REMOVE GEN_KEY. The gen_key function is entirely removed. Decided

this was OK now that import_key works, and we can't really see a
reason to keep it around.  We can resurect it down the line if need
be.  Also, removed "expert" subcommand, after promting import_key,
since it may be need semi-regularly.  The other "expert" commands are
now just not listed in the usage.

diff --git a/man/man8/monkeysphere-authentication.8 b/man/man8/monkeysphere-authentication.8
index 2b0091ebb46743370ea07671030a887d3f2669dd..4187c701a6c5abeafa786f33104ffc8cf3db0b10 100644 (file)
--- a/man/man8/monkeysphere-authentication.8
+++ b/man/man8/monkeysphere-authentication.8
@@ -60,6 +60,17 @@ Instruct system to ignore user identity certifications made by KEYID.
 List key IDs trusted by the system to certify user identities.  `c'
 may be used in place of `list-id-certifiers'.
 .TP
 List key IDs trusted by the system to certify user identities.  `c'
 may be used in place of `list-id-certifiers'.
 .TP

+.B diagnostics
+Review the state of the server with respect to authentication.  `d'
+may be used in place of `diagnostics'.
+.TP
+.B gpg-cmd
+Execute a gpg command, as the monkeysphere user, on the monkeysphere
+authentication "sphere" keyring.  This takes a single argument
+(multiple gpg arguments need to be quoted).  Use this command with
+caution, as modifying the authentication sphere keyring can affect ssh
+user authentication.
+.TP

 .B help
 Output a brief usage summary.  `h' or `?' may be used in place of
 `help'.
 .B help
 Output a brief usage summary.  `h' or `?' may be used in place of
 `help'.


@@ -67,22 +78,6 @@ Output a brief usage summary.  `h' or `?' may be used in place of
 .B version
 show version number
 
 .B version
 show version number
 

-.SH "EXPERT" SUBCOMMANDS
-
-Some commands are very unlikely to be needed by most administrators.
-These commands must prefaced by the word `expert'.
-.TP
-.B diagnostics
-Review the state of the server with respect to authentication.  `d'
-may be used in place of `diagnostics'.
-.TP
-.B gpg-cmd
-Execute a gpg command on the gnupg-authentication keyring as the
-monkeysphere user.  This takes a single command (multiple gpg
-arguments need to be quoted).  Use this command with caution, as
-modifying the gnupg-authentication keyring can affect ssh user
-authentication.
-

 .SH SETUP USER AUTHENTICATION
 
 If the server will handle user authentication through
 .SH SETUP USER AUTHENTICATION
 
 If the server will handle user authentication through

diff --git a/man/man8/monkeysphere-host.8 b/man/man8/monkeysphere-host.8
index 78b6b4a375afdaf680b5ab8b5e9a745e75c32d38..062f0aadb68aa8e76cf56b736888c63a2538aad1 100644 (file)
--- a/man/man8/monkeysphere-host.8
+++ b/man/man8/monkeysphere-host.8
@@ -61,33 +61,13 @@ Revoke the host's OpenPGP key.  `r' may be used in place of
 Publish the host's OpenPGP key to the keyserver.  `p' may be used in
 place of `publish-key'.
 .TP
 Publish the host's OpenPGP key to the keyserver.  `p' may be used in
 place of `publish-key'.
 .TP

-.B help
-Output a brief usage summary.  `h' or `?' may be used in place of
-`help'.
-.TP
-.B version
-show version number
-
-.SH "EXPERT" SUBCOMMANDS
-
-Some commands are very unlikely to be needed by most administrators.
-These commands must prefaced by the word `expert'.
-.TP
-.B gen-key [HOSTNAME]
-Generate a OpenPGP key for the host.  If HOSTNAME is not specified,
-then the system fully-qualified domain name will be user.  An
-alternate key bit length can be specified with the `-l' or `--length'
-option (default 2048).  An expiration length can be specified with the
-`-e' or `--expire' option (prompt otherwise).  The expiration format
-is the same as that of \fBextend-key\fP, below.  `g' may be used in
-place of `gen-key'.
-.TP
-.B import-key
-FIXME:
-  import-key (i)                     import existing ssh key to gpg
-   --hostname (-h) NAME[:PORT]         hostname for key user ID
-   --keyfile (-f) FILE                 key file to import
-   --expire (-e) EXPIRE                date to expire
+.B import-key [NAME[:PORT]]
+Import a pem-encoded ssh secret host key, from stdin.  NAME[:PORT] is
+used to specify the hostname (and port) used in the user ID of the new
+OpenPGP key.  If NAME is not specified, then the system
+fully-qualified domain name will be used (ie. `hostname -f').  If PORT
+is not specified, the no port is added to the user ID, which means
+port 22 is assumed.  `i' may be used in place of `import-key'.

