any hostname guessing. this is so that we don't have to worry about
prompting the user when guessing the hostname. also updated
documentation.
\fBmonkeysphere-host\fP takes various subcommands:
.TP
\fBmonkeysphere-host\fP takes various subcommands:
.TP
-.B import-key FILE [NAME[:PORT]]
+.B import-key FILE NAME[:PORT]
Import a pem-encoded ssh secret host key from file FILE. If FILE
is '-', then the key will be imported from stdin. NAME[:PORT] is used
Import a pem-encoded ssh secret host key from file FILE. If FILE
is '-', then the key will be imported from stdin. NAME[:PORT] is used
-to specify the hostname (and port) used in the user ID of the new
-OpenPGP key. If NAME is not specified, then the system
-fully-qualified domain name will be used (ie. `hostname -f'). If PORT
-is not specified, the no port is added to the user ID, which means
-port 22 is assumed. `i' may be used in place of `import-key'.
+to specify the fully-qualified hostname (and port) used in the user ID
+of the new OpenPGP key. If PORT is not specified, the no port is
+added to the user ID, which means port 22 is assumed. `i' may be used
+in place of `import-key'.
.TP
.B show-key
Output information about host's OpenPGP and SSH keys. `s' may be used
.TP
.B show-key
Output information about host's OpenPGP and SSH keys. `s' may be used
Monkeysphere host admin tool.
subcommands:
Monkeysphere host admin tool.
subcommands:
- import-key (i) FILE [NAME[:PORT]] import existing ssh key to gpg
+ import-key (i) FILE NAME[:PORT] import existing ssh key to gpg
show-key (s) output all host key information
publish-key (p) publish host key to keyserver
set-expire (e) [EXPIRE] set host key expiration
show-key (s) output all host key information
publish-key (p) publish host key to keyserver
set-expire (e) [EXPIRE] set host key expiration
failure "Must specify ssh key file to import, or specify '-' for stdin."
fi
failure "Must specify ssh key file to import, or specify '-' for stdin."
fi
-# use the default hostname if not specified
+# fail if hostname not specified
if [ -z "$hostName" ] ; then
if [ -z "$hostName" ] ; then
- hostName=$(hostname -f) || failure "Could not determine hostname."
- # test that the domain is not obviously illegitimate
- domain=${foo##*.}
- case $domain in
- 'local'|'localdomain')
- failure "Host domain '$domain' is not legitimate. Aborting key import."
- ;;
- esac
- # test that there are at least two parts
- if (( $(echo "$hostName" | tr . ' ' | wc -w) < 2 )) ; then
- failure "Host name '$hostName' is not legitimate. Aborting key import."
- fi
+ failure "You must specify a fully-qualified domain name for use in the host certificate user ID."
fi
userID="ssh://${hostName}"
fi
userID="ssh://${hostName}"
-if [ "$PROMPT" = "true" ] ; then
- cat <<EOF
-The ssh key will be imported and an OpenPGP certificate for this host
-will be generated with the following user ID:
- $userID
-EOF
- read -p "Are you sure you would like to create certificate? [Y/n] " OK; OK=${OK:-Y}
- if [ "${OK/y/Y}" != 'Y' ] ; then
- failure "ssh key not imported."
- fi
-else
- log debug "importing key without prompting."
-fi
-
-
# create host home
mkdir -p "${MHDATADIR}"
mkdir -p "${GNUPGHOME_HOST}"
# create host home
mkdir -p "${MHDATADIR}"
mkdir -p "${GNUPGHOME_HOST}"
you have the ssh server installed, and that you have generated a host
RSA key. Once that has been done, import the key:
you have the ssh server installed, and that you have generated a host
RSA key. Once that has been done, import the key:
- # monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key
+ # monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key server.example.net
This will generate an OpenPGP certificate for server. The primary
user ID for this certificate will be the ssh service URI for the host,
This will generate an OpenPGP certificate for server. The primary
user ID for this certificate will be the ssh service URI for the host,
-which by default is based on the output of `hostname -f`
-(eg. `ssh://server.example.net`). If the name determined from
-`hostname -f` is not the name you want to have in the service URI,
-then you can enter one manually:
-
- # monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key host.example.net
-
-Remember that the name you provide here must be a fully qualified
-domain name for the host in order for the monkeysphere to work.
+(eg. `ssh://server.example.net`). Remember that the name you provide
+here must be a fully qualified domain name for the host in order for
+the monkeysphere to work.
Now you can display information about the host key's certificate with
the 'show-key' command:
Now you can display information about the host key's certificate with
the 'show-key' command: