-MonkeySphere is a system to use the OpenPGP web-of-trust to
+Monkeysphere is a system to use the OpenPGP web-of-trust to
authenticate and encrypt ssh connections.
It is free software, developed by:
- Jameson Rollins <jrollins@fifthhorseman.net>
+ Jameson Graef Rollins <jrollins@finestructure.net>
Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Jamie McClelland <jamie@mayfirst.org>
Micah Anderson <micah@riseup.net>
Matthew Goins <mjgoins@openflows.com>
- Mike Castleman <mlcastle@mlcastle.net>
+ Mike Castleman <m@mlcastle.net>
Elliot Winard <enw@caveteen.com>
Ross Glover <ross@ross.mayfirst.org>
Greg Lyle <greg@stealthisemail.com>
-MonkeySphere is distributed in the hope that it will be useful, but
+Monkeysphere is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
-MonkeySphere Copyright 2007, and are all released under the GPL,
+Monkeysphere Copyright 2007, and are all released under the GPL,
version 3 or later.
-MONKEYSPHERE_VERSION = `head -n1 debian/changelog | sed 's/.*(\([^-]*\)-.*/\1/'`
+#!/usr/bin/make -f
+
+# Makefile for monkeysphere
+
+# (c) 2008 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+# Licensed under GPL v3 or later
+
+MONKEYSPHERE_VERSION = `head -n1 packaging/debian/changelog | sed 's/.*(\([^-]*\)-.*/\1/'`
# these defaults are for debian. porters should probably adjust them
# before calling make install
debian-package: tarball
tar xzf monkeysphere_$(MONKEYSPHERE_VERSION).orig.tar.gz
- cp -a debian monkeysphere-$(MONKEYSPHERE_VERSION)
+ sed -i "s|__VERSION__|$(MONKEYSPHERE_VERSION)|g" monkeysphere-$(MONKEYSPHERE_VERSION)/src/common
+ cp -a packaging/debian monkeysphere-$(MONKEYSPHERE_VERSION)
(cd monkeysphere-$(MONKEYSPHERE_VERSION) && debuild -uc -us)
rm -rf monkeysphere-$(MONKEYSPHERE_VERSION)
--- /dev/null
+packaging/debian/changelog
\ No newline at end of file
+++ /dev/null
-monkeysphere (0.20-1) UNRELEASED; urgency=low
-
- [ Jameson Graef Rollins ]
- * clean up Makefile to generate more elegant source tarballs.
-
- [ Daniel Kahn Gillmor ]
- * ensure that tempdirs are properly created, bail out otherwise instead
- of stumbling ahead.
-
- -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 30 Oct 2008 15:03:23 -0400
-
-monkeysphere (0.19-1) experimental; urgency=low
-
- [ Daniel Kahn Gillmor ]
- * simulating an X11 session in the test script.
- * updated packaging so that symlinks to config files are correct.
-
- -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 29 Oct 2008 02:47:49 -0400
-
-monkeysphere (0.18-1) experimental; urgency=low
-
- [ Jameson Graef Rollins ]
- * Fix bugs in authorized_{user_ids,keys} file permission checking.
- * Add new monkeysphere tmpdir to enable atomic moves of authorized_keys
- files.
- * chown authorized_keys files to `whoami`, for compatibility with test
- suite.
- * major improvements to test suite, added more tests.
-
- [ Daniel Kahn Gillmor ]
- * update make install to ensure placement of
- /etc/monkeysphere/gnupg-{host,authentication}.conf
- * choose either --quick-random or --debug-quick-random depending on
- which gpg supports for the test suite.
-
- -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 29 Oct 2008 00:41:38 -0400
-
-monkeysphere (0.17-1) experimental; urgency=low
-
- [ Jameson Graef Rollins ]
- * Fix some bugs in, and cleanup, authorized_keys file creation in
- monkeysphere-server update-users.
- * Move to using the empty string for not adding a user-controlled
- authorized_keys file in the RAW_AUTHORIZED_KEYS variable.
-
- -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 28 Oct 2008 02:04:22 -0400
-
-monkeysphere (0.16-1) experimental; urgency=low
-
- [ Daniel Kahn Gillmor ]
- * replaced "#!/bin/bash" with "#!/usr/bin/env bash" for better
- portability.
- * fixed busted lockfile arrangement, where empty file was being locked
- * portability fixes in the way we use date, mktemp, hostname, su
- * stop using /usr/bin/stat, since the syntax appears to be totally
- unportable
- * require GNU getopt, and test for getopt failures (look for getopt in
- /usr/local/bin first, since that's where FreeBSD's GNU-compatible
- getopt lives.
- * monkeysphere-server diagnostics now counts problems and suggests a
- re-run after they have been resolved.
- * completed basic test suite: this can be run from the git sources or
- the tarball with: cd tests && ./basic
-
- [ Jameson Graef Rollins ]
- * Genericize fs location variables.
- * break out gpg.conf files into SYSCONFIGDIR, and not auto-generated at
- install.
-
- -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sun, 26 Oct 2008 03:06:18 -0400
-
-monkeysphere (0.15-1) experimental; urgency=low
-
- * porting work and packaging simplification: clarifying makefiles,
- pruning dependencies, etc.
- * added tests to monkeysphere-server diagnostics
- * moved monkeysphere(5) to section 7 of the manual
- * now shipping TODO in /usr/share/doc/monkeysphere
-
- -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 04 Sep 2008 19:08:40 -0400
-
-monkeysphere (0.14-1) experimental; urgency=low
-
- * changing debian packaging back to format 1.0 so we get automatic
- tarballs, and easier inclusion in other build networks.
- * no other source changes.
-
- -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 04 Sep 2008 13:03:35 -0400
-
-monkeysphere (0.13-1) experimental; urgency=low
-
- [ Daniel Kahn Gillmor ]
- * tweaks in /usr/bin/monkeysphere to handle odd secret keyrings.
- * updated makefile to reflect the package building technique we've been
- using for a month now.
-
- [ Jameson Graef Rollins ]
- * move location of user config directory to ~/.monkeysphere.
-
- -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 03 Sep 2008 17:26:10 -0400
-
-monkeysphere (0.12-1) experimental; urgency=low
-
- [ Jameson Graef Rollins ]
- * Improved output handling. New LOG_LEVEL variable.
-
- [ Daniel Kahn Gillmor ]
- * debian/control: switched Homepage: and Vcs-Git: to canonicalized
- upstream hostnames.
- * updated documentation for new release.
- * changed my associated e-mail address for this package.
-
- -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 02 Sep 2008 18:54:29 -0400
-
-monkeysphere (0.11-1) experimental; urgency=low
-
- [ Jameson Graef Rollins ]
- * fix bug in trustdb update on add/revoke-hostname.
-
- [ Daniel Kahn Gillmor ]
- * debian/control: added Build-Depends: git-core for the new packaging
- format
- * new subcommand: monkeysphere subkey-to-ssh-agent (relies on a patched
- GnuTLS to deal with GPG's gnu-dummy S2K extension, but fails cleanly
- if not found).
-
- -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Wed, 20 Aug 2008 11:24:35 -0400
-
-monkeysphere (0.10-1) experimental; urgency=low
-
- [ Jameson Graef Rollins ]
- * brown paper bag release: invert test on calculated validity of keys.
-
- -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Mon, 18 Aug 2008 16:22:34 -0400
-
-monkeysphere (0.9-1) experimental; urgency=low
-
- [ Daniel Kahn Gillmor ]
- * implemented "monkeysphere-server extend-key" to adjust expiration
- date of host key.
- * removed "monkeysphere-server fingerprint". Use "monkeysphere-server
- show-key" instead.
-
- [ Jameson Graef Rollins ]
- * fixed bug in user id processing that prevented bad primary keys from
- being properly removed.
-
- -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Mon, 18 Aug 2008 15:42:12 -0400
-
-monkeysphere (0.8-1) experimental; urgency=low
-
- [ Daniel Kahn Gillmor ]
- * debian/control: switched Vcs-Git to use "centralized" git repo instead
- of my own.
- * More monkeysphere-server diagnostics
- * monkeysphere --gen-subkey now guesses what KeyID you meant.
- * added Recommends: ssh-askpass to ensure monkeysphere --gen-subkey
- works sensibly under X11
-
- [ Jameson Graef Rollins ]
- * fix another bug when known_hosts files are missing.
- * sort processed keys so that "good" keys are processed after "bad"
- keys. This will prevent malicious bad keys from causing good keys to
- be removed from key files.
- * enabled host key publication.
- * added checking of gpg.conf for keyserver
- * new functions to add/revoke host key user IDs
- * improved list-certifiers function (now non-privileged)
-
- -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Mon, 18 Aug 2008 12:43:37 -0400
-
-monkeysphere (0.7-1) experimental; urgency=low
-
- [ Daniel Kahn Gillmor ]
- * Added monkeysphere-server diagnostics subcommand.
- * rebuilding package using Format: 3.0 (git)
-
- [ Jameson Graef Rollins ]
- * fix how check for file modification is done.
- * rework out user id processing is done to provide more verbose log
- output.
- * fix bug in monkeysphpere update-authorized_keys subcommand where
- disallowed keys failed to be remove from authorized_keys file.
-
- -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Mon, 04 Aug 2008 10:47:41 -0400
-
-monkeysphere (0.6-1) experimental; urgency=low
-
- [ Jameson Graef Rollins ]
- * Fix bug in return on error of ssh-proxycommand.
-
- [ Daniel Kahn Gillmor ]
- * try socat if netcat is not available in proxycommand.
-
- -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Tue, 29 Jul 2008 10:27:20 -0400
-
-monkeysphere (0.5-1) experimental; urgency=low
-
- [ Daniel Kahn Gillmor ]
- * updated READMEs to match current state of code
-
- [ Jameson Graef Rollins ]
- * Tweak how empty authorized_user_ids and known_hosts files are handled.
- * Do not fail when authorized_user_ids or known_hosts file is not found.
-
- -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Mon, 28 Jul 2008 10:50:02 -0400
-
-monkeysphere (0.4-1) experimental; urgency=low
-
- [ Daniel Kahn Gillmor ]
- * New version.
- * Fixed return code error in openpgp2ssh
-
- [ Jameson Graef Rollins ]
- * Privilege separation: use monkeysphere user to handle maintenance of
- the gnupg authentication keychain for server.
- * Improved certifier key management.
- * Fixed variable scoping and config file precedence.
- * Add options for key generation and add-certifier functions.
- * Fix return codes for known_host and authorized_keys updating
- functions.
- * Add write permission check on authorized_keys, known_hosts, and
- authorized_user_ids files.
-
- -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Tue, 22 Jul 2008 21:50:17 -0400
-
-monkeysphere (0.3-1) experimental; urgency=low
-
- [ Daniel Kahn Gillmor ]
- * new version.
-
- [ Jameson Graef Rollins ]
- * Move files in /var/cache/monkeysphere and GNUPGHOME for server to
- the more appropriate /var/lib/monkeysphere.
-
- -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Tue, 24 Jun 2008 00:55:29 -0400
-
-monkeysphere (0.2-2) experimental; urgency=low
-
- * added lockfile-progs dependency
-
- -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Mon, 23 Jun 2008 19:34:05 -0400
-
-monkeysphere (0.2-1) experimental; urgency=low
-
- [ Daniel Kahn Gillmor ]
- * openpgp2ssh now supports specifying keys by full fingerprint.
-
- [ Jameson Graef Rollins ]
- * Add AUTHORIZED_USER_IDS config variable for server, which defaults to
- %h/.config/monkeysphere/authorized_user_ids, instead of
- /etc/monkeysphere/authorized_user_ids.
- * Remove {update,remove}-userids functions, since we decided they
- weren't useful enough to be worth maintaining.
- * Better handling of unknown users in server update-users
- * Add file locking when modifying known_hosts or authorized_keys
- * Better failure/prompting for gen-subkey
- * Add ability to set any owner trust level for keys in server keychain.
-
- -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Mon, 23 Jun 2008 17:03:19 -0400
-
-monkeysphere (0.1-1) experimental; urgency=low
-
- * First release of debian package for monkeysphere.
- * This is experimental -- please report bugs!
-
- -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Thu, 19 Jun 2008 00:34:53 -0400
-
+++ /dev/null
-Source: monkeysphere
-Section: net
-Priority: extra
-Maintainer: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-Uploaders: Jameson Graef Rollins <jrollins@finestructure.net>
-Build-Depends: debhelper (>= 7.0), libgnutls-dev (>= 2.4.0)
-Standards-Version: 3.8.0.1
-Homepage: http://web.monkeysphere.info/
-Vcs-Git: git://git.monkeysphere.info/monkeysphere
-Dm-Upload-Allowed: yes
-
-Package: monkeysphere
-Architecture: any
-Depends: openssh-client, gnupg, coreutils (>= 6) | base64, lockfile-progs | procfile, adduser, ${shlibs:Depends}
-Recommends: netcat | socat, ssh-askpass
-Enhances: openssh-client, openssh-server
-Description: use the OpenPGP web of trust to verify ssh connections
- SSH key-based authentication is tried-and-true, but it lacks a true
- Public Key Infrastructure for key certification, revocation and
- expiration. Monkeysphere is a framework that uses the OpenPGP web of
- trust for these PKI functions. It can be used in both directions:
- for users to get validated host keys, and for hosts to authenticate
- users.
+++ /dev/null
-Format-Specification: http://wiki.debian.org/Proposals/CopyrightFormat?action=recall&rev=226
-Debianized-By: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-Debianized-Date: Fri Jun 13 10:19:16 EDT 2008
-Original-Source: http://web.monkeysphere.info/download
-
-Files: *
-Copyright: Copyright 2008 Jameson Rollins <jrollins@fifthhorseman.net>,
- Daniel Kahn Gillmor <dkg@fifthhorseman.net>,
- Jamie McClelland <jamie@mayfirst.org>,
- Micah Anderson <micah@riseup.net>,
- Matthew Goins <mjgoins@openflows.com>,
- Mike Castleman <mlcastle@mlcastle.net>,
- Elliot Winard <enw@caveteen.com>,
- Ross Glover <ross@ross.mayfirst.org>,
- Greg Lyle <greg@stealthisemail.com>
-
-License: GPL-3+
- This package is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
- .
- On Debian systems, the complete text of the GNU General Public License
- can be found in file "/usr/share/common-licenses/GPL".
+++ /dev/null
-var/lib/monkeysphere
-var/lib/monkeysphere/authorized_keys
-var/lib/monkeysphere/tmp
-usr/bin
-usr/sbin
-usr/share
-usr/share/monkeysphere
-usr/share/man
-usr/share/man/man1
-usr/share/man/man7
-usr/share/man/man8
-etc/monkeysphere
+++ /dev/null
-#!/bin/sh -e
-
-# postinst script for monkeysphere
-
-# Author: Jameson Rollins <jrollins@fifthhorseman.net>
-# Copyright 2008
-
-ETC="/etc/monkeysphere"
-VARLIB="/var/lib/monkeysphere"
-
-if ! getent passwd monkeysphere >/dev/null ; then
- echo "adding monkeysphere user..."
