authenticate and encrypt ssh connections.
It is free software, developed by:
- Jameson Rollins <jrollins@fifthhorseman.net>
+ Jameson Graef Rollins <jrollins@finestructure.net>
Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Jamie McClelland <jamie@mayfirst.org>
Micah Anderson <micah@riseup.net>
debian-package: tarball
tar xzf monkeysphere_$(MONKEYSPHERE_VERSION).orig.tar.gz
+ sed -i "s|__VERSION__|$(MONKEYSPHERE_VERSION)|g" monkeysphere-$(MONKEYSPHERE_VERSION)/src/common
cp -a packaging/debian monkeysphere-$(MONKEYSPHERE_VERSION)
(cd monkeysphere-$(MONKEYSPHERE_VERSION) && debuild -uc -us)
rm -rf monkeysphere-$(MONKEYSPHERE_VERSION)
* New upstream release:
- added better checks for the existence of a host private key for
functions that require it to be there.
+ - add checks for root users, for functions where it is required.
+ - get rid of getopts.
+ - added version output option
+ - check that existing authentication keys are valid in gen_key
+ function.
- -- Jameson Graef Rollins <jrollins@finestructure.net> Sun, 30 Nov 2008 17:14:50 -0500
+ -- Jameson Graef Rollins <jrollins@finestructure.net> Tue, 30 Dec 2008 20:21:16 -0500
monkeysphere (0.22-1) unstable; urgency=low
#
PORTNAME= monkeysphere
-PORTVERSION= 0.22~pre
+PORTVERSION= 0.22
CATEGORIES= security
MASTER_SITES= http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/
# hack for debian orig tarballs
-MD5 (monkeysphere_0.22~pre.orig.tar.gz) = fd19f09ed9a720f673d74c9cb58e9d6d
-SHA256 (monkeysphere_0.22~pre.orig.tar.gz) = 337c7fdb93b697fba5a9e35cdff2b5faf0e4914fd8beab7994b456d58d19abb6
-SIZE (monkeysphere_0.22~pre.orig.tar.gz) = 69345
+MD5 (monkeysphere_0.22.orig.tar.gz) = 2bb00c86323409b98aff53f94d9ce0a6
+SHA256 (monkeysphere_0.22.orig.tar.gz) = 2566facda807a67a4d2d6de3833cccfa0b78b454909e8d25f47a235a9e621b24
+SIZE (monkeysphere_0.22.orig.tar.gz) = 70245
export SYSSHAREDIR
. "${SYSSHAREDIR}/common" || exit 1
+--- src/monkeysphere-ssh-proxycommand.orig
++++ src/monkeysphere-ssh-proxycommand
+@@ -16,7 +16,7 @@
+ ########################################################################
+ PGRM=$(basename $0)
+
+-SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"}
++SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/local/share/monkeysphere"}
+ export SYSSHAREDIR
+ . "${SYSSHAREDIR}/common" || exit 1
+
SYSCONFIGDIR=${MONKEYSPHERE_SYSCONFIGDIR:-"/etc/monkeysphere"}
export SYSCONFIGDIR
+# monkeysphere version
+VERSION=__VERSION__
+
########################################################################
### UTILITY FUNCTIONS
--- /dev/null
+#!/usr/bin/perl -w -T
+
+# pem2openpgp: take a PEM-encoded RSA private-key on standard input, a
+# User ID as the first argument, and generate an OpenPGP certificate
+# from it.
+
+# Usage:
+
+# pem2openpgp 'ssh://'$(hostname -f) < /etc/ssh/ssh_host_rsa_key | gpg --import
+
+# Authors:
+# Jameson Rollins <jrollins@finestructure.net>
+# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+# Started on: 2009-01-07 02:01:19-0500
+
+# License: GPL v3 or later (we may need to adjust this given that this
+# connects to OpenSSL via perl)
+
+use strict;
+use warnings;
+use Crypt::OpenSSL::RSA;
+use Crypt::OpenSSL::Bignum;
+use Digest::SHA1;
+use MIME::Base64;
+
+## make sure all length() and substr() calls use bytes only:
+use bytes;
+
+my $uid = shift;
+
+# FIXME: fail if there is no given user ID; or should we default to
+# hostname_long() from Sys::Hostname::Long ?
+
+# make an old-style packet out of the given packet type and body.