 .TP
 .B diagnostics
 Review the state of the monkeysphere server host key and report on
 .TP
 .B diagnostics
 Review the state of the monkeysphere server host key and report on


@@ -95,6 +75,13 @@ suggested changes.  Among other checks, this includes making sure
 there is a valid host key, that the key is published, that the sshd
 configuration points to the right place, etc.  `d' may be used in
 place of `diagnostics'.
 there is a valid host key, that the key is published, that the sshd
 configuration points to the right place, etc.  `d' may be used in
 place of `diagnostics'.

+.TP
+.B help
+Output a brief usage summary.  `h' or `?' may be used in place of
+`help'.
+.TP
+.B version
+show version number

 
 .SH SETUP HOST AUTHENTICATION
 
 
 .SH SETUP HOST AUTHENTICATION
 


@@ -104,11 +91,6 @@ publish the host key to the keyservers, run the following command:
 
 $ monkeysphere-host publish-key
 
 
 $ monkeysphere-host publish-key
 

-You must also modify the sshd_config on the server to tell sshd where
-the new server host key is located:
-
-HostKey /var/lib/monkeysphere/host/ssh_host_rsa_key
-

 In order for users logging into the system to be able to identify the
 host via the monkeysphere, at least one person (e.g. a server admin)
 will need to sign the host's key.  This is done using standard OpenPGP
 In order for users logging into the system to be able to identify the
 host via the monkeysphere, at least one person (e.g. a server admin)
 will need to sign the host's key.  This is done using standard OpenPGP

diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication
index 2d6079f11a57396780d972af97a5f03a2b29f806..4a09527add0f95a77eeec2f3e1be26169294da98 100755 (executable)
--- a/src/monkeysphere-authentication
+++ b/src/monkeysphere-authentication
@@ -61,12 +61,10 @@ subcommands:
  remove-id-certifier (c-) KEYID      remove a certification key
  list-id-certifiers (c)              list certification keys
 
  remove-id-certifier (c-) KEYID      remove a certification key
  list-id-certifiers (c)              list certification keys
 

- expert <expert-subcommand>          run expert command
- expert help                         expert command help
-

  version (v)                         show version number
  help (h,?)                          this help
 
  version (v)                         show version number
  help (h,?)                          this help
 

+See ${PGRM}(8) for more info.

 EOF
 }
 
 EOF
 }
 


@@ -176,35 +174,13 @@ case $COMMAND in
        list_certifiers "$@"
        ;;
 
        list_certifiers "$@"
        ;;
 

-    'expert')
-       SUBCOMMAND="$1"
-       shift
-       case "$SUBCOMMAND" in
-           'help'|'h'|'?')
-               cat <<EOF
-usage: $PGRM expert <subcommand> [options] [args]
-
-expert subcommands:
- diagnostics (d)                     monkeysphere authentication status
- gpg-cmd CMD                         execute gpg command
-
-EOF
-               ;;
-
-           'diagnostics'|'d')
-               source "${MASHAREDIR}/diagnostics"
-               diagnostics
-               ;;
-
-           'gpg-cmd')
-               gpg_sphere "$@"
-               ;;
+    'diagnostics'|'d')
+       source "${MASHAREDIR}/diagnostics"
+       diagnostics
+       ;;

 
 

-           *)
-               failure "Unknown expert subcommand: '$COMMAND'
-Type '$PGRM help' for usage."
-               ;;
-       esac
+    'gpg-cmd')
+       gpg_sphere "$@"

        ;;
 
     'version'|'v')
        ;;
 
     'version'|'v')

diff --git a/src/monkeysphere-host b/src/monkeysphere-host
index 64023e056c7ad6de9e6a1c5bf978d503010ecfbf..2e69d4151c96f5aa2963aed9c9e8300e0d518fbb 100755 (executable)
--- a/src/monkeysphere-host
+++ b/src/monkeysphere-host
@@ -66,12 +66,12 @@ subcommands:
  revoke-key (r)                      revoke host key
  publish-key (p)                     publish host key to keyserver
 
  revoke-key (r)                      revoke host key
  publish-key (p)                     publish host key to keyserver
 

- expert <expert-subcommand>          run expert command
- expert help                         expert command help
+ import-key (i) [NAME[:PORT]]        import existing ssh key to gpg

 
  version (v)                         show version number
  help (h,?)                          this help
 
 
  version (v)                         show version number
  help (h,?)                          this help
 

+See ${PGRM}(8) for more info.