- adduser --quiet --system --no-create-home --group \
- --home "$VARLIB" \
- --shell '/bin/bash' \
- --gecos 'monkeysphere authentication user,,,' \
- monkeysphere
-fi
-
-# install host gnupg home directory
-install --owner root --group monkeysphere --mode 750 -d "$VARLIB"/gnupg-host
-# link in the gpg.conf
-ln -sTf "$ETC"/gnupg-host.conf "$VARLIB"/gnupg-host/gpg.conf
-
-# install authentication gnupg home directory
-install --owner monkeysphere --group monkeysphere --mode 700 -d "$VARLIB"/gnupg-authentication
-# link in the gpg.conf
-ln -sTf "$ETC"/gnupg-authentication.conf "$VARLIB"/gnupg-authentication/gpg.conf
+++ /dev/null
-#!/bin/sh -e
-
-# postrm script for monkeysphere
-
-# Author: Jameson Rollins <jrollins@fifthhorseman.net>
-# Copyright 2008
-
-case $1 in
- purge)
- rmdir --ignore-fail-on-non-empty /var/lib/monkeysphere || true
- echo "removing monkeysphere user..."
- userdel monkeysphere > /dev/null || true
- ;;
-esac
-
-# dh_installdeb will replace this with shell code automatically
-# generated by other debhelper scripts.
-
-#DEBHELPER#
-
-exit 0
+++ /dev/null
-#!/bin/sh -e
-
-# preinst script for monkeysphere
-
-# Author: Jameson Rollins <jrollins@fifthhorseman.net>
-# Copyright 2008
-
-ETC="/etc/monkeysphere"
-VARLIB="/var/lib/monkeysphere"
-
-# move the gpg.conf files from the GNUPGHOMEs if they're there to
-# /etc, where they will be linked back into the GNUPGHOMEs later
-if [ -f "$VARLIB"/gnupg-host/gpg.conf -a ! -L "$VARLIB"/gnupg-host/gpg.conf ] ; then
- mv "$VARLIB"/gnupg-host/gpg.conf "$ETC"/gpg-host.conf
- chown root:root "$ETC"/gpg-host.conf
- ln -s "$ETC"/gpg-host.conf "$VARLIB"/gnupg-host/gpg.conf
-fi
-if [ -f "$VARLIB"/gnupg-authentication/gpg.conf -a ! -L "$VARLIB"/gnupg-authentication/gpg.conf ] ; then
- mv "$VARLIB"/gnupg-authentication/gpg.conf "$ETC"/gpg-authentication.conf
- chown root:root "$ETC"/gpg-authentication.conf
- ln -s "$ETC"/gpg-authentication.conf "$VARLIB"/gnupg-authentication/gpg.conf
-fi
+++ /dev/null
-#!/usr/bin/make -f
-%:
- dh $@
* Configured /etc/nullmailer/remotes to have mail.riseup.net so remote delivery will work
* Removed the hundreds of queued cron emails that had resulted in 30gig of mail.err logs
* Rotated the giant logs out
+
+2009-01-11 - dkg
+ * extended the expiration date for george's key three months into
+ the future.
+ * aptitude update && aptitude full-upgrade (brings monkeysphere to
+ 0.22-1)
2008-10-29 - dkg
* aptitude update && aptitude full-upgrade
--- /dev/null
+******************************************************************************
+* *
+* zimmermann system log *
+* *
+******************************************************************************
+* Please add new entries in reverse chronological order whenever you make *
+* changes to this system (first command at top, last at bottom) *
+******************************************************************************
+
+2008-11-29 - dkg
+ * zimmermann now uses an X.509 certificate signed by the MF/PL CA
+ for its HTTPS connection.
+
+2008-11-19 - dkg
+ * added 10 SKS peers as a result of feedback from sks-devel.
+ * set localtime to America/New_York via dpkg-reconfigure tzdata
+ * aptitude update && aptitude full-upgrade
+ * set up /var/lib/sks/www/index.html based on
+ doc/zimmermann/index.html from this repo.
+ * made nginx proxy plain ol' HTTP on port 80 also so that SKS does
+ not need to try to listen on a privileged port.
+ * turned on initial_stat and stat_hour: 3 in /etc/sks/sksconf
+
+2008-11-19 - mlc
+ * aptitude install nginx
+ * get rid of /etc/nginx/sites-enabled/default
+ * create /etc/nginx/sites-available/https-proxy and make a symlink
+ to it in the sites-enabled directory
+ * invoke-rc.d nginx start
+
+2008-11-17 - micah
+ * verified the SHA256 values for the key material
+ * /usr/lib/sks/sks_build.sh (chose option #2: normalbuild)
+ * chown -R debian-sks:debian-sks /var/lib/sks
+ * edit /etc/default/sks to enable the initscript
+ * /etc/init.d/sks start
+ * rm -rf /var/lib/sks/dump
+
+2008-11-15 - micah
+ * aptitude update && aptitude full-upgrade
+ * aptitude install sks
+ * cd /var/lib/sks/dump ; wget -q -r -np -nd -A bz2,SHA256,asc \
+ http://nynex.net/keydump/ -e robots=off
+ * install monkeysphere 0.21-2 package
+ * apt-get install bzip2 ; bunzip2 /var/lib/sks/dump/*.bz2
+
+2008-11-15 - jamie
+ * aptitude install esmtp-run mailx
+ * edited /etc/esmtp-run, configured to relay to bulk.mayfirst.org
--- /dev/null
+server {
+ listen 443;
+ server_name zimmermann.mayfirst.org;
+ ssl on;
+ ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
+ ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
+ ssl_ciphers HIGH:MEDIUM:!ADH;
+
+ access_log off;
+
+ location / {
+ proxy_pass http://localhost:11371/;
+ }
+}
--- /dev/null
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+ <head>
+ <title>SKS Search Page</title>
+ <meta http-equiv="content-type" content="text/html; charset="utf-8">
+ <meta name="author" content="Yaron M. Minsky/Jack Cummings/Daniel Kahn Gillmor">
+ </head>
+ <body text="#000000" bgcolor="#ffffff" link="#000099" vlink="#990099" alink="#000099">
+ <h1><a href="http://www.nongnu.org/sks/">SKS OpenPGP Keyserver</a> <br> @zimmermann.mayfirst.org</h1>
+ <p> SKS is a OpenPGP keyserver whose goal is to provide easy to deploy, decentralized, and highly reliable synchronization. That means that a key submitted to one SKS server will quickly be distributed to all key servers, and even wildly out-of-date servers, or servers that experience spotty connectivity, can fully synchronize with rest of the system. </p>
+ <p>You can find out more about SKS, along with links to graphs of the network status <a href="http://www.nongnu.org/sks/">here</a>.</p>
+ <table cellpadding="2" cellspacing="2" border="1" width="600" bgcolor="#ddddff">
+ <tr>
+ <td valign="top">
+ <h3>Extract a key</h3>
+ <p>You can extract a key by typing in some words that appear in the userid
+ of the key you're looking for, or by typing in the keyid in hex format ("0x...")</p>
+ <p>
+ <form action="/pks/lookup" method="get">
+ Search String: <input name="search" size="40"> <br>
+ Show PGP "fingerprints" for keys
+ <input type="checkbox" name="fingerprint"> <br>
+ Show SKS full-key hashes
+ <input type="checkbox" name="hash"> <br>
+ Search for keys: <br>
+ <input type="radio" name="op" value="index" CHECKED> get index of matching keys <br>
+ <input type="radio" name="op" value="vindex"> get verbose index of matching keys <br>
+ <input type="radio" name="op" value="get"> retrieve ascii-armored keys <br>
+ <input type="radio" name="op" value="hget"> retrieve keys by full-key hash
+ <br>
+ <input type="reset" value="Reset">
+ <input type="submit">
+ </form>
+ <br>
+ </td>
+ </tr>
+ <tr>
+ <td valign="top">
+ <h3>Submit a key</h3>
+ You can submit a key by simply pasting in the ASCII-armored version
+ of your key and clicking on submit.
+ <form action="/pks/add" method="post">
+ <textarea name="keytext" rows="20" cols="66"></textarea> <br>
+ <input type="reset" value="Reset">
+ <input type="submit" value="Submit this key to the keyserver!">
+ </form>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <h3>
+ Access
+ </h3>
+ To use this server directly via HKP add this to your .PGP keyserver list:<br>
+
+<pre>x-hkp://zimmermann.mayfirst.org
+http://zimmermann.mayfirst.org:11371</pre>
+
+ You can also select a random server by adding this to your keyserver list:<br>
+
+<pre>x-hkp://pool.sks-keyservers.net
+http://pool.sks-keyservers.net:11371</pre>
+
+ </td>
+ </tr>
+ </tbody>
+ </table>
+
+<hr>
+ [<a href="/pks/lookup?op=stats">Server Status</a>] If you have any questions
+ about or problems with this server, please <a href="https://support.mayfirst.org/newticket?summary=zimmermann.mayfirst.org%20trouble">open a ticket</a>.
+ </body>
+</html>
--- /dev/null
+monkeysphere (0.23~pre-1) UNRELEASED; urgency=low
+
+ * New upstream release:
+ - added better checks for the existence of a host private key for
+ functions that require it to be there.
+ - add checks for root users, for functions where it is required.
+ - get rid of getopts.
+ - added version output option
+ - check that existing authentication keys are valid in gen_key
+ function.
+
+ -- Jameson Graef Rollins <jrollins@finestructure.net> Tue, 30 Dec 2008 20:21:16 -0500
+
+monkeysphere (0.22-1) unstable; urgency=low
+
+ * New upstream release:
+ [ Jameson Graef Rollins ]
+
+ - added info log output when a new key is added to known_hosts file.
+ - added some useful output to the ssh-proxycommand for "marginal"
+ cases where keys are found for host but do not have full validity.
+ - force ssh-keygen to read from stdin to get ssh key fingerprint.
+
+ [ Daniel Kahn Gillmor ]
+
+ - automatically output two copies of the host's public key: one
+ standard ssh public key file, and the other a minimal OpenPGP key with
+ just the latest valid self-sig.
+ - debian/control: corrected alternate dependency from procfile to
+ procmail (which provides /usr/bin/lockfile)
+
+ -- Jameson Graef Rollins <jrollins@finestructure.net> Fri, 28 Nov 2008 14:23:31 -0500
+
+monkeysphere (0.21-2) unstable; urgency=low
+
+ * actually rmdir /var/lib/monkeysphere-* during prerm if possible.
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sat, 15 Nov 2008 16:36:57 -0500
+
+monkeysphere (0.21-1) unstable; urgency=low
+
+ * New upstream release:
+ - move debian packaging to packaging subdirectory.
+ * Add debian prerm script, and add debhelper lines to other install
+ scripts.
+ * Initial release to Debian (Closes: #505806)
+
+ -- Jameson Graef Rollins <jrollins@finestructure.net> Sat, 15 Nov 2008 16:14:27 -0500
+
+monkeysphere (0.20-1) unstable; urgency=low
+
+ [ Daniel Kahn Gillmor ]
+ * ensure that tempdirs are properly created, bail out otherwise instead
+ of stumbling ahead.
+ * minor fussing with the test script to make it cleaner.
+
+ [ Jameson Graef Rollins ]
+ * clean up Makefile to generate more elegant source tarballs.
+ * make myself the maintainer.
+
+ -- Jameson Graef Rollins <jrollins@finestructure.net> Sat, 15 Nov 2008 13:12:57 -0500
+
+monkeysphere (0.19-1) experimental; urgency=low
+
+ [ Daniel Kahn Gillmor ]
+ * simulating an X11 session in the test script.
+ * updated packaging so that symlinks to config files are correct.
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 29 Oct 2008 02:47:49 -0400
+
+monkeysphere (0.18-1) experimental; urgency=low
+
+ [ Jameson Graef Rollins ]
+ * Fix bugs in authorized_{user_ids,keys} file permission checking.
+ * Add new monkeysphere tmpdir to enable atomic moves of authorized_keys
+ files.
+ * chown authorized_keys files to `whoami`, for compatibility with test
+ suite.
+ * major improvements to test suite, added more tests.
+
+ [ Daniel Kahn Gillmor ]
+ * update make install to ensure placement of
+ /etc/monkeysphere/gnupg-{host,authentication}.conf
+ * choose either --quick-random or --debug-quick-random depending on
+ which gpg supports for the test suite.
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 29 Oct 2008 00:41:38 -0400
+
+monkeysphere (0.17-1) experimental; urgency=low
+
+ [ Jameson Graef Rollins ]
+ * Fix some bugs in, and cleanup, authorized_keys file creation in
+ monkeysphere-server update-users.
+ * Move to using the empty string for not adding a user-controlled
+ authorized_keys file in the RAW_AUTHORIZED_KEYS variable.
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 28 Oct 2008 02:04:22 -0400
+
+monkeysphere (0.16-1) experimental; urgency=low
+
+ [ Daniel Kahn Gillmor ]
+ * replaced "#!/bin/bash" with "#!/usr/bin/env bash" for better
+ portability.
+ * fixed busted lockfile arrangement, where empty file was being locked
+ * portability fixes in the way we use date, mktemp, hostname, su
+ * stop using /usr/bin/stat, since the syntax appears to be totally
+ unportable
+ * require GNU getopt, and test for getopt failures (look for getopt in
+ /usr/local/bin first, since that's where FreeBSD's GNU-compatible
+ getopt lives.
+ * monkeysphere-server diagnostics now counts problems and suggests a
+ re-run after they have been resolved.
+ * completed basic test suite: this can be run from the git sources or
+ the tarball with: cd tests && ./basic
+
+ [ Jameson Graef Rollins ]
+ * Genericize fs location variables.
+ * break out gpg.conf files into SYSCONFIGDIR, and not auto-generated at
+ install.
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sun, 26 Oct 2008 03:06:18 -0400
+
+monkeysphere (0.15-1) experimental; urgency=low
+
+ * porting work and packaging simplification: clarifying makefiles,
+ pruning dependencies, etc.
+ * added tests to monkeysphere-server diagnostics
+ * moved monkeysphere(5) to section 7 of the manual
+ * now shipping TODO in /usr/share/doc/monkeysphere
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 04 Sep 2008 19:08:40 -0400
+
+monkeysphere (0.14-1) experimental; urgency=low
+
+ * changing debian packaging back to format 1.0 so we get automatic
+ tarballs, and easier inclusion in other build networks.
+ * no other source changes.
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 04 Sep 2008 13:03:35 -0400
+
+monkeysphere (0.13-1) experimental; urgency=low
+
+ [ Daniel Kahn Gillmor ]
+ * tweaks in /usr/bin/monkeysphere to handle odd secret keyrings.
+ * updated makefile to reflect the package building technique we've been
+ using for a month now.
+
+ [ Jameson Graef Rollins ]
+ * move location of user config directory to ~/.monkeysphere.
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 03 Sep 2008 17:26:10 -0400
+
+monkeysphere (0.12-1) experimental; urgency=low
+
+ [ Jameson Graef Rollins ]
+ * Improved output handling. New LOG_LEVEL variable.
+
+ [ Daniel Kahn Gillmor ]
+ * debian/control: switched Homepage: and Vcs-Git: to canonicalized
+ upstream hostnames.
+ * updated documentation for new release.
+ * changed my associated e-mail address for this package.
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 02 Sep 2008 18:54:29 -0400
+
+monkeysphere (0.11-1) experimental; urgency=low
+
+ [ Jameson Graef Rollins ]
+ * fix bug in trustdb update on add/revoke-hostname.
+
+ [ Daniel Kahn Gillmor ]
+ * debian/control: added Build-Depends: git-core for the new packaging
+ format
+ * new subcommand: monkeysphere subkey-to-ssh-agent (relies on a patched
+ GnuTLS to deal with GPG's gnu-dummy S2K extension, but fails cleanly
+ if not found).
+
+ -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Wed, 20 Aug 2008 11:24:35 -0400
+
+monkeysphere (0.10-1) experimental; urgency=low
+
+ [ Jameson Graef Rollins ]
+ * brown paper bag release: invert test on calculated validity of keys.
+
+ -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Mon, 18 Aug 2008 16:22:34 -0400
+
+monkeysphere (0.9-1) experimental; urgency=low
+
+ [ Daniel Kahn Gillmor ]
+ * implemented "monkeysphere-server extend-key" to adjust expiration
+ date of host key.
+ * removed "monkeysphere-server fingerprint". Use "monkeysphere-server
+ show-key" instead.
+
+ [ Jameson Graef Rollins ]
+ * fixed bug in user id processing that prevented bad primary keys from
+ being properly removed.
+
+ -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Mon, 18 Aug 2008 15:42:12 -0400
+
+monkeysphere (0.8-1) experimental; urgency=low
+
+ [ Daniel Kahn Gillmor ]
+ * debian/control: switched Vcs-Git to use "centralized" git repo instead
+ of my own.
+ * More monkeysphere-server diagnostics
+ * monkeysphere --gen-subkey now guesses what KeyID you meant.
+ * added Recommends: ssh-askpass to ensure monkeysphere --gen-subkey
+ works sensibly under X11
+
+ [ Jameson Graef Rollins ]
+ * fix another bug when known_hosts files are missing.
+ * sort processed keys so that "good" keys are processed after "bad"
+ keys. This will prevent malicious bad keys from causing good keys to
+ be removed from key files.
+ * enabled host key publication.
+ * added checking of gpg.conf for keyserver
+ * new functions to add/revoke host key user IDs
+ * improved list-certifiers function (now non-privileged)
+
+ -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Mon, 18 Aug 2008 12:43:37 -0400
+
+monkeysphere (0.7-1) experimental; urgency=low
+
+ [ Daniel Kahn Gillmor ]
+ * Added monkeysphere-server diagnostics subcommand.
+ * rebuilding package using Format: 3.0 (git)
+
+ [ Jameson Graef Rollins ]
+ * fix how check for file modification is done.
+ * rework out user id processing is done to provide more verbose log
+ output.
+ * fix bug in monkeysphpere update-authorized_keys subcommand where
+ disallowed keys failed to be remove from authorized_keys file.
+
+ -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Mon, 04 Aug 2008 10:47:41 -0400
+
+monkeysphere (0.6-1) experimental; urgency=low
+
+ [ Jameson Graef Rollins ]
+ * Fix bug in return on error of ssh-proxycommand.
+
+ [ Daniel Kahn Gillmor ]
+ * try socat if netcat is not available in proxycommand.
+
+ -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Tue, 29 Jul 2008 10:27:20 -0400
+
+monkeysphere (0.5-1) experimental; urgency=low
+
+ [ Daniel Kahn Gillmor ]
+ * updated READMEs to match current state of code
+
+ [ Jameson Graef Rollins ]
+ * Tweak how empty authorized_user_ids and known_hosts files are handled.
+ * Do not fail when authorized_user_ids or known_hosts file is not found.
+
+ -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Mon, 28 Jul 2008 10:50:02 -0400
+
+monkeysphere (0.4-1) experimental; urgency=low
+
+ [ Daniel Kahn Gillmor ]
+ * New version.
+ * Fixed return code error in openpgp2ssh
+
+ [ Jameson Graef Rollins ]
+ * Privilege separation: use monkeysphere user to handle maintenance of
+ the gnupg authentication keychain for server.
+ * Improved certifier key management.
+ * Fixed variable scoping and config file precedence.
+ * Add options for key generation and add-certifier functions.
+ * Fix return codes for known_host and authorized_keys updating
+ functions.
+ * Add write permission check on authorized_keys, known_hosts, and
+ authorized_user_ids files.
+
+ -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Tue, 22 Jul 2008 21:50:17 -0400
+
+monkeysphere (0.3-1) experimental; urgency=low
+
+ [ Daniel Kahn Gillmor ]
+ * new version.
+
+ [ Jameson Graef Rollins ]
+ * Move files in /var/cache/monkeysphere and GNUPGHOME for server to
+ the more appropriate /var/lib/monkeysphere.
+
+ -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Tue, 24 Jun 2008 00:55:29 -0400
+
+monkeysphere (0.2-2) experimental; urgency=low
+
+ * added lockfile-progs dependency
+
+ -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Mon, 23 Jun 2008 19:34:05 -0400
+
+monkeysphere (0.2-1) experimental; urgency=low
+
+ [ Daniel Kahn Gillmor ]
+ * openpgp2ssh now supports specifying keys by full fingerprint.
+
+ [ Jameson Graef Rollins ]
+ * Add AUTHORIZED_USER_IDS config variable for server, which defaults to
+ %h/.config/monkeysphere/authorized_user_ids, instead of
+ /etc/monkeysphere/authorized_user_ids.
+ * Remove {update,remove}-userids functions, since we decided they
+ weren't useful enough to be worth maintaining.
+ * Better handling of unknown users in server update-users
+ * Add file locking when modifying known_hosts or authorized_keys
+ * Better failure/prompting for gen-subkey
+ * Add ability to set any owner trust level for keys in server keychain.
+
+ -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Mon, 23 Jun 2008 17:03:19 -0400
+
+monkeysphere (0.1-1) experimental; urgency=low
+
+ * First release of debian package for monkeysphere.
+ * This is experimental -- please report bugs!
+
+ -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Thu, 19 Jun 2008 00:34:53 -0400
+
--- /dev/null
+Source: monkeysphere
+Section: net
+Priority: extra
+Maintainer: Jameson Graef Rollins <jrollins@finestructure.net>
+Uploaders: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+Build-Depends: debhelper (>= 7.0), libgnutls-dev (>= 2.4.0)
+Standards-Version: 3.8.0.1
+Homepage: http://web.monkeysphere.info/
+Vcs-Git: git://git.monkeysphere.info/monkeysphere
+Dm-Upload-Allowed: yes
+
+Package: monkeysphere
+Architecture: any
+Depends: openssh-client, gnupg, coreutils (>= 6) | base64, lockfile-progs | procmail, adduser, ${shlibs:Depends}
+Recommends: netcat | socat, ssh-askpass
+Enhances: openssh-client, openssh-server
+Description: use the OpenPGP web of trust to verify ssh connections
+ SSH key-based authentication is tried-and-true, but it lacks a true
+ Public Key Infrastructure for key certification, revocation and
+ expiration. Monkeysphere is a framework that uses the OpenPGP web of
+ trust for these PKI functions. It can be used in both directions:
+ for users to get validated host keys, and for hosts to authenticate
+ users.
--- /dev/null
+Format-Specification: http://wiki.debian.org/Proposals/CopyrightFormat?action=recall&rev=226
+Debianized-By: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+Debianized-Date: Fri Jun 13 10:19:16 EDT 2008
+Original-Source: http://web.monkeysphere.info/download
+
+Files: *
+Copyright: Copyright 2008 Jameson Rollins <jrollins@fifthhorseman.net>,
+ Daniel Kahn Gillmor <dkg@fifthhorseman.net>,
+ Jamie McClelland <jamie@mayfirst.org>,
+ Micah Anderson <micah@riseup.net>,
+ Matthew Goins <mjgoins@openflows.com>,
+ Mike Castleman <mlcastle@mlcastle.net>,
+ Elliot Winard <enw@caveteen.com>,
+ Ross Glover <ross@ross.mayfirst.org>,
+ Greg Lyle <greg@stealthisemail.com>
+
+License: GPL-3+
+ This package is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+ .
+ On Debian systems, the complete text of the GNU General Public License
+ can be found in file "/usr/share/common-licenses/GPL".
--- /dev/null
+var/lib/monkeysphere
+var/lib/monkeysphere/authorized_keys
+var/lib/monkeysphere/tmp
+usr/bin
+usr/sbin
+usr/share
+usr/share/monkeysphere
+usr/share/man
+usr/share/man/man1
+usr/share/man/man7
+usr/share/man/man8
+etc/monkeysphere
--- /dev/null
+#!/bin/sh -e
+
+# postinst script for monkeysphere
+
+# Author: Jameson Rollins <jrollins@fifthhorseman.net>
+# Copyright 2008
+
+ETC="/etc/monkeysphere"
+VARLIB="/var/lib/monkeysphere"
+
+if ! getent passwd monkeysphere >/dev/null ; then
+ echo "adding monkeysphere user..."
+ adduser --quiet --system --no-create-home --group \
+ --home "$VARLIB" \
+ --shell '/bin/bash' \
+ --gecos 'monkeysphere authentication user,,,' \
+ monkeysphere
+fi
+
+# install host gnupg home directory
+install --owner root --group monkeysphere --mode 750 -d "$VARLIB"/gnupg-host
+# link in the gpg.conf
+ln -sTf "$ETC"/gnupg-host.conf "$VARLIB"/gnupg-host/gpg.conf
+
+# install authentication gnupg home directory
+install --owner monkeysphere --group monkeysphere --mode 700 -d "$VARLIB"/gnupg-authentication
+# link in the gpg.conf
+ln -sTf "$ETC"/gnupg-authentication.conf "$VARLIB"/gnupg-authentication/gpg.conf
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
--- /dev/null
+#!/bin/sh -e
+
+# postrm script for monkeysphere
+
+# Author: Jameson Rollins <jrollins@fifthhorseman.net>
+# Copyright 2008
+
+case $1 in
+ purge)
+ echo "removing monkeysphere user..."
+ userdel monkeysphere > /dev/null || true
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
--- /dev/null
+#!/bin/sh -e
+
+# preinst script for monkeysphere
+
+# Author: Jameson Rollins <jrollins@fifthhorseman.net>
+# Copyright 2008
+
+ETC="/etc/monkeysphere"
+VARLIB="/var/lib/monkeysphere"
+
+# move the gpg.conf files from the GNUPGHOMEs if they're there to
+# /etc, where they will be linked back into the GNUPGHOMEs later
+if [ -f "$VARLIB"/gnupg-host/gpg.conf -a ! -L "$VARLIB"/gnupg-host/gpg.conf ] ; then
+ mv "$VARLIB"/gnupg-host/gpg.conf "$ETC"/gpg-host.conf
+ chown root:root "$ETC"/gpg-host.conf
+ ln -s "$ETC"/gpg-host.conf "$VARLIB"/gnupg-host/gpg.conf
+fi
+if [ -f "$VARLIB"/gnupg-authentication/gpg.conf -a ! -L "$VARLIB"/gnupg-authentication/gpg.conf ] ; then
+ mv "$VARLIB"/gnupg-authentication/gpg.conf "$ETC"/gpg-authentication.conf
+ chown root:root "$ETC"/gpg-authentication.conf
+ ln -s "$ETC"/gpg-authentication.conf "$VARLIB"/gnupg-authentication/gpg.conf
+fi
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
--- /dev/null
+#!/bin/sh -e
+
+# prerm script for monkeysphere
+
+# Author: Jameson Rollins <jrollins@fifthhorseman.net>
+# Copyright 2008
+
+VARLIB="/var/lib/monkeysphere"
+
+rm -f "$VARLIB"/gnupg-host/gpg.conf
+rm -f "$VARLIB"/gnupg-authentication/gpg.conf
+rmdir --ignore-fail-on-non-empty "$VARLIB"/gnupg-host
+rmdir --ignore-fail-on-non-empty "$VARLIB"/gnupg-authentication
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
--- /dev/null
+#!/usr/bin/make -f
+%:
+ dh $@
#
PORTNAME= monkeysphere
-PORTVERSION= 0.19
+PORTVERSION= 0.22
CATEGORIES= security
MASTER_SITES= http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/
# hack for debian orig tarballs
-MD5 (monkeysphere_0.19.orig.tar.gz) = 64c643dd0ab642bbc8814aec1718000e
-SHA256 (monkeysphere_0.19.orig.tar.gz) = 321b77c1e10fe48ffbef8491893f5dd22842c35c11464efa7893150ce756a522
-SIZE (monkeysphere_0.19.orig.tar.gz) = 68335
+MD5 (monkeysphere_0.22.orig.tar.gz) = 2bb00c86323409b98aff53f94d9ce0a6
+SHA256 (monkeysphere_0.22.orig.tar.gz) = 2566facda807a67a4d2d6de3833cccfa0b78b454909e8d25f47a235a9e621b24
+SIZE (monkeysphere_0.22.orig.tar.gz) = 70245
export SYSSHAREDIR
. "${SYSSHAREDIR}/common" || exit 1
+--- src/monkeysphere-ssh-proxycommand.orig
++++ src/monkeysphere-ssh-proxycommand
+@@ -16,7 +16,7 @@
+ ########################################################################
+ PGRM=$(basename $0)
+
+-SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"}
++SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/local/share/monkeysphere"}
+ export SYSSHAREDIR
+ . "${SYSSHAREDIR}/common" || exit 1
+
@unexec if cmp -s %D/etc/monkeysphere/monkeysphere-server.conf.sample %D/etc/monkeysphere/monkeysphere-server.conf; then rm -f %D/etc/monkeysphere/monkeysphere-server.conf; fi
etc/monkeysphere/monkeysphere-server.conf.sample
@exec if [ ! -f %D/etc/monkeysphere/monkeysphere-server.conf ] ; then cp -p %D/%F %B/monkeysphere-server.conf; fi
+@unexec if cmp -s %D/etc/monkeysphere/gnupg-host.conf.sample %D/etc/monkeysphere/gnupg-host.conf; then rm -f %D/etc/monkeysphere/gnupg-host.conf; fi
+etc/monkeysphere/gnupg-host.conf.sample
+@exec if [ ! -f %D/etc/monkeysphere/gnupg-host.conf ] ; then cp -p %D/%F %B/gnupg-host.conf; fi
+@unexec if cmp -s %D/etc/monkeysphere/gnupg-authentication.conf.sample %D/etc/monkeysphere/gnupg-authentication.conf; then rm -f %D/etc/monkeysphere/gnupg-authentication.conf; fi
+etc/monkeysphere/gnupg-authentication.conf.sample
+@exec if [ ! -f %D/etc/monkeysphere/gnupg-authentication.conf ] ; then cp -p %D/%F %B/gnupg-authentication.conf; fi
@dirrm share/doc/monkeysphere
@dirrm share/monkeysphere
@dirrm etc/monkeysphere
--- /dev/null
+http://www.rpm-based.org/how-to-create-rpm-package
--- /dev/null
+Name: monkeysphere
+Summary: use the OpenPGP web of trust to verify ssh connections
+Version: 0.22~pre
+Release: 1
+License: GPLv3
+Group: net
+URL: http://web.monkeysphere.info/
+
+Source: http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_%{version}.orig.tar.gz
+
+%description
+SSH key-based authentication is tried-and-true, but it lacks a true
+Public Key Infrastructure for key certification, revocation and
+expiration. Monkeysphere is a framework that uses the OpenPGP web of
+trust for these PKI functions. It can be used in both directions: for
+users to get validated host keys, and for hosts to authenticate users.
+
+Monkeysphere is free software released under the GNU General Public
+License (GPL).
+
+%prep
+%setup -q
+
+%build
+%{__make}
+
+%install
+%{__rm} -rf %{buildroot}
+Prefix=%{buildroot}/usr
+%makeinstall
+
+%clean
+%{__rm} -rf %{buildroot}
+
+%files
+%defattr(-, root, root, 0755)
+
+%changelog
+* Sat Nov 22 2008 -
+- Initial release.
SYSCONFIGDIR=${MONKEYSPHERE_SYSCONFIGDIR:-"/etc/monkeysphere"}
export SYSCONFIGDIR
+# monkeysphere version
+VERSION=__VERSION__
+
########################################################################
### UTILITY FUNCTIONS
local shortunits
# try things the GNU way first
- if date -d "$number $longunits" "$format" >&/dev/null ; then
+ if date -d "$number $longunits" "$format" >/dev/null 2>&1; then
date -d "$number $longunits" "$format"
else
# otherwise, convert to (a limited version of) BSD date syntax:
;;
'uid') # user ids
if [ "$lastKey" != pub ] ; then
- log verbose " - got a user ID after a sub key?! user IDs should only follow primary keys!"
+ log verbose " ! got a user ID after a sub key?! user IDs should only follow primary keys!"
continue
fi
# if an acceptable user ID was already found, skip
if [ "$validity" = 'u' -o "$validity" = 'f' ] ; then
# mark user ID acceptable
uidOK=true
+ else
+ log debug " - unacceptable user ID validity ($validity)."
fi
else
continue
# if sub key validity is not ok, skip
if [ "$validity" != 'u' -a "$validity" != 'f' ] ; then
+ log debug " - unacceptable sub key validity ($validity)."
continue
fi
# if sub key capability is not ok, skip
if ! check_capability "$usage" $requiredCapability ; then
+ log debug " - unacceptable sub key capability ($usage)."
continue
fi
process_host_known_hosts() {
local host
local userID
+ local noKey=
local nKeys
local nKeysOK
local ok
continue
fi
- # remove the old host key line, and note if removed
- remove_line "$KNOWN_HOSTS" "$sshKey"
+ # remove any old host key line, and note if removed nothing is
+ # removed
+ remove_line "$KNOWN_HOSTS" "$sshKey" || noKey=true
# if key OK, add new host line
if [ "$ok" -eq '0' ] ; then
else
ssh2known_hosts "$host" "$sshKey" >> "$KNOWN_HOSTS"
fi
+
+ # log if this is a new key to the known_hosts file
+ if [ "$noKey" ] ; then
+ log info "* new key for $host added to known_hosts file."
+ fi
fi
done
--- /dev/null
+#!/usr/bin/perl -w -T
+
+# pem2openpgp: take a PEM-encoded RSA private-key on standard input, a
+# User ID as the first argument, and generate an OpenPGP secret key
+# and certificate from it.
+
+# WARNING: the secret key material *will* appear on stdout (albeit in
+# OpenPGP form) -- if you redirect stdout to a file, make sure the
+# permissions on that file are appropriately locked down!
+
+# Usage:
+
+# pem2openpgp 'ssh://'$(hostname -f) < /etc/ssh/ssh_host_rsa_key | gpg --import
+
+# Authors:
+# Jameson Rollins <jrollins@finestructure.net>
+# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+# Started on: 2009-01-07 02:01:19-0500
+
+# License: GPL v3 or later (we may need to adjust this given that this
+# connects to OpenSSL via perl)
+
+use strict;
+use warnings;
+use Crypt::OpenSSL::RSA;
+use Crypt::OpenSSL::Bignum;
+use Crypt::OpenSSL::Bignum::CTX;
+use Digest::SHA1;
+use MIME::Base64;
+
+## make sure all length() and substr() calls use bytes only:
+use bytes;
+
+my $uid = shift;
+
+# FIXME: fail if there is no given user ID; or should we default to
+# hostname_long() from Sys::Hostname::Long ?
+
+
+
+# see RFC 4880 section 9.1 (ignoring deprecated algorithms for now)
+my $asym_algos = { rsa => 1,
+ elgamal => 16,
+ dsa => 17,
+ };
+
+# see RFC 4880 section 9.2
+my $ciphers = { plaintext => 0,
+ idea => 1,
+ tripledes => 2,
+ cast5 => 3,
+ blowfish => 4,
+ aes128 => 7,
+ aes192 => 8,
+ aes256 => 9,
+ twofish => 10,
+ };
+
+# see RFC 4880 section 9.3
+my $zips = { uncompressed => 0,
+ zip => 1,
+ zlib => 2,
+ bzip2 => 3,
+ };
+
+# see RFC 4880 section 9.4
+my $digests = { md5 => 1,
+ sha1 => 2,
+ ripemd160 => 3,
+ sha256 => 8,
+ sha384 => 9,
+ sha512 => 10,
+ sha224 => 11,
+ };
+
+# see RFC 4880 section 5.2.3.21
+my $usage_flags = { certify => 0x01,
+ sign => 0x02,
+ encrypt_comms => 0x04,
+ encrypt_storage => 0x08,
+ encrypt => 0x0c, ## both comms and storage
+ split => 0x10, # the private key is split via secret sharing
+ authenticate => 0x20,
+ shared => 0x80, # more than one person holds the entire private key
+ };
+
+# see RFC 4880 section 4.3
+my $packet_types = { pubkey_enc_session => 1,
+ sig => 2,
+ symkey_enc_session => 3,
+ onepass_sig => 4,
+ seckey => 5,
+ pubkey => 6,
+ sec_subkey => 7,
+ compressed_data => 8,
+ symenc_data => 9,
+ marker => 10,
+ literal => 11,
+ trust => 12,
+ uid => 13,
+ pub_subkey => 14,
+ uat => 17,
+ symenc_w_integrity => 18,
+ mdc => 19,
+ };
+
+# see RFC 4880 section 5.2.1
+my $sig_types = { binary_doc => 0x00,
+ text_doc => 0x01,
+ standalone => 0x02,
+ generic_certification => 0x10,
+ persona_certification => 0x11,
+ casual_certification => 0x12,
+ positive_certification => 0x13,
+ subkey_binding => 0x18,
+ primary_key_binding => 0x19,
+ key_signature => 0x1f,
+ key_revocation => 0x20,
+ subkey_revocation => 0x28,
+ certification_revocation => 0x30,
+ timestamp => 0x40,
+ thirdparty => 0x50,
+ };
+
+
+# see RFC 4880 section 5.2.3.1
+my $subpacket_types = { sig_creation_time => 2,
+ sig_expiration_time => 3,
+ exportable => 4,
+ trust_sig => 5,
+ regex => 6,
+ revocable => 7,
+ key_expiration_time => 9,
+ preferred_cipher => 11,
+ revocation_key => 12,
+ issuer => 16,
+ notation => 20,
+ preferred_digest => 21,
+ preferred_compression => 22,
+ keyserver_prefs => 23,
+ preferred_keyserver => 24,
+ primary_uid => 25,
+ policy_uri => 26,
+ usage_flags => 27,
+ signers_uid => 28,
+ revocation_reason => 29,
+ features => 30,
+ signature_target => 31,
+ embedded_signature => 32,
+ };
+
+# bitstring (see RFC 4880 section 5.2.3.24)
+my $features = { mdc => 0x01
+ };
+
+# bitstring (see RFC 4880 5.2.3.17)
+my $keyserver_prefs = { nomodify => 0x80
+ };
+
+###### end lookup tables ######
+
+# FIXME: if we want to be able to interpret openpgp data as well as
+# produce it, we need to produce key/value-swapped lookup tables as well.
+
+
+########### Math/Utility Functions ##############
+
+
+# see the bottom of page 43 of RFC 4880
+sub simple_checksum {
+ my $bytes = shift;
+
+ return unpack("%32W*",$bytes) % 65536;
+}
+
+# calculate the multiplicative inverse of a mod b this is euclid's
+# extended algorithm. For more information see:
+# http://en.wikipedia.org/wiki/Extended_Euclidean_algorithm the
+# arguments here should be Crypt::OpenSSL::Bignum objects. $a should
+# be the larger of the two values, and the two values should be
+# coprime.
+
+sub modular_multi_inverse {
+ my $a = shift;
+ my $b = shift;
+
+ my $ctx = Crypt::OpenSSL::Bignum::CTX->new();
+ my $x = Crypt::OpenSSL::Bignum->zero();
+ my $y = Crypt::OpenSSL::Bignum->one();
+ my $lastx = Crypt::OpenSSL::Bignum->one();
+ my $lasty = Crypt::OpenSSL::Bignum->zero();
+
+ while (! $b->is_zero()) {
+ my ($quotient, $remainder) = $a->div($b, $ctx);
+
+ $a = $b;
+ $b = $remainder;
+
+ my $temp = $x;
+ $x = $lastx->sub($quotient->mul($x, $ctx));
+ $lastx = $temp;
+
+ $temp = $y;
+ $y = $lasty->sub($quotient->mul($y, $ctx));
+ $lasty = $temp;
+ }
+
+ if (!$a->is_one()) {
+ die "did this math wrong.\n";
+ }
+
+ return $lastx;
+}
+
+
+############ OpenPGP formatting functions ############
+
+# make an old-style packet out of the given packet type and body.
+# old-style (see RFC 4880 section 4.2)
+sub make_packet {
+ my $type = shift;
+ my $body = shift;
+
+ my $len = length($body);
+
+ my $lenbytes;
+ my $lencode;
+
+ if ($len < 2**8) {
+ $lenbytes = 0;
+ $lencode = 'C';
+ } elsif ($len < 2**16) {
+ $lenbytes = 1;
+ $lencode = 'n';
+ } elsif ($len < 2**31) {
+ ## not testing against full 32 bits because i don't want to deal
+ ## with potential overflow.
+ $lenbytes = 2;
+ $lencode = 'N';
+ } else {
+ ## what the hell do we do here?
+ $lenbytes = 3;
+ $lencode = '';
+ }
+
+ return pack('C'.$lencode, 0x80 + ($type * 4) + $lenbytes, $len).
+ $body;
+}
+
+
+# takes a Crypt::OpenSSL::Bignum, returns it formatted as OpenPGP MPI
+# (RFC 4880 section 3.2)
+sub mpi_pack {
+ my $num = shift;
+
+ my $val = $num->to_bin();
+ my $mpilen = length($val)*8;
+
+# this is a kludgy way to get the number of significant bits in the
+# first byte:
+ my $bitsinfirstbyte = length(sprintf("%b", ord($val)));
+
+ $mpilen -= (8 - $bitsinfirstbyte);
+
+ return pack('n', $mpilen).$val;
+}
+
+# FIXME: genericize these to accept either RSA or DSA keys:
+sub make_rsa_pub_key_body {
+ my $key = shift;
+ my $timestamp = shift;
+
+ my ($n, $e) = $key->get_key_parameters();
+
+ return
+ pack('CN', 4, $timestamp).
+ pack('C', $asym_algos->{rsa}).
+ mpi_pack($n).
+ mpi_pack($e);
+}
+
+sub make_rsa_sec_key_body {
+ my $key = shift;
+ my $timestamp = shift;
+
+ # we're not using $a and $b, but we need them to get to $c.
+ my ($n, $e, $d, $p, $q) = $key->get_key_parameters();
+
+ my $secret_material = mpi_pack($d).
+ mpi_pack($p).
+ mpi_pack($q).
+ mpi_pack(modular_multi_inverse($p, $q));
+
+ # according to Crypt::OpenSSL::RSA, the closest value we can get out
+ # of get_key_parameters is 1/q mod p; but according to sec 5.5.3 of
+ # RFC 4880, we're actually looking for u, the multiplicative inverse
+ # of p, mod q. This is why we're calculating the value directly
+ # with modular_multi_inverse.
+
+ return
+ pack('CN', 4, $timestamp).
+ pack('C', $asym_algos->{rsa}).
+ mpi_pack($n).
+ mpi_pack($e).
+ pack('C', 0). # seckey material is not encrypted -- see RFC 4880 sec 5.5.3
+ $secret_material.
+ pack('n', simple_checksum($secret_material));
+}
+
+# expects an RSA key (public or private) and a timestamp
+sub fingerprint {
+ my $key = shift;
+ my $timestamp = shift;
+
+ my $rsabody = make_rsa_pub_key_body($key, $timestamp);
+
+ return Digest::SHA1::sha1(pack('Cn', 0x99, length($rsabody)).$rsabody);
+}
+
+# we're just not dealing with newline business right now. slurp in
+# the whole file.
+undef $/;
+my $buf = <STDIN>;
+
+
+my $rsa = Crypt::OpenSSL::RSA->new_private_key($buf);
+
+$rsa->use_sha1_hash();
+
+# see page 22 of RFC 4880 for why i think this is the right padding
+# choice to use:
+$rsa->use_pkcs1_padding();
+
+if (! $rsa->check_key()) {
+ die "key does not check";
+}
+
+my $version = pack('C', 4);
+# strong assertion of identity:
+my $sigtype = pack('C', $sig_types->{positive_certification});
+# RSA
+my $pubkey_algo = pack('C', $asym_algos->{rsa});
+# SHA1
+my $hash_algo = pack('C', $digests->{sha1});
+
+# FIXME: i'm worried about generating a bazillion new OpenPGP
+# certificates from the same key, which could easily happen if you run
+# this script more than once against the same key (because the
+# timestamps will differ). How can we prevent this?
+
+# could an environment variable (if set) override the current time, to
+# be able to create a standard key? If we read the key from a file
+# instead of stdin, should we use the creation time on the file?
+my $timestamp = time();
+
+my $creation_time_packet = pack('CCN', 5, $subpacket_types->{sig_creation_time}, $timestamp);
+
+
+# FIXME: HARDCODED: what if someone wants to select a different set of
+# usage flags? For now, we do only authentication because that's what
+# monkeysphere needs.
+my $usage_packet = pack('CCC', 2, $subpacket_types->{usage_flags}, $usage_flags->{authenticate});
+
+
+# FIXME: HARDCODED: how should we determine how far off to set the
+# expiration date? default is to expire in 2 days, which is insanely
+# short (but good for testing). The user ought to be able to decide
+# this directly, rather than having to do "monkeysphere-server
+# extend-key".
