X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Fmonkeysphere-server;h=3ca0656e4ad5168b48a6282c4174a25f301168ce;hb=4d54f1d8b9a3d9ee4e6bd0b0d9fdccb99e6a6245;hp=1e5f2096677cb8dfa9522babeeec5877817b28e0;hpb=0e27af63f34c5bb75cef059fc9d76887251c1517;p=monkeysphere.git

diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index 1e5f209..3ca0656 100755
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -32,7 +32,7 @@ RETURN=0
 ########################################################################
 
 usage() {
-cat <<EOF
+    cat <<EOF
 usage: $PGRM <subcommand> [options] [args]
 MonkeySphere server admin tool.
 
@@ -468,14 +468,14 @@ diagnostics() {
 	    fi
 
 	    # propose changes needed for sshd_config (if any)
-	    if ! grep -q "^HostKey ${VARLIB}/ssh_host_rsa_key$" /etc/ssh/sshd_config; then
+	    if ! grep -q "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$" /etc/ssh/sshd_config; then
 		echo "! /etc/ssh/sshd_config does not point to the monkeysphere host key (${VARLIB}/ssh_host_rsa_key)."
 		echo " - Recommendation: add a line to /etc/ssh/sshd_config: 'HostKey ${VARLIB}/ssh_host_rsa_key'"
 	    fi
-	    if badhostkeys=$(grep '^HostKey' | grep -q -v "^HostKey ${VARLIB}/ssh_host_rsa_key$") ; then
+	    if badhostkeys=$(grep -i '^HostKey' | grep -q -v "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$") ; then
 		echo "! /etc/sshd_config refers to some non-monkeysphere host keys:"
 		echo "$badhostkeys"
-		echo "- Recommendation: remove the above HostKey lines from /etc/ssh/sshd_config"
+		echo " - Recommendation: remove the above HostKey lines from /etc/ssh/sshd_config"
 	    fi
 	fi
     fi
@@ -489,6 +489,19 @@ diagnostics() {
 
 # FIXME:  make sure that at least one identity certifier exists
 
+    echo "Checking for MonkeySphere-enabled public-key authentication for users ..."
+    # Ensure that User ID authentication is enabled:
+    if ! grep -q "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$" /etc/ssh/sshd_config; then
+	echo "! /etc/ssh/sshd_config does not point to monkeysphere authorized keys."
+	echo " - Recommendation: add a line to /etc/ssh/sshd_config: 'AuthorizedKeysFile ${VARLIB}/authorized_keys/%u'"
+    fi
+    if badauthorizedkeys=$(grep -i '^AuthorizedKeysFile' | grep -q -v "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$") ; then
+	echo "! /etc/sshd_config refers to non-monkeysphere authorized_keys files:"
+	echo "$badauthorizedkeys"
+	echo " - Recommendation: remove the above AuthorizedKeysFile lines from /etc/ssh/sshd_config"
+    fi
+
+
 }
 
 # retrieve key from web of trust, import it into the host keyring, and