+# old-style (see RFC 4880 section 4.2)
+sub make_packet {
+ my $type = shift;
+ my $body = shift;
+
+ my $len = length($body);
+
+ my $lenbytes;
+ my $lencode;
+
+ if ($len < 2**8) {
+ $lenbytes = 0;
+ $lencode = 'C';
+ } elsif ($len < 2**16) {
+ $lenbytes = 1;
+ $lencode = 'n';
+ } elsif ($len < 2**31) {
+ ## not testing against full 32 bits because i don't want to deal
+ ## with potential overflow.
+ $lenbytes = 2;
+ $lencode = 'N';
+ } else {
+ ## what the hell do we do here?
+ $lenbytes = 3;
+ $lencode = '';
+ }
+
+ return pack('C'.$lencode, 0x80 + ($type * 4) + $lenbytes, $len).
+ $body;
+}
+
+
+# takes a Crypt::OpenSSL::Bignum, returns it formatted as OpenPGP MPI
+# (RFC 4880 section 3.2)
+sub mpi_pack {
+ my $num = shift;
+
+ my $val = $num->to_bin();
+ my $mpilen = length($val)*8;
+
+# this is a kludgy way to get the number of significant bits in the
+# first byte:
+ my $bitsinfirstbyte = length(sprintf("%b", ord($val)));
+
+ $mpilen -= (8 - $bitsinfirstbyte);
+
+ return pack('n', $mpilen).$val;
+}
+
+# FIXME: genericize this to accept either RSA or DSA keys:
+sub make_rsa_pub_key_body {
+ my $key = shift;
+ my $timestamp = shift;
+
+ my ($n, $e) = $key->get_key_parameters();
+
+ return
+ pack('CN', 4, $timestamp).
+ pack('C', 1). # RSA
+ mpi_pack($n).
+ mpi_pack($e);
+
+}
+
+# expects an RSA key (public or private) and a timestamp
+sub fingerprint {
+ my $key = shift;
+ my $timestamp = shift;
+
+ my $rsabody = make_rsa_pub_key_body($key, $timestamp);
+
+ return Digest::SHA1::sha1(pack('Cn', 0x99, length($rsabody)).$rsabody);
+}
+
+# FIXME: make tables of relevant identifiers: digest algorithms,
+# ciphers, asymmetric crypto, packet types, subpacket types, signature
+# types. As these are created, replace the opaque numbers below with
+# semantically-meaningful code.
+
+# see RFC 4880 section 5.2.3.21
+my $usage_flags = { certify => 0x01,
+ sign => 0x02,
+ encrypt_comms => 0x04,
+ encrypt_storage => 0x08,
+ encrypt => 0x0c, ## both comms and storage
+ split => 0x10, # the private key is split via secret sharing
+ authenticate => 0x20,
+ shared => 0x80, # more than one person holds the entire private key
+ };
+
+
+# we're just not dealing with newline business right now. slurp in
+# the whole file.
+undef $/;
+my $buf = <STDIN>;
+
+
+my $rsa = Crypt::OpenSSL::RSA->new_private_key($buf);
+
+$rsa->use_sha1_hash();
+$rsa->use_no_padding();
+
+if (! $rsa->check_key()) {
+ die "key does not check";
+}
+
+my $version = pack('C', 4);
+# strong assertion of identity:
+my $sigtype = pack('C', 0x13);
+# RSA
+my $pubkey_algo = pack('C', 1);
+# SHA1
+my $hash_algo = pack('C', 2);
+
+# FIXME: i'm worried about generating a bazillion new OpenPGP
+# certificates from the same key, which could easily happen if you run
+# this script more than once against the same key. How can we prevent
+# this?
+
+# could an environment variable (if set) override the current time?
+my $timestamp = time();
+
+my $creation_time_packet = pack('CCN', 5, 2, $timestamp);
+
+
+# FIXME: HARDCODED: what if someone wants to select a different set of
+# usage flags? For now, we do only authentication.
+my $flags = $usage_flags->{authenticate};
+my $usage_packet = pack('CCC', 2, 27, $flags);
+
+
+# FIXME: HARDCODED: how should we determine how far off to set the
+# expiration date? default is to expire in 2 days, which is insanely
+# short (but good for testing).
+my $expires_in = 86400*2;
+my $expiration_packet = pack('CCN', 5, 9, $expires_in);
+
+
+# prefer AES-256, AES-192, AES-128, CAST5, 3DES:
+my $pref_sym_algos = pack('CCCCCCC', 6, 11, 9, 8, 7, 3, 2);
+
+# prefer SHA-1, SHA-256, RIPE-MD/160
+my $pref_hash_algos = pack('CCCCC', 4, 21, 2, 8, 3);
+
+# prefer ZLIB, BZip2, ZIP
+my $pref_zip_algos = pack('CCCCC', 4, 22, 2, 3, 1);
+
+# we support the MDC feature:
+my $features = pack('CCC', 2, 30, 1);
+
+# keyserver preference: only owner modify (???):
+my $keyserver_pref = pack('CCC', 2, 23, 0x80);
+
+my $subpackets_to_be_hashed =
+ $creation_time_packet.
+ $usage_packet.
+ $expiration_packet.
+ $pref_sym_algos.
+ $pref_hash_algos.
+ $pref_zip_algos.
+ $features.
+ $keyserver_pref;
+
+my $subpacket_octets = pack('n', length($subpackets_to_be_hashed));
+
+my $sig_data_to_be_hashed =
+ $version.
+ $sigtype.
+ $pubkey_algo.
+ $hash_algo.
+ $subpacket_octets.
+ $subpackets_to_be_hashed;
+
+my $pubkey = make_rsa_pub_key_body($rsa, $timestamp);
+
+#open(KEYFILE, "</home/wt215/gpg-test/key-data");
+my $key_data = make_packet(6, $pubkey);
+
+# take the last 8 bytes of the fingerprint as the keyid:
+my $keyid = substr(fingerprint($rsa, $timestamp), 20 - 8, 8);
+
+# the v4 signature trailer is:
+
+# version number, literal 0xff, and then a 4-byte count of the
+# signature data itself.
+my $trailer = pack('CCN', 4, 0xff, length($sig_data_to_be_hashed));
+
+my $uid_data =
+ pack('CN', 0xb4, length($uid)).
+ $uid;
+
+my $datatosign =
+ $key_data.
+ $uid_data.
+ $sig_data_to_be_hashed.
+ $trailer;
+
+my $data_hash = Digest::SHA1::sha1_hex($datatosign);
+
+
+my $issuer_packet = pack('CCa8', 9, 16, $keyid);
+
+my $sig = Crypt::OpenSSL::Bignum->new_from_bin($rsa->sign($datatosign));
+
+my $sig_body =
+ $sig_data_to_be_hashed.
+ pack('n', length($issuer_packet)).
+ $issuer_packet.
+ pack('n', hex(substr($data_hash, 0, 4))).
+ mpi_pack($sig);
+
+print
+ make_packet(6, $pubkey).
+ make_packet(13, $uid).
+ make_packet(2, $sig_body);
+
+
--length (-l) BITS key length in bits (2048)
--expire (-e) EXPIRE date to expire
subkey-to-ssh-agent (s) store authentication subkey in ssh-agent
+ version (v) show version number
help (h,?) this help
EOF
keyExpire=
# get options
- TEMP=$(PATH="/usr/local/bin:$PATH" getopt -o l:e: -l length:,expire: -n "$PGRM" -- "$@") || failure "getopt failed! Does your getopt support GNU-style long options?"
-
- if [ $? != 0 ] ; then
- exit 1
- fi
-
- # Note the quotes around `$TEMP': they are essential!
- eval set -- "$TEMP"
-
while true ; do
case "$1" in
-l|--length)
keyExpire="$2"
shift 2
;;
- --)
- shift
- ;;
- *)
+ *)
+ if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then
+ failure "Unknown option '$1'.
+Type '$PGRM help' for usage."
+ fi
break
;;
esac
done
- if [ -z "$1" ] ; then
- # find all secret keys
- keyID=$(gpg --with-colons --list-secret-keys | grep ^sec | cut -f5 -d: | sort -u)
- # if multiple sec keys exist, fail
- if (( $(echo "$keyID" | wc -l) > 1 )) ; then
- echo "Multiple secret keys found:"
- echo "$keyID"
+ case "$#" in
+ 0)
+ gpgSecOut=$(gpg --quiet --fixed-list-mode --list-secret-keys --with-colons 2>/dev/null | egrep '^sec:')
+ ;;
+ 1)
+ gpgSecOut=$(gpg --quiet --fixed-list-mode --list-secret-keys --with-colons "$1" | egrep '^sec:') || failure
+ ;;
+ *)
+ failure "You must specify only a single primary key ID."
+ ;;
+ esac
+
+ # check that only a single secret key was found
+ case $(echo "$gpgSecOut" | grep -c '^sec:') in
+ 0)
+ failure "No secret keys found. Create an OpenPGP key with the following command:
+ gpg --gen-key"
+ ;;
+ 1)
+ keyID=$(echo "$gpgSecOut" | cut -d: -f5)
+ ;;
+ *)
+ echo "Multiple primary secret keys found:"
+ echo "$gpgSecOut" | cut -d: -f5
failure "Please specify which primary key to use."
+ ;;
+ esac
+
+ # check that a valid authentication key does not already exist
+ IFS=$'\n'
+ for line in $(gpg --quiet --fixed-list-mode --list-keys --with-colons "$keyID") ; do
+ type=$(echo "$line" | cut -d: -f1)
+ validity=$(echo "$line" | cut -d: -f2)
+ usage=$(echo "$line" | cut -d: -f12)
+
+ # look at keys only
+ if [ "$type" != 'pub' -a "$type" != 'sub' ] ; then
+ continue
fi
- else
- keyID="$1"
- fi
- if [ -z "$keyID" ] ; then
- failure "You have no secret key available. You should create an OpenPGP
-key before joining the monkeysphere. You can do this with:
- gpg --gen-key"
- fi
-
- # get key output, and fail if not found
- gpgOut=$(gpg --quiet --fixed-list-mode --list-secret-keys --with-colons \
- "$keyID") || failure
-
- # fail if multiple sec lines are returned, which means the id
- # given is not unique
- if [ $(echo "$gpgOut" | grep -c '^sec:') -gt '1' ] ; then
- failure "Key ID '$keyID' is not unique."
- fi
-
- # prompt if an authentication subkey already exists
- if echo "$gpgOut" | egrep "^(sec|ssb):" | cut -d: -f 12 | grep -q a ; then
- echo "An authentication subkey already exists for key '$keyID'."
- read -p "Are you sure you would like to generate another one? (y/N) " OK; OK=${OK:N}
- if [ "${OK/y/Y}" != 'Y' ] ; then
- failure "aborting."
+ # check for authentication capability
+ if ! check_capability "$usage" 'a' ; then
+ continue
fi
- fi
+ # if authentication key is valid, prompt to continue
+ if [ "$validity" = 'u' ] ; then
+ echo "A valid authentication key already exists for primary key '$keyID'."
+ read -p "Are you sure you would like to generate another one? (y/N) " OK; OK=${OK:N}
+ if [ "${OK/y/Y}" != 'Y' ] ; then
+ failure "aborting."
+ fi
+ break
+ fi
+ done
# set subkey defaults
# prompt about key expiration if not specified
(umask 077 && mkfifo "$fifoDir/pass")
echo "$editCommands" | gpg --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --edit-key "$keyID" &
+ # FIXME: this needs to fail more gracefully if the passphrase is incorrect
passphrase_prompt "Please enter your passphrase for $keyID: " "$fifoDir/pass"
rm -rf "$fifoDir"
subkey_to_ssh_agent "$@"
;;
+ 'version'|'v')
+ echo "$VERSION"
+ ;;
+
'--help'|'help'|'-h'|'h'|'?')
usage
;;
gpg-authentication-cmd CMD gnupg-authentication command
+ version (v) show version number
help (h,?) this help
EOF
su_monkeysphere_user "gpg $@"
}
-# function to check for host secret keys
-# fails if host sec key exists, exits true otherwise
-check_host_keyring() {
- if ! gpg_host --list-secret-keys --fingerprint \
- --with-colons --fixed-list-mode 2>/dev/null | grep -q '^sec:' ; then
+# check if user is root
+is_root() {
+ [ $(id -u 2>/dev/null) = '0' ]
+}
- failure "You don't appear to have a Monkeysphere host key on this server. Please run 'monkeysphere-server gen-key' first."
- fi
+# check that user is root, for functions that require root access
+check_user() {
+ is_root || failure "You must be root to run this command."
}
# output just key fingerprint
fingerprint_server_key() {
+ # set the pipefail option so functions fails if can't read sec key
+ set -o pipefail
+
gpg_host --list-secret-keys --fingerprint \
--with-colons --fixed-list-mode 2> /dev/null | \
- grep '^fpr:' | head -1 | cut -d: -f10
+ grep '^fpr:' | head -1 | cut -d: -f10 2>/dev/null
+}
+
+# function to check for host secret key
+check_host_keyring() {
+ fingerprint_server_key >/dev/null \
+ || failure "You don't appear to have a Monkeysphere host key on this server. Please run 'monkeysphere-server gen-key' first."
}
# output key information
show_server_key() {
- local fingerprint
- local tmpkey
+ local fingerprintPGP
+ local fingerprintSSH
+ local ret=0
- fingerprint=$(fingerprint_server_key)
- gpg_authentication "--fingerprint --list-key --list-options show-unusable-uids $fingerprint"
-
- # do some crazy "Here Strings" redirection to get the key to
- # ssh-keygen, since it doesn't read from stdin cleanly
- echo -n "ssh fingerprint: "
- ssh-keygen -l -f /dev/stdin \
- <<<$(gpg_authentication "--export $fingerprint" | \
- openpgp2ssh "$fingerprint" 2>/dev/null) | \
- awk '{ print $1, $2, $4 }'
- echo -n "OpenPGP fingerprint: "
- echo "$fingerprint"
+ # FIXME: you shouldn't have to be root to see the host key fingerprint
+ if is_root ; then
+ check_host_keyring
+ fingerprintPGP=$(fingerprint_server_key)
+ gpg_authentication "--fingerprint --list-key --list-options show-unusable-uids $fingerprintPGP" 2>/dev/null
+ echo "OpenPGP fingerprint: $fingerprintPGP"
+ else
+ log info "You must be root to see host OpenPGP fingerprint."
+ ret='1'
+ fi
+
+ if [ -f "${SYSDATADIR}/ssh_host_rsa_key.pub" ] ; then
+ fingerprintSSH=$(ssh-keygen -l -f "${SYSDATADIR}/ssh_host_rsa_key.pub" | \
+ awk '{ print $1, $2, $4 }')
+ echo "ssh fingerprint: $fingerprintSSH"
+ else
+ log info "SSH host key not found."
+ ret='1'
+ fi
+
+ return $ret
}
# update authorized_keys for users
revoker=
# get options
- TEMP=$(PATH="/usr/local/bin:$PATH" getopt -o e:l:r -l expire:,length:,revoker: -n "$PGRM" -- "$@") || failure "getopt failed! Does your getopt support GNU-style long options?"
-
- if [ $? != 0 ] ; then
- exit 1
- fi
-
- # Note the quotes around `$TEMP': they are essential!
- eval set -- "$TEMP"
-
while true ; do
case "$1" in
-l|--length)
revoker="$2"
shift 2
;;
- --)
- shift
- ;;
- *)
+ *)
+ if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then
+ failure "Unknown option '$1'.
+Type '$PGRM help' for usage."
+ fi
break
;;
esac
hostName=${1:-$(hostname -f)}
userID="ssh://${hostName}"
- # check for presense of key with user ID
+ # check for presense of secret key
# FIXME: is this the proper test to be doing here?
- if gpg_host --list-key ="$userID" > /dev/null 2>&1 ; then
- failure "Key for '$userID' already exists"
- fi
+ fingerprint_server_key >/dev/null \
+ && failure "A key for this host already exists."
# prompt about key expiration if not specified
keyExpire=$(get_gpg_expiration "$keyExpire")
# set key parameters
- keyParameters=$(cat <<EOF
-Key-Type: $keyType
+ keyParameters=\
+"Key-Type: $keyType
Key-Length: $keyLength
Key-Usage: $keyUsage
Name-Real: $userID
-Expire-Date: $keyExpire
-EOF
-)
+Expire-Date: $keyExpire"
# add the revoker field if specified
# FIXME: the "1:" below assumes that $REVOKER's key is an RSA key.
# FIXME: key is marked "sensitive"? is this appropriate?
if [ "$revoker" ] ; then
- keyParameters="${keyParameters}"$(cat <<EOF
-Revoker: 1:$revoker sensitive
-EOF
-)
+ keyParameters=\
+"${keyParameters}
+Revoker: 1:${revoker} sensitive"
fi
echo "The following key parameters will be used for the host private key:"
fi
# add commit command
- keyParameters="${keyParameters}"$(cat <<EOF
+ # must include blank line!