+my $expires_in = 86400*2;
+my $expiration_packet = pack('CCN', 5, $subpacket_types->{key_expiration_time}, $expires_in);
+
+
+# prefer AES-256, AES-192, AES-128, CAST5, 3DES:
+my $pref_sym_algos = pack('CCCCCCC', 6, $subpacket_types->{preferred_cipher},
+ $ciphers->{aes256},
+ $ciphers->{aes192},
+ $ciphers->{aes128},
+ $ciphers->{cast5},
+ $ciphers->{tripledes}
+ );
+
+# prefer SHA-1, SHA-256, RIPE-MD/160
+my $pref_hash_algos = pack('CCCCC', 4, $subpacket_types->{preferred_digest},
+ $digests->{sha1},
+ $digests->{sha256},
+ $digests->{ripemd160}
+ );
+
+# prefer ZLIB, BZip2, ZIP
+my $pref_zip_algos = pack('CCCCC', 4, $subpacket_types->{preferred_compression},
+ $zips->{zlib},
+ $zips->{bzip2},
+ $zips->{zip}
+ );
+
+# we support the MDC feature:
+my $feature_subpacket = pack('CCC', 2, $subpacket_types->{features},
+ $features->{mdc});
+
+# keyserver preference: only owner modify (???):
+my $keyserver_pref = pack('CCC', 2, $subpacket_types->{keyserver_prefs},
+ $keyserver_prefs->{nomodify});
+
+my $subpackets_to_be_hashed =
+ $creation_time_packet.
+ $usage_packet.
+ $expiration_packet.
+ $pref_sym_algos.
+ $pref_hash_algos.
+ $pref_zip_algos.
+ $feature_subpacket.
+ $keyserver_pref;
+
+my $subpacket_octets = pack('n', length($subpackets_to_be_hashed));
+
+my $sig_data_to_be_hashed =
+ $version.
+ $sigtype.
+ $pubkey_algo.
+ $hash_algo.
+ $subpacket_octets.
+ $subpackets_to_be_hashed;
+
+my $pubkey = make_rsa_pub_key_body($rsa, $timestamp);
+my $seckey = make_rsa_sec_key_body($rsa, $timestamp);
+
+my $key_data = make_packet($packet_types->{pubkey}, $pubkey);
+
+# take the last 8 bytes of the fingerprint as the keyid:
+my $keyid = substr(fingerprint($rsa, $timestamp), 20 - 8, 8);
+
+# the v4 signature trailer is:
+
+# version number, literal 0xff, and then a 4-byte count of the
+# signature data itself.
+my $trailer = pack('CCN', 4, 0xff, length($sig_data_to_be_hashed));
+
+my $uid_data =
+ pack('CN', 0xb4, length($uid)).
+ $uid;
+
+my $datatosign =
+ $key_data.
+ $uid_data.
+ $sig_data_to_be_hashed.
+ $trailer;
+
+my $data_hash = Digest::SHA1::sha1_hex($datatosign);
+
+
+my $issuer_packet = pack('CCa8', 9, $subpacket_types->{issuer}, $keyid);
+
+my $sig = Crypt::OpenSSL::Bignum->new_from_bin($rsa->sign($datatosign));
+
+my $sig_body =
+ $sig_data_to_be_hashed.
+ pack('n', length($issuer_packet)).
+ $issuer_packet.
+ pack('n', hex(substr($data_hash, 0, 4))).
+ mpi_pack($sig);
+
+print
+ make_packet($packet_types->{seckey}, $seckey).
+ make_packet($packet_types->{uid}, $uid).
+ make_packet($packet_types->{sig}, $sig_body);
+
+
subcommands:
update-known_hosts (k) [HOST]... update known_hosts file
update-authorized_keys (a) update authorized_keys file
+ import-subkey (i) import existing ssh key as gpg subkey
+ --keyfile (-f) FILE key file to import
+ --expire (-e) EXPIRE date to expire
gen-subkey (g) [KEYID] generate an authentication subkey
--length (-l) BITS key length in bits (2048)
--expire (-e) EXPIRE date to expire
subkey-to-ssh-agent (s) store authentication subkey in ssh-agent
+ version (v) show version number
help (h,?) this help
EOF
}
-# generate a subkey with the 'a' usage flags set
-gen_subkey(){
- local keyLength
+# import an existing ssh key as a gpg subkey
+import_subkey() {
+ local keyFile="~/.ssh/id_rsa"
local keyExpire
local keyID
local gpgOut
local userID
- # set default key parameter values
- keyLength=
- keyExpire=
-
# get options
- TEMP=$(PATH="/usr/local/bin:$PATH" getopt -o l:e: -l length:,expire: -n "$PGRM" -- "$@") || failure "getopt failed! Does your getopt support GNU-style long options?"
+ while true ; do
+ case "$1" in
+ -f|--keyfile)
+ keyFile="$2"
+ shift 2
+ ;;
+ -e|--expire)
+ keyExpire="$2"
+ shift 2
+ ;;
+ *)
+ if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then
+ failure "Unknown option '$1'.
+Type '$PGRM help' for usage."
+ fi
+ break
+ ;;
+ esac
+ done
- if [ $? != 0 ] ; then
- exit 1
- fi
+ log verbose "importing ssh key..."
+ fifoDir=$(mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX)
+ (umask 077 && mkfifo "$fifoDir/pass")
+ ssh2openpgp | gpg --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --import &
+
+ passphrase_prompt "Please enter your passphrase for $keyID: " "$fifoDir/pass"
+
+ rm -rf "$fifoDir"
+ wait
+ log verbose "done."
+}
- # Note the quotes around `$TEMP': they are essential!
- eval set -- "$TEMP"
+# generate a subkey with the 'a' usage flags set
+gen_subkey(){
+ local keyLength
+ local keyExpire
+ local keyID
+ local gpgOut
+ local userID
+ # get options
while true ; do
case "$1" in
-l|--length)
keyExpire="$2"
shift 2
;;
- --)
- shift
- ;;
- *)
+ *)
+ if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then
+ failure "Unknown option '$1'.
+Type '$PGRM help' for usage."
+ fi
break
;;
esac
done
- if [ -z "$1" ] ; then
- # find all secret keys
- keyID=$(gpg --with-colons --list-secret-keys | grep ^sec | cut -f5 -d: | sort -u)
- # if multiple sec keys exist, fail
- if (( $(echo "$keyID" | wc -l) > 1 )) ; then
- echo "Multiple secret keys found:"
- echo "$keyID"
+ case "$#" in
+ 0)
+ gpgSecOut=$(gpg --quiet --fixed-list-mode --list-secret-keys --with-colons 2>/dev/null | egrep '^sec:')
+ ;;
+ 1)
+ gpgSecOut=$(gpg --quiet --fixed-list-mode --list-secret-keys --with-colons "$1" | egrep '^sec:') || failure
+ ;;
+ *)
+ failure "You must specify only a single primary key ID."
+ ;;
+ esac
+
+ # check that only a single secret key was found
+ case $(echo "$gpgSecOut" | grep -c '^sec:') in
+ 0)
+ failure "No secret keys found. Create an OpenPGP key with the following command:
+ gpg --gen-key"
+ ;;
+ 1)
+ keyID=$(echo "$gpgSecOut" | cut -d: -f5)
+ ;;
+ *)
+ echo "Multiple primary secret keys found:"
+ echo "$gpgSecOut" | cut -d: -f5
failure "Please specify which primary key to use."
+ ;;
+ esac
+
+ # check that a valid authentication key does not already exist
+ IFS=$'\n'
+ for line in $(gpg --quiet --fixed-list-mode --list-keys --with-colons "$keyID") ; do
+ type=$(echo "$line" | cut -d: -f1)
+ validity=$(echo "$line" | cut -d: -f2)
+ usage=$(echo "$line" | cut -d: -f12)
+
+ # look at keys only
+ if [ "$type" != 'pub' -a "$type" != 'sub' ] ; then
+ continue
fi
- else
- keyID="$1"
- fi
- if [ -z "$keyID" ] ; then
- failure "You have no secret key available. You should create an OpenPGP
-key before joining the monkeysphere. You can do this with:
- gpg --gen-key"
- fi
-
- # get key output, and fail if not found
- gpgOut=$(gpg --quiet --fixed-list-mode --list-secret-keys --with-colons \
- "$keyID") || failure
-
- # fail if multiple sec lines are returned, which means the id
- # given is not unique
- if [ $(echo "$gpgOut" | grep -c '^sec:') -gt '1' ] ; then
- failure "Key ID '$keyID' is not unique."
- fi
-
- # prompt if an authentication subkey already exists
- if echo "$gpgOut" | egrep "^(sec|ssb):" | cut -d: -f 12 | grep -q a ; then
- echo "An authentication subkey already exists for key '$keyID'."
- read -p "Are you sure you would like to generate another one? (y/N) " OK; OK=${OK:N}
- if [ "${OK/y/Y}" != 'Y' ] ; then
- failure "aborting."
+ # check for authentication capability
+ if ! check_capability "$usage" 'a' ; then
+ continue
fi
- fi
+ # if authentication key is valid, prompt to continue
+ if [ "$validity" = 'u' ] ; then
+ echo "A valid authentication key already exists for primary key '$keyID'."
+ read -p "Are you sure you would like to generate another one? (y/N) " OK; OK=${OK:N}
+ if [ "${OK/y/Y}" != 'Y' ] ; then
+ failure "aborting."
+ fi
+ break
+ fi
+ done
# set subkey defaults
# prompt about key expiration if not specified
(umask 077 && mkfifo "$fifoDir/pass")
echo "$editCommands" | gpg --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --edit-key "$keyID" &
+ # FIXME: this needs to fail more gracefully if the passphrase is incorrect
passphrase_prompt "Please enter your passphrase for $keyID: " "$fifoDir/pass"
rm -rf "$fifoDir"
log verbose "done."
}
-function subkey_to_ssh_agent() {
+subkey_to_ssh_agent() {
# try to add all authentication subkeys to the agent:
local sshaddresponse
RETURN="$?"
;;
+ 'import-subkey'|'i')
+ import_key "$@"
+ ;;
+
'gen-subkey'|'g')
gen_subkey "$@"
;;
subkey_to_ssh_agent "$@"
;;
+ 'version'|'v')
+ echo "$VERSION"
+ ;;
+
'--help'|'help'|'-h'|'h'|'?')
usage
;;
subcommands:
update-users (u) [USER]... update user authorized_keys files
- gen-key (g) [NAME[:PORT]] generate gpg key for the server
+ import-key (i) import existing ssh key to gpg
+ --hostname (-h) NAME[:PORT] hostname for key user ID
+ --keyfile (-f) FILE key file to import
+ --expire (-e) EXPIRE date to expire
+ gen-key (g) generate gpg key for the host
+ --hostname (-h) NAME[:PORT] hostname for key user ID
--length (-l) BITS key length in bits (2048)
--expire (-e) EXPIRE date to expire
--revoker (-r) FINGERPRINT add a revoker
- extend-key (e) EXPIRE extend expiration to EXPIRE
- add-hostname (n+) NAME[:PORT] add hostname user ID to server key
+ extend-key (e) EXPIRE extend host key expiration
+ add-hostname (n+) NAME[:PORT] add hostname user ID to host key
revoke-hostname (n-) NAME[:PORT] revoke hostname user ID
+ add-revoker (o) FINGERPRINT add a revoker to the host key
+ revoke-key (r) revoke host key
show-key (s) output all server host key information
publish-key (p) publish server host key to keyserver
diagnostics (d) report on server monkeysphere status
remove-id-certifier (c-) KEYID remove a certification key
list-id-certifiers (c) list certification keys
- gpg-authentication-cmd CMD gnupg-authentication command
+ gpg-authentication-cmd CMD give a gpg command to the
+ authentication keyring
+ version (v) show version number
help (h,?) this help
EOF
su_monkeysphere_user "gpg $@"
}
+# check if user is root
+is_root() {
+ [ $(id -u 2>/dev/null) = '0' ]
+}
+
+# check that user is root, for functions that require root access
+check_user() {
+ is_root || failure "You must be root to run this command."
+}
+
# output just key fingerprint
fingerprint_server_key() {
+ # set the pipefail option so functions fails if can't read sec key
+ set -o pipefail
+
gpg_host --list-secret-keys --fingerprint \
--with-colons --fixed-list-mode 2> /dev/null | \
- grep '^fpr:' | head -1 | cut -d: -f10
+ grep '^fpr:' | head -1 | cut -d: -f10 2>/dev/null
+}
+
+# function to check for host secret key
+check_host_keyring() {
+ fingerprint_server_key >/dev/null \
+ || failure "You don't appear to have a Monkeysphere host key on this server. Please run 'monkeysphere-server gen-key' first."
}
# output key information
show_server_key() {
- local fingerprint
- local tmpkey
+ local fingerprintPGP
+ local fingerprintSSH
+ local ret=0
+
+ # FIXME: you shouldn't have to be root to see the host key fingerprint
+ if is_root ; then
+ check_host_keyring
+ fingerprintPGP=$(fingerprint_server_key)
+ gpg_authentication "--fingerprint --list-key --list-options show-unusable-uids $fingerprintPGP" 2>/dev/null
+ echo "OpenPGP fingerprint: $fingerprintPGP"
+ else
+ log info "You must be root to see host OpenPGP fingerprint."
+ ret='1'
+ fi
- fingerprint=$(fingerprint_server_key)
- gpg_authentication "--fingerprint --list-key --list-options show-unusable-uids $fingerprint"
-
- # dumping to a file named ' ' so that the ssh-keygen output
- # doesn't claim any potentially bogus hostname(s):
- tmpkey=$(mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!"
- gpg_authentication "--export $fingerprint" | openpgp2ssh "$fingerprint" 2>/dev/null > "$tmpkey/ "
- echo -n "ssh fingerprint: "
- (cd "$tmpkey" && ssh-keygen -l -f ' ' | awk '{ print $2 }')
- rm -rf "$tmpkey"
- echo -n "OpenPGP fingerprint: "
- echo "$fingerprint"
+ if [ -f "${SYSDATADIR}/ssh_host_rsa_key.pub" ] ; then
+ fingerprintSSH=$(ssh-keygen -l -f "${SYSDATADIR}/ssh_host_rsa_key.pub" | \
+ awk '{ print $1, $2, $4 }')
+ echo "ssh fingerprint: $fingerprintSSH"
+ else
+ log info "SSH host key not found."
+ ret='1'
+ fi
+
+ return $ret
}
# update authorized_keys for users
done
}
+# import an existing ssh key to a gpg key
+import_key() {
+ local hostName=$(hostname -f)
+ local keyFile="/etc/ssh/ssh_host_rsa_key"
+ local keyExpire
+ local userID
+
+ # check for presense of secret key
+ # FIXME: is this the proper test to be doing here?
+ fingerprint_server_key >/dev/null \
+ && failure "An OpenPGP host key already exists."
