X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Fshare%2Fmh%2Fdiagnostics;h=37460203b9056e490089a357d300882d03fdf339;hb=adef51285ea488ecda7b0a77b142d99e022d9e10;hp=d774723d512b892001c4d42a5c49bdba65f2fb12;hpb=8e3de9de8bc67b3e9e2c490a7e3142fde7742044;p=monkeysphere.git

diff --git a/src/share/mh/diagnostics b/src/share/mh/diagnostics
index d774723..3746020 100644
--- a/src/share/mh/diagnostics
+++ b/src/share/mh/diagnostics
@@ -25,11 +25,10 @@ local expire
 local uid
 local fingerprint
 local badhostkeys
-local sshd_config
 local problemsfound=0
 
-# FIXME: what's the correct, cross-platform answer?
-sshd_config=/etc/ssh/sshd_config
+report_cruft
+
 seckey=$(gpg_host --list-secret-keys --fingerprint --with-colons --fixed-list-mode)
 keysfound=$(echo "$seckey" | grep -c ^sec:)
 curdate=$(date +%s)
@@ -50,7 +49,7 @@ fi
 echo "Checking host GPG key..."
 if (( "$keysfound" < 1 )); then
     echo "! No host key found."
-    echo " - Recommendation: run 'monkeysphere-host gen-key' or 'monkeysphere-host import-key'"
+    echo " - Recommendation: run 'monkeysphere-host import-key'"
     problemsfound=$(($problemsfound+1))
 elif (( "$keysfound" > 1 )); then
     echo "! More than one host key found?"
@@ -64,11 +63,11 @@ else
     if [ "$expire" ]; then
 	if (( "$expire"  < "$curdate" )); then
 	    echo "! Host key is expired."
-	    echo " - Recommendation: extend lifetime of key with 'monkeysphere-host extend-key'"
+	    echo " - Recommendation: extend lifetime of key with 'monkeysphere-host set-expire'"
 	    problemsfound=$(($problemsfound+1))
 	elif (( "$expire" < "$warndate" )); then
 	    echo "! Host key expires in less than $warnwindow:" $(advance_date $(( $expire - $curdate )) seconds +%F)
-	    echo " - Recommendation: extend lifetime of key with 'monkeysphere-host extend-key'"
+	    echo " - Recommendation: extend lifetime of key with 'monkeysphere-host set-expire'"
 	    problemsfound=$(($problemsfound+1))
 	fi
     fi
@@ -114,35 +113,9 @@ else
 # FIXME: propose adding a revoker to the host key if none exist (do we
 #   have a way to do that after key generation?)
 
-    # Ensure that the ssh_host_rsa_key file is present and non-empty:
-    echo
-    echo "Checking host SSH key..."
-    if [ ! -s "${SYSDATADIR}/ssh_host_rsa_key" ] ; then
-	echo "! The host key as prepared for SSH (${SYSDATADIR}/ssh_host_rsa_key) is missing or empty."
-	problemsfound=$(($problemsfound+1))
-    else
-	if [ $(ls -l "${SYSDATADIR}/ssh_host_rsa_key" | cut -f1 -d\ ) != '-rw-------' ] ; then
-	    echo "! Permissions seem wrong for ${SYSDATADIR}/ssh_host_rsa_key -- should be 0600."
-	    problemsfound=$(($problemsfound+1))
-	fi
+# FIXME: test (with ssh-keyscan?) that the running ssh
+# daemon is actually offering the monkeysphere host key.
 
-	# propose changes needed for sshd_config (if any)
-	if ! grep -q "^HostKey[[:space:]]\+${SYSDATADIR}/ssh_host_rsa_key$" "$sshd_config"; then
-	    echo "! $sshd_config does not point to the monkeysphere host key (${SYSDATADIR}/ssh_host_rsa_key)."
-	    echo " - Recommendation: add a line to $sshd_config: 'HostKey ${SYSDATADIR}/ssh_host_rsa_key'"
-	    problemsfound=$(($problemsfound+1))
-	fi
-	if badhostkeys=$(grep -i '^HostKey' "$sshd_config" | grep -v "^HostKey[[:space:]]\+${SYSDATADIR}/ssh_host_rsa_key$") ; then
-	    echo "! $sshd_config refers to some non-monkeysphere host keys:"
-	    echo "$badhostkeys"
-	    echo " - Recommendation: remove the above HostKey lines from $sshd_config"
-	    problemsfound=$(($problemsfound+1))
-	fi
-
-        # FIXME: test (with ssh-keyscan?) that the running ssh
-        # daemon is actually offering the monkeysphere host key.
-
-    fi
 fi
 
 # FIXME: look at the ownership/privileges of the various keyrings,