+ keyParameters=\
+"${keyParameters}
%commit
-%echo done
-EOF
-)
+%echo done"
log verbose "generating server key..."
echo "$keyParameters" | gpg_host --batch --gen-key
- # output the server fingerprint
- fingerprint_server_key "=${userID}"
-
# find the key fingerprint of the newly generated key
fingerprint=$(fingerprint_server_key)
log info "SSH host public key output to file: ${SYSDATADIR}/ssh_host_rsa_key.pub"
gpg_authentication "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg"
log info "SSH host public key in OpenPGP form: ${SYSDATADIR}/ssh_host_rsa_key.pub.gpg"
+
+ # show info about new key
+ show_server_key
}
# extend the lifetime of a host key:
save
EOF
- )
+)
# execute edit-key script
if echo "$adduidCommand" | \
depth=1
# get options
- TEMP=$(PATH="/usr/local/bin:$PATH" getopt -o n:t:d: -l domain:,trust:,depth: -n "$PGRM" -- "$@") || failure "getopt failed! Does your getopt support GNU-style long options?"
-
- if [ $? != 0 ] ; then
- exit 1
- fi
-
- # Note the quotes around `$TEMP': they are essential!
- eval set -- "$TEMP"
-
while true ; do
case "$1" in
-n|--domain)
depth="$2"
shift 2
;;
- --)
- shift
- ;;
- *)
+ *)
+ if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then
+ failure "Unknown option '$1'.
+Type '$PGRM help' for usage."
+ fi
break
;;
esac
case $COMMAND in
'update-users'|'update-user'|'u')
+ check_user
check_host_keyring
update_users "$@"
;;
'gen-key'|'g')
+ check_user
gen_key "$@"
;;
'extend-key'|'e')
+ check_user
check_host_keyring
extend_key "$@"
;;
'add-hostname'|'add-name'|'n+')
+ check_user
check_host_keyring
add_hostname "$@"
;;
'revoke-hostname'|'revoke-name'|'n-')
+ check_user
check_host_keyring
revoke_hostname "$@"
;;
'show-key'|'show'|'s')
- check_host_keyring
show_server_key
;;
'publish-key'|'publish'|'p')
+ check_user
check_host_keyring
publish_server_key
;;
'diagnostics'|'d')
+ check_user
diagnostics
;;
'add-identity-certifier'|'add-id-certifier'|'add-certifier'|'c+')
+ check_user
check_host_keyring
add_certifier "$@"
;;
'remove-identity-certifier'|'remove-id-certifier'|'remove-certifier'|'c-')
+ check_user
check_host_keyring
remove_certifier "$@"
;;
'list-identity-certifiers'|'list-id-certifiers'|'list-certifiers'|'list-certifier'|'c')
+ check_user
check_host_keyring
list_certifiers "$@"
;;
'gpg-authentication-cmd')
+ check_user
gpg_authentication_cmd "$@"
;;
+ 'version'|'v')
+ echo "$VERSION"
+ ;;
+
'--help'|'help'|'-h'|'h'|'?')
usage
;;
# Bugs #
-This is Monkeysphere's bug list. You can also browse our [completed bugs](done).
+The Monkeysphere is moving to a [new issue tracking
+system](https://labs.riseup.net/code/projects/show/monkeysphere),
+hosted at [Riseup Labs](https://labs.riseup.net/code). We're leaving
+this old bug list up during the transition.
-If you don't have commit access to the public repo, we'd appreciate
-you reporting bugs on [the monkeysphere mailing list](/community).
+If you use [Debian](htt[://debian.org), please consider submitting
+your bug to the [Debian BTS](http://bugs.debian.org/monkeysphere).
+
+You can also browse our [completed bugs](done).
+
+Please feel free to also ask any questions on the [the monkeysphere
+mailing list](/community).
[[inline pages="./bugs/* and !./bugs/done and !link(done)
and !*/Discussion" actions=yes postform=yes show=0]]
servo:~/cmrg/monkeysphere/git 0$ checkbashisms -f src/monkeysphere-server 2>&1 | wc -l
50
servo:~/cmrg/monkeysphere/git 0$
+
+It looks like the biggest complication for this would be the
+occasional use of bash arrays.
build in getopts function, instead of the external getopt program.
This would reduce an external dependency, which would definitely be
better for portability.
+
+---
+
+So it looks like the sh built-in getopts does not include long options
+(eg. "--expire"). Is it worth getting rid of the long options for
+this?
+
+---
+
+Why not just get rid of getopts altogether and perform a simple
+argument-processing loop with bash string tests? We're only invoking
+getopt in three places, and each invocation is no more complex than
+three arguments -- and most arguments take a separate parameter, which
+means that handling tricky arg blobs like -aCxr are not gonna be
+supported anyway.