+
+ # get options
+ while true ; do
+ case "$1" in
+ -h|--hostname)
+ hostName="$2"
+ shift 2
+ ;;
+ -f|--keyfile)
+ keyFile="$2"
+ shift 2
+ ;;
+ -e|--expire)
+ keyExpire="$2"
+ shift 2
+ ;;
+ *)
+ if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then
+ failure "Unknown option '$1'.
+Type '$PGRM help' for usage."
+ fi
+ break
+ ;;
+ esac
+ done
+
+ if [ ! -f "$keyFile" ] ; then
+ failure "SSH secret key file '$keyFile' not found."
+ fi
+
+ userID="ssh://${hostName}"
+
+ # prompt about key expiration if not specified
+ keyExpire=$(get_gpg_expiration "$keyExpire")
+
+ echo "The following key parameters will be used for the host private key:"
+ echo "Import: $keyFile"
+ echo "Name-Real: $userID"
+ echo "Expire-Date: $keyExpire"
+
+ read -p "Import key? (Y/n) " OK; OK=${OK:=Y}
+ if [ ${OK/y/Y} != 'Y' ] ; then
+ failure "aborting."
+ fi
+
+ log verbose "importing ssh key..."
+ # translate ssh key to a private key
+ (umask 077 && \
+ pem2openpgp "$userID" "$keyExpire" < "$sshKey" | gpg_host --import)
+
+ # find the key fingerprint of the newly converted key
+ fingerprint=$(fingerprint_server_key)
+
+ # export host ownertrust to authentication keyring
+ log verbose "setting ultimate owner trust for host key..."
+ echo "${fingerprint}:6:" | gpg_host "--import-ownertrust"
+ echo "${fingerprint}:6:" | gpg_authentication "--import-ownertrust"
+
+ # export public key to file
+ gpg_authentication "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg"
+ log info "SSH host public key in OpenPGP form: ${SYSDATADIR}/ssh_host_rsa_key.pub.gpg"
+
+ # show info about new key
+ show_server_key
+}
+
# generate server gpg key
gen_key() {
- local keyType
- local keyLength
- local keyUsage
+ local keyType="RSA"
+ local keyLength="2048"
+ local keyUsage="auth"
local keyExpire
local revoker
- local hostName
+ local hostName=$(hostname -f)
local userID
local keyParameters
local fingerprint
- # set default key parameter values
- keyType="RSA"
- keyLength="2048"
- keyUsage="auth"
- keyExpire=
- revoker=
+ # check for presense of secret key
+ # FIXME: is this the proper test to be doing here?
+ fingerprint_server_key >/dev/null \
+ && failure "An OpenPGP host key already exists."
# get options
- TEMP=$(PATH="/usr/local/bin:$PATH" getopt -o e:l:r -l expire:,length:,revoker: -n "$PGRM" -- "$@") || failure "getopt failed! Does your getopt support GNU-style long options?"
-
- if [ $? != 0 ] ; then
- exit 1
- fi
-
- # Note the quotes around `$TEMP': they are essential!
- eval set -- "$TEMP"
-
while true ; do
case "$1" in
+ -h|--hostname)
+ hostName="$2"
+ shift 2
+ ;;
-l|--length)
keyLength="$2"
shift 2
revoker="$2"
shift 2
;;
- --)
- shift
- ;;
- *)
+ *)
+ if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then
+ failure "Unknown option '$1'.
+Type '$PGRM help' for usage."
+ fi
break
;;
esac
done
- hostName=${1:-$(hostname -f)}
userID="ssh://${hostName}"
- # check for presense of key with user ID
- if gpg_host --list-key ="$userID" > /dev/null 2>&1 ; then
- failure "Key for '$userID' already exists"
- fi
-
# prompt about key expiration if not specified
keyExpire=$(get_gpg_expiration "$keyExpire")
# set key parameters
- keyParameters=$(cat <<EOF
-Key-Type: $keyType
+ keyParameters=\
+"Key-Type: $keyType
Key-Length: $keyLength
Key-Usage: $keyUsage
Name-Real: $userID
-Expire-Date: $keyExpire
-EOF
-)
+Expire-Date: $keyExpire"
# add the revoker field if specified
# FIXME: the "1:" below assumes that $REVOKER's key is an RSA key.
# FIXME: key is marked "sensitive"? is this appropriate?
if [ "$revoker" ] ; then
- keyParameters="${keyParameters}"$(cat <<EOF
-Revoker: 1:$revoker sensitive
-EOF
-)
+ keyParameters=\
+"${keyParameters}
+Revoker: 1:${revoker} sensitive"
fi
echo "The following key parameters will be used for the host private key:"
fi
# add commit command
- keyParameters="${keyParameters}"$(cat <<EOF
+ # must include blank line!
+ keyParameters=\
+"${keyParameters}
%commit
-%echo done
-EOF
-)
+%echo done"
- log verbose "generating server key..."
+ log verbose "generating host key..."
echo "$keyParameters" | gpg_host --batch --gen-key
- # output the server fingerprint
- fingerprint_server_key "=${userID}"
-
# find the key fingerprint of the newly generated key
fingerprint=$(fingerprint_server_key)
# export host ownertrust to authentication keyring
- log verbose "setting ultimate owner trust for server key..."
+ log verbose "setting ultimate owner trust for host key..."
echo "${fingerprint}:6:" | gpg_authentication "--import-ownertrust"
# translate the private key to ssh format, and export to a file
(umask 077 && \
gpg_host --export-secret-key "$fingerprint" | \
openpgp2ssh "$fingerprint" > "${SYSDATADIR}/ssh_host_rsa_key")
- log info "private SSH host key output to file: ${SYSDATADIR}/ssh_host_rsa_key"
+ log info "SSH host private key output to file: ${SYSDATADIR}/ssh_host_rsa_key"
+ ssh-keygen -y -f "${SYSDATADIR}/ssh_host_rsa_key" > "${SYSDATADIR}/ssh_host_rsa_key.pub"
+ log info "SSH host public key output to file: ${SYSDATADIR}/ssh_host_rsa_key.pub"
+ gpg_authentication "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg"
+ log info "SSH host public key in OpenPGP form: ${SYSDATADIR}/ssh_host_rsa_key.pub.gpg"
+
+ # show info about new key
+ show_server_key
}
# extend the lifetime of a host key:
local fpr=$(fingerprint_server_key)
local extendTo="$1"
- if [ -z "$fpr" ] ; then
- failure "You don't appear to have a MonkeySphere host key on this server. Try 'monkeysphere-server gen-key' first."
- fi
-
# get the new expiration date
extendTo=$(get_gpg_expiration "$extendTo")
save
EOF
- )
+)
# execute edit-key script
if echo "$adduidCommand" | \
fi
}
+# add a revoker to the host key
+add_revoker() {
+ # FIXME: implement!
+ failure "not implemented yet!"
+}
+
+# revoke the host key
+revoke_key() {
+ # FIXME: implement!
+ failure "not implemented yet!"
+}
+
# publish server key to keyserver
publish_server_key() {
read -p "Really publish host key to $KEYSERVER? (y/N) " OK; OK=${OK:=N}
echo " - Recommendation: remove the above HostKey lines from $sshd_config"
problemsfound=$(($problemsfound+1))
fi
+
+ # FIXME: test (with ssh-keyscan?) that the running ssh
+ # daemon is actually offering the monkeysphere host key.
+
fi
fi
depth=1
# get options
- TEMP=$(PATH="/usr/local/bin:$PATH" getopt -o n:t:d: -l domain:,trust:,depth: -n "$PGRM" -- "$@") || failure "getopt failed! Does your getopt support GNU-style long options?"
-
- if [ $? != 0 ] ; then
- exit 1
- fi
-
- # Note the quotes around `$TEMP': they are essential!
- eval set -- "$TEMP"
-
while true ; do
case "$1" in
-n|--domain)
depth="$2"
shift 2
;;
- --)
- shift
- ;;
- *)
+ *)
+ if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then
+ failure "Unknown option '$1'.
+Type '$PGRM help' for usage."
+ fi
break
;;
esac
# export the key to the host keyring
gpg_authentication "--export 0x${fingerprint}!" | gpg_host --import
- if [ "$trust" == marginal ]; then
+ if [ "$trust" = marginal ]; then
trustval=1
- elif [ "$trust" == full ]; then
+ elif [ "$trust" = full ]; then
trustval=2
else
failure "Trust value requested ('$trust') was unclear (only 'marginal' or 'full' are supported)."
case $COMMAND in
'update-users'|'update-user'|'u')
+ check_user
+ check_host_keyring
update_users "$@"
;;
+ 'import-key'|'i')
+ check_user
+ import_key "$@"
+ ;;
+
'gen-key'|'g')
+ check_user
gen_key "$@"
;;
'extend-key'|'e')
+ check_user
+ check_host_keyring
extend_key "$@"
;;
'add-hostname'|'add-name'|'n+')
+ check_user
+ check_host_keyring
add_hostname "$@"
;;
'revoke-hostname'|'revoke-name'|'n-')
+ check_user
+ check_host_keyring
revoke_hostname "$@"
;;
+ 'add-revoker'|'o')
+ check_user
+ check_host_keyring
+ add_revoker "$@"
+ ;;
+
+ 'revoke-key'|'r')
+ check_user
+ check_host_keyring
+ revoke_key "$@"
+ ;;
+
'show-key'|'show'|'s')
show_server_key
;;
'publish-key'|'publish'|'p')
+ check_user
+ check_host_keyring
publish_server_key
;;
'diagnostics'|'d')
+ check_user
diagnostics
;;
'add-identity-certifier'|'add-id-certifier'|'add-certifier'|'c+')
+ check_user
+ check_host_keyring
add_certifier "$@"
;;
'remove-identity-certifier'|'remove-id-certifier'|'remove-certifier'|'c-')
+ check_user
+ check_host_keyring
remove_certifier "$@"
;;
'list-identity-certifiers'|'list-id-certifiers'|'list-certifiers'|'list-certifier'|'c')
+ check_user
+ check_host_keyring
list_certifiers "$@"
;;
'gpg-authentication-cmd')
+ check_user
gpg_authentication_cmd "$@"
;;
+ 'version'|'v')
+ echo "$VERSION"
+ ;;
+
'--help'|'help'|'-h'|'h'|'?')
usage
;;
# established. Can be added to ~/.ssh/config as follows:
# ProxyCommand monkeysphere-ssh-proxycommand %h %p
+########################################################################
+PGRM=$(basename $0)
+
+SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"}
+export SYSSHAREDIR
+. "${SYSSHAREDIR}/common" || exit 1
+
+########################################################################
+# FUNCTIONS
########################################################################
usage() {
-cat <<EOF >&2
+ cat <<EOF >&2
usage: ssh -o ProxyCommand="$(basename $0) %h %p" ...
EOF
}
+log() {
+ echo "$@" >&2
+}
+
+output_no_valid_key() {
+ local sshKeyOffered
+ local userID
+ local type
+ local validity
+ local keyid
+ local uidfpr
+ local usage
+ local sshKeyGPG
+ local tmpkey
+ local sshFingerprint
+ local gpgSigOut
+
+ userID="ssh://${HOSTP}"
+
+ log "-------------------- Monkeysphere warning -------------------"
+ log "Monkeysphere found OpenPGP keys for this hostname, but none had full validity."
+
+ # retrieve the actual ssh key
+ sshKeyOffered=$(ssh-keyscan -t rsa -p "$PORT" "$HOST" 2>/dev/null | awk '{ print $2, $3 }')
+ # FIXME: should we do any checks for failed keyscans, eg. host not
+ # found?
+
+ # get the gpg info for userid
+ gpgOut=$(gpg --list-key --fixed-list-mode --with-colon \
+ --with-fingerprint --with-fingerprint \
+ ="$userID" 2>/dev/null)
+
+ # find all 'pub' and 'sub' lines in the gpg output, which each
+ # represent a retrieved key for the user ID
+ echo "$gpgOut" | cut -d: -f1,2,5,10,12 | \
+ while IFS=: read -r type validity keyid uidfpr usage ; do
+ case $type in
+ 'pub'|'sub')
+ # get the ssh key of the gpg key
+ sshKeyGPG=$(gpg2ssh "$keyid")
+
+ # if one of keys found matches the one offered by the
+ # host, then output info
+ if [ "$sshKeyGPG" = "$sshKeyOffered" ] ; then
+ log "An OpenPGP key matching the ssh key offered by the host was found:"
+ log
+
+ # do some crazy "Here Strings" redirection to get the key to
+ # ssh-keygen, since it doesn't read from stdin cleanly
+ sshFingerprint=$(ssh-keygen -l -f /dev/stdin \
+ <<<$(echo "$sshKeyGPG") | \
+ awk '{ print $2 }')
+
+ # get the sigs for the matching key
+ gpgSigOut=$(gpg --check-sigs \
+ --list-options show-uid-validity \
+ "$keyid")
+
+ # output the sigs, but only those on the user ID
+ # we are looking for
+ echo "$gpgSigOut" | awk '
+{
+if (match($0,"^pub")) { print; }
+if (match($0,"^uid")) { ok=0; }
+if (match($0,"^uid.*'$userID'$")) { ok=1; print; }
+if (ok) { if (match($0,"^sig")) { print; } }
+}
+' >&2
+ log
+
+ # output the other user IDs for reference
+ if (echo "$gpgSigOut" | grep "^uid" | grep -v -q "$userID") ; then
+ log "Other user IDs on this key:"
+ echo "$gpgSigOut" | grep "^uid" | grep -v "$userID" >&2
+ log
+ fi
+
+ # output ssh fingerprint
+ log "RSA key fingerprint is ${sshFingerprint}."
+
+ # this whole process is in a "while read"
+ # subshell. the only way to get information out
+ # of the subshell is to change the return code.
+ # therefore we return 1 here to indicate that a
+ # matching gpg key was found for the ssh key
+ # offered by the host
+ return 1
+ fi
+ ;;
+ esac
+ done
+
+ # if no key match was made (and the "while read" subshell returned
+ # 1) output how many keys were found
+ if (($? != 1)) ; then
+ log "None of the found keys matched the key offered by the host."
+ log "Run the following command for more info about the found keys:"
+ log "gpg --check-sigs --list-options show-uid-validity =${userID}"
+ # FIXME: should we do anything extra here if the retrieved
+ # host key is actually in the known_hosts file and the ssh
+ # connection will succeed? Should the user be warned?
+ # prompted?
+ fi
+
+ log "-------------------- ssh continues below --------------------"
+}
+
########################################################################
# export the monkeysphere log level
PORT="$2"
if [ -z "$HOST" ] ; then
- echo "Host not specified." >&2
+ log "Host not specified."
usage
exit 255
fi
# update the known_hosts file for the host
monkeysphere update-known_hosts "$HOSTP"
+# output on depending on the return of the update-known_hosts
+# subcommand, which is (ultimately) the return code of the
+# update_known_hosts function in common
+case $? in
+ 0)
+ # acceptable host key found so continue to ssh
+ true
+ ;;
+ 1)
+ # no hosts at all found so also continue (drop through to
+ # regular ssh host verification)
+ true
+ ;;
+ 2)
+ # at least one *bad* host key (and no good host keys) was
+ # found, so output some usefull information
+ output_no_valid_key
+ ;;
+ *)
+ # anything else drop through
+ true
+ ;;
+esac
+
+# FIXME: what about the case where monkeysphere successfully finds a
+# valid key for the host and adds it to the known_hosts file, but a
+# different non-monkeysphere key for the host already exists in the
+# known_hosts, and it is this non-ms key that is offered by the host?