 EOF
 }
 
 EOF
 }
 


@@ -269,47 +269,16 @@ case $COMMAND in
        publish_key
        ;;
 
        publish_key
        ;;
 

-    'expert')
-       SUBCOMMAND="$1"
-       shift
-       case "$SUBCOMMAND" in
-           'help'|'h'|'?')
-               cat <<EOF
-usage: $PGRM expert <subcommand> [options] [args]
-
-expert subcommands:
- import-key (i) [NAME[:PORT]]        import existing ssh key to gpg
- gen-key (g) [NAME[:PORT]]           generate gpg key for the host
-   --length (-l) BITS                  key length in bits (2048)
- diagnostics (d)                     monkeysphere host status
+    'import-key'|'i')
+       load_fingerprint
+       check_host_key
+       source "${MHSHAREDIR}/import_key"
+       import_key "$@"
+       ;;

 
 

-EOF
-               ;;
-
-           'import-key'|'i')
-               load_fingerprint
-               check_host_key
-               source "${MHSHAREDIR}/import_key"
-               import_key "$@"
-               ;;
-
-           'gen-key'|'g')
-               load_fingerprint
-               check_host_key
-               source "${MHSHAREDIR}/gen_key"
-               gen_key "$@"
-               ;;
-
-           'diagnostics'|'d')
-               source "${MHSHAREDIR}/diagnostics"
-               diagnostics
-               ;;
-
-           *)
-               failure "Unknown expert subcommand: '$COMMAND'
-Type '$PGRM help' for usage."
-               ;;
-       esac
+    'diagnostics'|'d')
+       source "${MHSHAREDIR}/diagnostics"
+       diagnostics

        ;;
 
     'version'|'v')
        ;;
 
     'version'|'v')

diff --git a/src/share/mh/gen_key b/src/share/mh/gen_key
deleted file mode 100644 (file)
index 96053bc..0000000
--- a/src/share/mh/gen_key
+++ /dev/null
@@ -1,84 +0,0 @@
-# -*-shell-script-*-
-# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
-
-# Monkeysphere host gen-key subcommand
-#
-# The monkeysphere scripts are written by:
-# Jameson Rollins <jrollins@finestructure.net>
-# Jamie McClelland <jm@mayfirst.org>
-# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-#
-# They are Copyright 2008-2009, and are all released under the GPL,
-# version 3 or later.
-
-gen_key() {
-
-local hostName
-local keyType="RSA"
-local keyLength="2048"
-local keyUsage="auth"
-local keyExpire="0"
-local userID
-
-# get options
-while true ; do
-       case "$1" in
-           -l|--length)
-               keyLength="$2"
-               shift 2
-               ;;
-           *)
-               if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then
-                   failure "Unknown option '$1'.
-Type '$PGRM help' for usage."
-               fi
-               break
-               ;;
-       esac
-done
-
-hostName=${1:-$(hostname -f)}
-userID="ssh://${hostName}"
-
-# create host home
-mkdir -p "${MHDATADIR}"
-mkdir -p "${MHTMPDIR}"
-mkdir -p "${GNUPGHOME_HOST}"
-chmod 700 "${GNUPGHOME_HOST}"
-
-log debug "generating host key..."
-gpg_host --batch --gen-key <<EOF
-Key-Type: $keyType
-Key-Length: $keyLength
-Key-Usage: $keyUsage
-Name-Real: $userID
-Expire-Date: $keyExpire
-
-%commit
-%echo done
-
-EOF
-
-# load the new host fpr into the fpr variable
-load_fingerprint_secret
-
-# export the host secret key to the monkeysphere ssh sec key file
-# NOTE: assumes that the primary key is the proper key to use
-log debug "creating ssh secret key file..."
-(umask 077 && \
-    gpg_host --export-secret-key "$HOST_FINGERPRINT" | \
-    openpgp2ssh "$HOST_FINGERPRINT" > "${MHDATADIR}/ssh_host_rsa_key")
-log info "SSH host secret key file: ${MHDATADIR}/ssh_host_rsa_key"
-
-# export the host public key to the monkeysphere ssh pub key file
-log debug "creating ssh public key file..."
-ssh-keygen -y -f "${MHDATADIR}/ssh_host_rsa_key" > "$HOST_KEY_PUB"
-log info "SSH host public key file: $HOST_KEY_PUB"
-
-# export to gpg public key to file
-create_gpg_pub_file
-
-# show info about new key
-show_key
-
-}