## References ##
- * [Initial Monkeysphere specifications at CMRG](http://cmrg.fifthhorseman.net/wiki/OpenPGPandSSH)
+ * [OpenSSH](http://openssh.com/)
+ * [GnuPG](http://www.gnupg.org/)
* [OpenPGP (RFC 4880)](http://tools.ietf.org/html/rfc4880)
* [Secure Shell Authentication Protocol (RFC 4252)](http://tools.ietf.org/html/rfc4252)
* [URI scheme for SSH, RFC draft](http://tools.ietf.org/wg/secsh/draft-ietf-secsh-scp-sftp-ssh-uri/)
+ * [Initial Monkeysphere specifications at CMRG](http://cmrg.fifthhorseman.net/wiki/OpenPGPandSSH)
## Other ##
========================================
As the administrator of an SSH server, you can take advantage of the
-monkeysphere in two ways: you can publish the host key of your machine
-so that your users can have it automatically verified, and you can set
-up your machine to automatically identify connecting users by their
-presence in the OpenPGP web of trust.
+monkeysphere in two ways:
+1. you can publish the host key of your machine so that your users can
+have it automatically verified, and
+
+2. you can set up your machine to automatically identify connecting
+users by their presence in the OpenPGP web of trust.
+
+These things are not mutually required, and it is in fact possible to
+do one without the other. However, it is highly recommend that you at
+least do the first. Even if you decide that you do not want to use
+the monkeysphere to authenticate users to your system, you should at
+least the host key into the Web of Trust so that your users can be
+sure they're connecting to the correct machine.
+
+
+Monkeysphere for host verification
+==================================
Server host key publication
---------------------------
-To generate and publish a server host key:
+
+To begin, you must first generate a server host key:
# monkeysphere-server gen-key
- # monkeysphere-server publish-key
This will generate the key for server with the service URI
-(`ssh://server.example.net`). The server admin should now sign the
-server key so that people in the admin's web of trust can identify the
-server without manual host key checking:
+(`ssh://server.example.net`). Output the new key information with the
+'show-key' command:
+
+ # monkeysphere-server show-key
+
+Once the key has been generated, it needs to be publish to the Web of
+Trust:
+
+ # monkeysphere-server publish-key
+
+The server admin should now sign the server key so that people in the
+admin's web of trust can identify the server without manual host key
+checking. On your (the admin's) local machine retrieve the host key:
$ gpg --search '=ssh://server.example.net'
+
+Now sign the server key:
+
$ gpg --sign-key '=ssh://server.example.net'
+Make sure you compare the fingerprint of the retrieved with the one
+output with the 'show-key' command above, to verify you are signing
+the correct key. Finally, publish your signatures back to the
+keyservers:
+
+ $ gpg --send-key '=ssh://server.example.net'
Update OpenSSH configuration files
----------------------------------
To use the newly-generated host key for ssh connections, put the
-following line in `/etc/ssh/sshd_config` (be sure to remove references
-to any other keys):
+following line in `/etc/ssh/sshd_config` (be sure to comment out or
+remove any other HostKey references):
HostKey /var/lib/monkeysphere/ssh_host_rsa_key
-FIXME: should we just suggest symlinks in the filesystem here instead?
+FIXME: What about DSA host keys? The SSH RFC seems to require
+implementations support DSA, though OpenSSH will work without a DSA
+host key.
-FIXME: What about DSA host keys? The SSH RFC seems to require implementations support DSA, though OpenSSH will work without a DSA host key.
-To enable users to use the monkeysphere to authenticate using the
-OpenPGP web of trust, add this line to `/etc/ssh/sshd_config` (again,
-making sure that no other AuthorizedKeysFile directive exists):
+Monkeysphere for user authentication
+====================================
- AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u
+A host can maintain ssh `authorized_keys` files automatically for its
+users with the Monkeysphere. These `authorized_keys` files can then
+be used to enable users to use the monkeysphere to authenticate to
+your machine using the OpenPGP web of trust.
+
+Before this can happen, the host must first have a host key to use for
+user key verification. If you have not already generated a host key
+(as in the host verification instructions above), generate one now:
+
+ # monkeysphere-server gen-key
-And then read the section below about how to ensure these files are
-maintained. You'll need to restart `sshd` to have your changes take
-effect. As with any change to `sshd_config`, be sure to retain an
-existing session to the machine while you test your changes so you
-don't get locked out.