+# monkeysphere will succeed, and the ssh connection will succeed, and
+# the user will be left with the impression that they are dealing with
+# a OpenPGP/PKI host key when in fact they are not. should we use
+# ssh-keyscan to compare the keys first?
+
# exec a netcat passthrough to host for the ssh connection
if [ -z "$NO_CONNECT" ] ; then
if (which nc 2>/dev/null >/dev/null); then
# all subcommands in this script should complete without failure:
set -e
+# piped commands should return the code of the first non-zero return
+set -o pipefail
## make sure that the right tools are installed to run the test. the
## test has *more* requirements than plain ol' monkeysphere:
-
which socat || { echo "You must have socat installed to run this test." ; exit 1; }
## FIXME: other checks?
# kill the sshd process if it's still running
kill "$SSHD_PID"
+ SSHD_PID=
set -e
echo "### removing temp dir..."
rm -rf "$TEMPDIR"
+ if [ "$SSHD_PID" ] ; then
+ echo "### killing off lingering sshd..."
+ kill "$SSHD_PID"
+ fi
+
wait
}
+SSHD_PID=
+
## setup trap
trap failed_cleanup EXIT
export SSHD_CONFIG="$TEMPDIR"/sshd_config
export SOCKET="$TEMPDIR"/ssh-socket
-export SSHD_PID=
# Make sure $DISPLAY is set to convince ssh and monkeysphere to fall
# back on $SSH_ASKPASS. Make sure it's not set to the current actual
#!/bin/bash
-VERSION=`head -n1 debian/changelog | sed 's/.*(\([^-]*\)-.*/\1/'`
+VERSION=`head -n1 packaging/debian/changelog | sed 's/.*(\([^-]*\)-.*/\1/'`
{
echo "MD5 (monkeysphere_${VERSION}.orig.tar.gz) =" $(md5sum "monkeysphere_${VERSION}.orig.tar.gz" | cut -f1 -d\ )
#!/bin/bash
-VERSION=`head -n1 debian/changelog | sed 's/.*(\([^)]*\)).*/\1/'`
+VERSION=`head -n1 packaging/debian/changelog | sed 's/.*(\([^)]*\)).*/\1/'`
{
sed "s/__VERSION__/$VERSION/g" < utils/releasenote.header
- head -n$(( $(grep -n '^ --' debian/changelog | head -n1 | cut -f1 -d:) - 2 )) debian/changelog | tail -n+3
+ head -n$(( $(grep -n '^ --' packaging/debian/changelog | head -n1 | cut -f1 -d:) - 2 )) packaging/debian/changelog | tail -n+3
sed "s/__VERSION__/$VERSION/g" < utils/releasenote.footer
} > "website/news/release-$VERSION.mdwn"
# Bugs #
-This is Monkeysphere's bug list. You can also browse our [completed bugs](done).
+The Monkeysphere is moving to a [new issue tracking
+system](https://labs.riseup.net/code/projects/show/monkeysphere),
+hosted at [Riseup Labs](https://labs.riseup.net/code). We're leaving
+this old bug list up during the transition.
-If you don't have commit access to the public repo, we'd appreciate
-you reporting bugs on [the monkeysphere mailing list](/community).
+If you use [Debian](htt[://debian.org), please consider submitting
+your bug to the [Debian BTS](http://bugs.debian.org/monkeysphere).
+
+You can also browse our [completed bugs](done).
+
+Please feel free to also ask any questions on the [the monkeysphere
+mailing list](/community).
[[inline pages="./bugs/* and !./bugs/done and !link(done)
and !*/Discussion" actions=yes postform=yes show=0]]
--- /dev/null
+It would be nice to make all of the Monkeysphere scripts POSIX
+compliant, for portability and light-weightedness. Better POSIX
+compliance would probably at least be better for compatibility with
+o{ther,lder} versions of bash. Unfortunately there are quite a few
+bashism at the moment, so this may not be trivial. For instance:
+
+ servo:~/cmrg/monkeysphere/git 0$ checkbashisms -f src/monkeysphere-server 2>&1 | wc -l
+ 50
+ servo:~/cmrg/monkeysphere/git 0$
+
+It looks like the biggest complication for this would be the
+occasional use of bash arrays.
Are there other ways we can deal with this problem?
--dkg
+
+Here is an example when using monkeysphere-server
+add-identity-certifier on a host with a newly-installed monkeysphere
+installaton. Note that running the same command a second time works
+as expected:
+
+ 0 pip:~# monkeysphere-server c+ 0EE5BE979282D80B9F7540F1CCD2ED94D21739E9
+ gpg: requesting key D21739E9 from hkp server pool.sks-keyservers.net
+ gpg: key D21739E9: public key "Daniel Kahn Gillmor <dkg@fifthhorseman.net>" imported
+ gpg: can't create `/var/lib/monkeysphere/gnupg-host/pubring.gpg.tmp': Permission denied
+ gpg: failed to rebuild keyring cache: file open error
+ gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
+ gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
+ gpg: next trustdb check due at 2009-03-30
+ gpg: Total number processed: 1
+ gpg: imported: 1 (RSA: 1)
+ Could not receive a key with this ID from the 'pool.sks-keyservers.net' keyserver.
+ 255 pip:~# monkeysphere-server c+ 0EE5BE979282D80B9F7540F1CCD2ED94D21739E9
+ gpg: requesting key D21739E9 from hkp server pool.sks-keyservers.net
+ gpg: key D21739E9: "Daniel Kahn Gillmor <dkg@fifthhorseman.net>" not changed
+ gpg: Total number processed: 1
+ gpg: unchanged: 1
+
+ key found:
+ pub 4096R/D21739E9 2007-06-02 [expires: 2012-05-31]
+ Key fingerprint = 0EE5 BE97 9282 D80B 9F75 40F1 CCD2 ED94 D217 39E9
+ uid [ unknown] Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+ uid [ unknown] Daniel Kahn Gillmor <dkg@openflows.com>
+ uid [ unknown] Daniel Kahn Gillmor <dkg@astro.columbia.edu>
+ uid [ unknown] Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>
+ uid [ unknown] [jpeg image of size 3515]
+ sub 2048R/4BFA08E4 2008-06-19 [expires: 2009-06-19]
+ sub 4096R/21484CFF 2007-06-02 [expires: 2012-05-31]
+
+ Are you sure you want to add the above key as a
+ certifier of users on this system? (y/N) y
+ gpg: key D21739E9: public key "Daniel Kahn Gillmor <dkg@fifthhorseman.net>" imported
+ gpg: Total number processed: 1
+ gpg: imported: 1 (RSA: 1)
+ gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
+ gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
+ gpg: next trustdb check due at 2009-03-30
+ gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc.
+ This is free software: you are free to change and redistribute it.
+ There is NO WARRANTY, to the extent permitted by law.
+
+
+ pub 4096R/D21739E9 created: 2007-06-02 expires: 2012-05-31 usage: SC
+ trust: unknown validity: unknown
+ [ unknown] (1). Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+ [ unknown] (2) Daniel Kahn Gillmor <dkg@openflows.com>
+ [ unknown] (3) Daniel Kahn Gillmor <dkg@astro.columbia.edu>
+ [ unknown] (4) Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>
+ [ unknown] (5) [jpeg image of size 3515]
+
+
+ pub 4096R/D21739E9 created: 2007-06-02 expires: 2012-05-31 usage: SC
+ trust: unknown validity: unknown
+ Primary key fingerprint: 0EE5 BE97 9282 D80B 9F75 40F1 CCD2 ED94 D217 39E9
+
+ Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+ Daniel Kahn Gillmor <dkg@openflows.com>
+ Daniel Kahn Gillmor <dkg@astro.columbia.edu>
+ Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>
+ [jpeg image of size 3515]
+
+ This key is due to expire on 2012-05-31.
+ Please decide how far you trust this user to correctly verify other users' keys
+ (by looking at passports, checking fingerprints from different sources, etc.)
+
+ 1 = I trust marginally
+ 2 = I trust fully
+
+
+ Please enter the depth of this trust signature.
+ A depth greater than 1 allows the key you are signing to make
+ trust signatures on your behalf.
+
+
+ Please enter a domain to restrict this signature, or enter for none.
+
+
+ Are you sure that you want to sign this key with your
+ key "ssh://pip.fifthhorseman.net" (9B83C17D)
+
+ The signature will be marked as non-exportable.
+
+
+ gpg: can't create `/var/lib/monkeysphere/gnupg-host/pubring.gpg.tmp': Permission denied
+ gpg: failed to rebuild keyring cache: file open error
+ gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
+ gpg: depth: 0 valid: 1 signed: 1 trust: 0-, 0q, 0n, 0m, 0f, 1u
+ gpg: depth: 1 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 1f, 0u
+ gpg: next trustdb check due at 2009-03-30
+
+ Identity certifier added.
+ 0 pip:~#
--- /dev/null
+Since Monkeysphere is using bash, it would be nice to use the shell
+build in getopts function, instead of the external getopt program.
+This would reduce an external dependency, which would definitely be
+better for portability.
+
+---
+
+So it looks like the sh built-in getopts does not include long options
+(eg. "--expire"). Is it worth getting rid of the long options for
+this?
+
+---
+
+Why not just get rid of getopts altogether and perform a simple
+argument-processing loop with bash string tests? We're only invoking
+getopt in three places, and each invocation is no more complex than
+three arguments -- and most arguments take a separate parameter, which
+means that handling tricky arg blobs like -aCxr are not gonna be
+supported anyway.
--- /dev/null
+I would like to know, at INFO (default) log level, when the
+monkeyspehere makes a "real" modification to my known\_hosts file; that
+is, when it adds or deletes a key.
+
+Apparently this is hard because monkeysphere is currently configured to
+delete all keys and then add good keys, so a key added for the first
+time seems to the monkeysphere very similar to a key re-added ten
+seconds after last login.
+
+Still, from a UI perspective, I want to know what monkeysphere is doing.
+
+------
+
+It looks like jrollins committed a change for reporting at INFO level
+when a host key gets added by the monkeysphere:
+2459fa3ea277d7b9289945748619eab1e3441e5c
+
+When i connect to a host whose key is not already present in my
+known_hosts file, i get the following to stderr:
+
+ ms: * new key for squeak.fifthhorseman.net added to known_hosts file.
+
+This doesn't fully close this bug, because we aren't notifying on key
+deletion, afaict.
+
+------
+
+So current log level DEBUG will output a message if the known host
+file has been modified. If the issue is that you want to know at the
+default log level everytime the known\_hots file is modified, then we
+should just move this message to INFO instead of debug, and then maybe
+remove the message that I added above. I was under the impression
+that the issue was more about notification that a *new* key was added
+to the known\_hosts file, and therefore the new INFO message above
+fixed that problem. Should we do this instead?
+
+In general, more verbose log levels *do* tell the user what the
+monkeysphere is doing. Moving to DEBUG log level will tell you pretty
+much everything that happens. I do *not* think that this should be
+the default log level, though.
+
+------
+
+I wouldn't want to see an extremely verbose default log level. But i
+do think that saying something like "key blah blah blah was stripped
+from your known\_hosts file because it was expired" (for example)
+would be useful. I think this case would occur infrequently enough
+that it is worth reporting in the UI at the regular log level.
+
+ --dkg
# Documentation #
-## Dependencies ##
-
-Monkeysphere relies on:
-
- * [GnuTLS](http://gnutls.org/) version 2.4.0 or later
- * [OpenSSH](http://openssh.com/)
- * [GnuPG](http://gnupg.org/)
-
## Getting started ##
* [Downloading and installing](/download)
* Getting started as a [user](/getting-started-user)
* Getting started as a [server admin](/getting-started-admin)
+
+## Going further ##
+
+ * [Signing host keys](/signing-host-keys)
+
+## Under the hood ##
+
* [Developing the monkeysphere](/community)
+ * [Technical details](/technical-details)
## References ##
- * [Initial specifications at CMRG](http://cmrg.fifthhorseman.net/wiki/OpenPGPandSSH)
+ * [OpenSSH](http://openssh.com/)
+ * [GnuPG](http://www.gnupg.org/)
* [OpenPGP (RFC 4880)](http://tools.ietf.org/html/rfc4880)
* [Secure Shell Authentication Protocol (RFC 4252)](http://tools.ietf.org/html/rfc4252)
* [URI scheme for SSH, RFC draft](http://tools.ietf.org/wg/secsh/draft-ietf-secsh-scp-sftp-ssh-uri/)
+ * [Initial Monkeysphere specifications at CMRG](http://cmrg.fifthhorseman.net/wiki/OpenPGPandSSH)
## Other ##
# Downloading and Installing #
+Once you've installed the packages, please see the [documentation
+page](/doc) to read up on how to get started [as a regular
+user](/getting-started-user) or [as a systems
+administrator](/getting-started-admin).
+
+## Dependencies ##
+
+Monkeysphere relies on:
+
+ * [GnuTLS](http://gnutls.org/)
+ * version 2.4 or later for general use
+ * [version 2.6 or later](/news/gnutls-2.6-enables-monkeysphere) to use the `monkeysphere subkey-to-ssh-agent` subcommand.
+ * [OpenSSH](http://openssh.com/)
+ * [GnuPG](http://gnupg.org/)
+
## Debian ##
-If you are running a Debian system, you can install Monkeysphere
-by following these directions:
+If you are running a [Debian](http://www.debian.org/) system, you can
+install Monkeysphere by following these directions:
You can add this repo to your system by putting the following lines in
`/etc/apt/sources.list.d/monkeysphere.list`:
deb http://archive.monkeysphere.info/debian experimental monkeysphere
deb-src http://archive.monkeysphere.info/debian experimental monkeysphere
-The repository is currently signed by the Monkeysphere archive
-signing key, key id EB8AF314 (fingerprint: `2E8D
-D26C 53F1 197D DF40 3E61 18E6 67F1 EB8A F314`). To cryptographically
+The repository is currently signed by [The Monkeysphere archive
+signing key](/archive-key), key id EB8AF314 (fingerprint: `2E8D D26C
+53F1 197D DF40 3E61 18E6 67F1 EB8A F314`). To cryptographically
verify the packages, you'll want to [add this key to your apt
configuration after verifying its integrity](/archive-key).
To use the `monkeysphere subkey-to-ssh-agent` subcommand, you will
-also need [version 2.6 of GnuTLS](/news/gnutls-2.6-enables-monkeysphere),
-which is available in Debian experimental.
-
-Once you've installed the packages, you might want to read up on how
-to get started [as a regular user](/getting-started-user) or [as a
-systems administrator](/getting-started-admin).
+also need [version 2.6 of
+GnuTLS](/news/gnutls-2.6-enables-monkeysphere), which is available in
+Debian experimental.
