echo " - Recommendation: add a line to /etc/ssh/sshd_config: 'HostKey ${VARLIB}/ssh_host_rsa_key'" + if ! grep -q "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$" "$sshd_config"; then + echo "! $sshd_config does not point to the monkeysphere host key (${VARLIB}/ssh_host_rsa_key)." + echo " - Recommendation: add a line to $sshd_config: 'HostKey ${VARLIB}/ssh_host_rsa_key'" fi - if badhostkeys=$(grep -i '^HostKey' | grep -q -v "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$") ; then + if badhostkeys=$(grep -i '^HostKey' "$sshd_config" | grep -q -v "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$") ; then echo "! /etc/sshd_config refers to some non-monkeysphere host keys:" echo "$badhostkeys" - echo " - Recommendation: remove the above HostKey lines from /etc/ssh/sshd_config" + echo " - Recommendation: remove the above HostKey lines from $sshd_config" fi fi fi @@ -568,14 +571,14 @@ diagnostics() { echo "Checking for MonkeySphere-enabled public-key authentication for users ..." # Ensure that User ID authentication is enabled: - if ! grep -q "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$" /etc/ssh/sshd_config; then - echo "! /etc/ssh/sshd_config does not point to monkeysphere authorized keys." - echo " - Recommendation: add a line to /etc/ssh/sshd_config: 'AuthorizedKeysFile ${VARLIB}/authorized_keys/%u'" + if ! grep -q "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$" "$sshd_config"; then + echo "! $sshd_config does not point to monkeysphere authorized keys." + echo " - Recommendation: add a line to $sshd_config: 'AuthorizedKeysFile ${VARLIB}/authorized_keys/%u'" fi - if badauthorizedkeys=$(grep -i '^AuthorizedKeysFile' | grep -q -v "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$") ; then + if badauthorizedkeys=$(grep -i '^AuthorizedKeysFile' "$sshd_config" | grep -q -v "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$") ; then echo "! /etc/sshd_config refers to non-monkeysphere authorized_keys files:" echo "$badauthorizedkeys" - echo " - Recommendation: remove the above AuthorizedKeysFile lines from /etc/ssh/sshd_config" + echo " - Recommendation: remove the above AuthorizedKeysFile lines from $sshd_config" fi }