+Update OpenSSH configuration files
+----------------------------------
+
+SSH must be configured to point to the monkeysphere generated
+`authorized_keys` file. Add this line to `/etc/ssh/sshd_config`
+(again, making sure that no other AuthorizedKeysFile directive is left
+uncommented):
+ AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u
+
+You'll need to restart `sshd` to have your changes take effect. As
+with any change to `sshd_config`, be sure to retain an existing
+session to the machine while you test your changes so you don't get
+locked out.
Monkeysphere authorized_keys maintenance
----------------------------------------
-A host can maintain ssh authorized_keys files automatically for its
-users with the Monkeysphere.
-
For each user account on the server, the userids of people authorized
to log into that account would be placed in:
# monkeysphere-server add-identity-certifier $GPGID
-To update the monkeysphere authorized_keys file for user "bob" using
+To update the monkeysphere `authorized_keys` file for user "bob" using
the current set of identity certifiers, run:
# monkeysphere-server update-users bob
-To update the monkeysphere authorized_keys file for all users on the
+To update the monkeysphere `authorized_keys` file for all users on the
the system, run the same command with no arguments:
# monkeysphere-server update-users
Monkeysphere***. OpenSSH can be used as is; completely unpatched and
"out of the box".
-## Links ##
+## License ##
-* [OpenSSH](http://openssh.com/)
-* [GnuPG](http://www.gnupg.org/)
-* [Secure Shell Authentication Protocol RFC 4252](http://tools.ietf.org/html/rfc4252)
-* [OpenPGP RFC 4880](http://tools.ietf.org/html/rfc4880)
+All Monkeysphere software is copyright, 2007, by [the
+authors](community), and released under [GPL, version 3 or
+later](http://www.gnu.org/licenses/gpl-3.0.html).
----
overflow: auto;
}
-table.sitenav {
+table.sitenav {
border-bottom: 2px solid black;
padding: 0px;
width: 100%;
font-size: larger;
}
-table.sitenav img.logo {
- margin: 0px;
- padding: 0px;
+table.sitenav img.logo {
+ margin: 0em;
+ padding: 0px;
vertical-align: bottom;
}
+table.sitenav img.title {
+ margin: 0px;
+ padding: 0px;
+ vertical-align: top;
+}
+
table.sitenav a {
font-weight: bold;
margin-right: 1em;
font-size: smaller;
}
-/* trying to align the sitenav links roughly with the text in the monkeysphere logo */
-td#sitenav {
- vertical-align: bottom;
- padding-bottom: 30px;
-}
-
table.sitenav span.selflink {
font-weight: bold;
text-decoration: underline;
--- /dev/null
+[[meta title="Monkeysphere now in Debian!"]]
+
+[The Monkeysphere has made it into
+Debian!](http://packages.debian.org/sid/monkeysphere)
+
+It is in Debian unstable ("sid") now, which means it won't make it
+into the next stable release ("lenny"), but hopefully will make it
+into the stable release after that ("squeeze").
+
+Congratulations to all the work by all the [monkeysphere
+developers](/community), and to Micah Anderson for being our Debian
+sponsor.
+
+Please feel free to start submitting bug reports to the [Debian
+BTS](http://bugs.debian.org/monkeysphere).
<table class="sitenav" cellpadding="0" cellspacing="0">
-<tbody><tr><td>
-<a class="logo" href="/"><img class="logo" src="/logo.png" alt="monkeysphere" width="343" height="85" /></a>
-</td><td id="sitenav">
-
+<colgroup span="1" width="120" />
+<tr>
+<td rowspan="2"><a href="/"><img class="logo" src="/logo.simple.png" alt="monkeysphere" /></a></td>
+<td><a href="/"><img class="title" src="/logo.title.png" alt="monkeysphere" /></a></td>
+</tr><tr>
+<td>
[[WHY?|why]]
[[DOWNLOAD|download]]
[[DOCUMENTATION|doc]]
[[NEWS|news]]
[[COMMUNITY|community]]
-[[BUGS|bugs]]
+<a href="https://labs.riseup.net/code/wiki/monkeysphere">WIKI</a>
+<a href="https://labs.riseup.net/code/projects/monkeysphere/issues">BUGS</a>
+</td>
+</tr>
+</table>
-</td></tr></tbody></table>
projects / monkeysphere.git / commitdiff