## FreeBSD ##
-There is [now a FreeBSD port available](/news/FreeBSD-port-available/)
+There is [now a FreeBSD port available](/news/FreeBSD-port-available)
for the Monkeysphere.
While the monkeysphere is not officially included in the ports tree
cd /usr/ports/security/monkeysphere
make && make install
+To use the `monkeysphere subkey-to-ssh-agent` subcommand, you will
+also need [version 2.6 of
+GnuTLS](/news/gnutls-2.6-enables-monkeysphere), which is [slated to be
+available after the 7.1 ports slush is
+over](http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/127330).
+
## Source ##
For those that would like to download the source directly, [the source
is available](/community) via [git](http://git.or.cz/).
The [latest
-tarball](http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_0.19.orig.tar.gz)
+tarball](http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_0.22.orig.tar.gz)
is also available, and has these checksums:
<pre>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
-checksums for the monkeysphere 0.19 release:
+checksums for the monkeysphere 0.22 release:
MD5:
-64c643dd0ab642bbc8814aec1718000e monkeysphere_0.19.orig.tar.gz
+2bb00c86323409b98aff53f94d9ce0a6 monkeysphere_0.22.orig.tar.gz
SHA1:
-ea3c263b084d2c0b7922cd96677be192201700e4 monkeysphere_0.19.orig.tar.gz
+312882ad192b8e7303e3e0ac9db20ac8ddc529b3 monkeysphere_0.22.orig.tar.gz
SHA256:
-321b77c1e10fe48ffbef8491893f5dd22842c35c11464efa7893150ce756a522 monkeysphere_0.19.orig.tar.gz
+2566facda807a67a4d2d6de3833cccfa0b78b454909e8d25f47a235a9e621b24 monkeysphere_0.22.orig.tar.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
-iQIVAwUBSQgMCRjmZ/HrivMUAQI2Jg//bZoSxx0Nor6uBikRGHQny8LzgUT/0kpv
-xg0eRmL9kQwhGis/sdOiJ9cHykJ1ukhRiIZGfxPBdxiQbWGs9nM6147TGIDgqx6D
-yYIW41dvzTRB0TwjNd7g1q6MaSiDNuU/6dD+ooM3/IiR8PDR7X8we0WhSM63KD+v
-HeMsN51UMhBfeaZ06fxrjYoJCvnp0YNYJpLuvtd5tzxqJCJA2Vh5VqJMbMP/MtbY
-zM/zuNXRI1mJnQZeU++IaAnimX7c7SsGjLaloZG8mapYqqY0tKJ5Yod6aeloq+i5
-wI4gZuuPcgAntD6cnPaqB1ni/d71yywme5F75zpezXGzKzDSh1J5oE6akjMi2lJE
-DSOKp7zb7TvDwXxCl+vOVod81F260gPhonlTsD/LpBfPGPBdWlWP+fFchb9N/a2u
-weCMhUYX1u8Jg/bHIycjoQjPEgZwCkJT9RKF1NTLyWvb4P4a3sPe+fauCMZFbTQ/
-3EYPRBY+PfIDO09XswdB5O3gq6B33ChyWJpdwlXEEHMcFt1FuezuP0avVM9/3ZNp
-MkqalDrUEd65X8o+CE3KjFxjMceVdda9mz2netnoHrFMW6X3mFqE2fTldgHi1mCT
-hMCqpPzY04+HOHYZ0GapR3pvedd4dwhkNYrdpckp+nJMTRfexEPH/NXDVNH/mxKg
-jLoIos0SaiY=
-=VUsz
+iQIVAwUBSTCiPRjmZ/HrivMUAQLg/BAAsdLsCQYSmvYLrYy1HiARtZOckqSOFv5e
+lnoOYEXKCXVjKqYUn4gjOkP2kQlnEOazfXrT/pO4u0AKUbf3C8bPDpIeao8uuPXI
+GG6HOWtsY93a2g8DM9fOzadIwhhBc9U7VwizBwFsxMw6xFTIKfoqqQonfEYFFLb6
+zyJVcfhmmGjgoJ9qA3AlYAf/i3Y/fcXh+YMI5J3Gez3BTVcep41UlcQUyd33pHF6
+aHdSWCzrotFual3fbf0meQewbBCW3JRBsbmCHQltbO/kNrtyfXb3Rp4oLiffcmpI
+DhfpFeonVHnUI9CVHmL7qbnBsgu5Q8l8Fxzu5pyzrGJxlvqBCpG8JM2FI0jJxw6o
+LQkmXCHteYKyopqKz5X0ATCot2Eoc9+kNEHwNWI37XbY7AV1XOOzGiaMjl+w8aUR
+QM8+Gi0h7SU2KuEogIsq1TghsDp3BJpTyBnc72ttLt2BvMzANOJnM8cmQqW8bOpz
+9Jdob+ISKkKG9q0wp61gb+8/f7mZKNtpr2rpRVYyjHgwR5XfbnS+gaD2B1NyG7NY
+yxW7fHpTsuwqcm2ONjZCDpEj0bXM0cL7r8c3J0L5kRCiN05c/KKYTNC70kTwCeQa
+ninihvIJal0Wu3LZxtYmtxuApq3wmc8NPo66C+TC24YGtxxJuZMS1qOlPFIPADIa
+EeBVdDmRbBw=
+=FmCP
-----END PGP SIGNATURE-----
</pre>
--- /dev/null
+[[meta title="Features"]]
+
+# Features #
+
========================================
As the administrator of an SSH server, you can take advantage of the
-monkeysphere in two ways: you can publish the host key of your machine
-so that your users can have it automatically verified, and you can set
-up your machine to automatically identify connecting users by their
-presence in the OpenPGP web of trust.
+monkeysphere in two ways:
+
+1. you can publish the host key of your machine so that your users can
+have it automatically verified, and
+
+2. you can set up your machine to automatically identify connecting
+users by their presence in the OpenPGP web of trust.
+
+These things are not mutually required, and it is in fact possible to
+do one without the other. However, it is highly recommend that you at
+least do the first. Even if you decide that you do not want to use
+the monkeysphere to authenticate users to your system, you should at
+least the host key into the Web of Trust so that your users can be
+sure they're connecting to the correct machine.
+
+
+Monkeysphere for host verification
+==================================
Server host key publication
---------------------------
-To generate and publish a server host key:
+
+To begin, you must first generate a server host key:
# monkeysphere-server gen-key
- # monkeysphere-server publish-key
This will generate the key for server with the service URI
-(`ssh://server.example.net`). The server admin should now sign the
-server key so that people in the admin's web of trust can identify the
-server without manual host key checking:
+(`ssh://server.example.net`). Output the new key information with the
+'show-key' command:
+
+ # monkeysphere-server show-key
+
+Once the key has been generated, it needs to be publish to the Web of
+Trust:
+
+ # monkeysphere-server publish-key
+
+The server admin should now sign the server key so that people in the
+admin's web of trust can identify the server without manual host key
+checking. On your (the admin's) local machine retrieve the host key:
$ gpg --search '=ssh://server.example.net'
+
+Now sign the server key:
+
$ gpg --sign-key '=ssh://server.example.net'
+Make sure you compare the fingerprint of the retrieved with the one
+output with the 'show-key' command above, to verify you are signing
+the correct key. Finally, publish your signatures back to the
+keyservers:
+
+ $ gpg --send-key '=ssh://server.example.net'
Update OpenSSH configuration files
----------------------------------
To use the newly-generated host key for ssh connections, put the
-following line in `/etc/ssh/sshd_config` (be sure to remove references
-to any other keys):
+following line in `/etc/ssh/sshd_config` (be sure to comment out or
+remove any other HostKey references):
HostKey /var/lib/monkeysphere/ssh_host_rsa_key
-FIXME: should we just suggest symlinks in the filesystem here instead?
+FIXME: What about DSA host keys? The SSH RFC seems to require
+implementations support DSA, though OpenSSH will work without a DSA
+host key.
+
+
+Monkeysphere for user authentication
+====================================
+
+A host can maintain ssh `authorized_keys` files automatically for its
+users with the Monkeysphere. These `authorized_keys` files can then
+be used to enable users to use the monkeysphere to authenticate to
+your machine using the OpenPGP web of trust.
-FIXME: What about DSA host keys? The SSH RFC seems to require implementations support DSA, though OpenSSH will work without a DSA host key.
+Before this can happen, the host must first have a host key to use for
+user key verification. If you have not already generated a host key
+(as in the host verification instructions above), generate one now:
-To enable users to use the monkeysphere to authenticate using the
-OpenPGP web of trust, add this line to `/etc/ssh/sshd_config` (again,
-making sure that no other AuthorizedKeysFile directive exists):
+ # monkeysphere-server gen-key
+
+Update OpenSSH configuration files
+----------------------------------
+
+SSH must be configured to point to the monkeysphere generated
+`authorized_keys` file. Add this line to `/etc/ssh/sshd_config`
+(again, making sure that no other AuthorizedKeysFile directive is left
+uncommented):
AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u
-And then read the section below about how to ensure these files are
-maintained. You'll need to restart `sshd` to have your changes take
-effect. As with any change to `sshd_config`, be sure to retain an
-existing session to the machine while you test your changes so you
-don't get locked out.
+You'll need to restart `sshd` to have your changes take effect. As
+with any change to `sshd_config`, be sure to retain an existing
+session to the machine while you test your changes so you don't get
+locked out.
Monkeysphere authorized_keys maintenance
----------------------------------------
-A host can maintain ssh authorized_keys files automatically for its
-users with the Monkeysphere.
-
For each user account on the server, the userids of people authorized
to log into that account would be placed in:
# monkeysphere-server add-identity-certifier $GPGID
-To update the monkeysphere authorized_keys file for user "bob" using
+To update the monkeysphere `authorized_keys` file for user "bob" using
the current set of identity certifiers, run:
# monkeysphere-server update-users bob
-To update the monkeysphere authorized_keys file for all users on the
+To update the monkeysphere `authorized_keys` file for all users on the
the system, run the same command with no arguments:
# monkeysphere-server update-users
This would refresh your keychain every day at noon.
+
Install the monkeysphere software on your system
------------------------------------------------
If you haven't installed monkeysphere yet, you will need to [download
-and install] (/download) before continuing.
+and install](/download) before continuing.
Make sure that you have the GnuTLS library version 2.6 or later
installed on your system. If you can't (or don't want to) upgrade to
GnuTLS 2.6 or later, there are patches for GnuTLS 2.4 available in
[the Monkeysphere git repo](/community).
+
Keeping your `known_hosts` file in sync with your keyring
------------------------------------------------------------
+---------------------------------------------------------
With your keyring updated, you want to make sure that OpenSSH can
still see the most recent trusted information about who the various
command could be added to a crontab as well, if desired.
+
Using `monkeysphere-ssh-proxycommand`(1)
----------------------------------------
you want to add the subkey to on the command line.
+
Using your OpenPGP authentication key for SSH
---------------------------------------------
FIXME: using the key with a single ssh connection?
+
Establish trust
---------------
Monkeysphere***. OpenSSH can be used as is; completely unpatched and
"out of the box".
-## Links ##
+## License ##
-* [OpenSSH](http://openssh.com/)
-* [GnuPG](http://www.gnupg.org/)
-* [Secure Shell Authentication Protocol RFC 4252](http://tools.ietf.org/html/rfc4252)
-* [OpenPGP RFC 4880](http://tools.ietf.org/html/rfc4880)
+All Monkeysphere software is copyright, 2007, by [the
+authors](community), and released under [GPL, version 3 or
+later](http://www.gnu.org/licenses/gpl-3.0.html).
----
overflow: auto;
}
-table.sitenav {
+table.sitenav {
border-bottom: 2px solid black;
padding: 0px;
width: 100%;
font-size: larger;
}
-table.sitenav img.logo {
- margin: 0px;
- padding: 0px;
+table.sitenav img.logo {
+ margin: 0em;
+ padding: 0px;
vertical-align: bottom;
}
+table.sitenav img.title {
+ margin: 0px;
+ padding: 0px;
+ vertical-align: top;
+}
+
table.sitenav a {
font-weight: bold;
margin-right: 1em;
font-size: smaller;
}
-/* trying to align the sitenav links roughly with the text in the monkeysphere logo */
-td#sitenav {
- vertical-align: bottom;
- padding-bottom: 30px;
-}
-
table.sitenav span.selflink {
font-weight: bold;
text-decoration: underline;
--- /dev/null
+[[meta title="Monkeysphere now in Debian!"]]
+
+[The Monkeysphere has made it into
+Debian!](http://packages.debian.org/sid/monkeysphere)
+
+It is in Debian unstable ("sid") now, which means it won't make it
+into the next stable release ("lenny"), but hopefully will make it
+into the stable release after that ("squeeze").
+
+Congratulations to all the work by all the [monkeysphere
+developers](/community), and to Micah Anderson for being our Debian
+sponsor.
+
+Please feel free to start submitting bug reports to the [Debian
+BTS](http://bugs.debian.org/monkeysphere).
--- /dev/null
+[[meta title="Monkeysphere 0.20-1 released!"]]
+
+Monkeysphere 0.20-1 has been released.
+
+Notes from the changelog:
+
+<pre>
+ [ Daniel Kahn Gillmor ]
+ * ensure that tempdirs are properly created, bail out otherwise instead
+ of stumbling ahead.
+ * minor fussing with the test script to make it cleaner.
+
+ [ Jameson Graef Rollins ]
+ * clean up Makefile to generate more elegant source tarballs.
+ * make myself the maintainer.
+</pre>
+
+[[Download]] it now!
--- /dev/null
+[[meta title="Monkeysphere 0.21-1 released!"]]
+
+Monkeysphere 0.21-1 has been released.
+
+Notes from the changelog:
+
+<pre>
+</pre>
+
+[[Download]] it now!
--- /dev/null
+[[meta title="Monkeysphere 0.22-1 released!"]]
+
+Monkeysphere 0.22-1 has been released.
+
+Notes from the changelog:
+
+<pre>
+ * New upstream release:
+ [ Jameson Graef Rollins ]
+
+ - added info log output when a new key is added to known_hosts file.
+ - added some useful output to the ssh-proxycommand for "marginal"
+ cases where keys are found for host but do not have full validity.
+ - force ssh-keygen to read from stdin to get ssh key fingerprint.
+
+ [ Daniel Kahn Gillmor ]
+
+ - automatically output two copies of the host's public key: one
+ standard ssh public key file, and the other a minimal OpenPGP key with
+ just the latest valid self-sig.
+ - debian/control: corrected alternate dependency from procfile to
+ procmail (which provides /usr/bin/lockfile)
+</pre>
+
+[[Download]] it now!
<table class="sitenav" cellpadding="0" cellspacing="0">
-<tbody><tr><td>
-<a class="logo" href="/"><img class="logo" src="/logo.png" alt="monkeysphere" width="343" height="85" /></a>
-</td><td id="sitenav">
-
+<colgroup span="1" width="120" />
+<tr>
+<td rowspan="2"><a href="/"><img class="logo" src="/logo.simple.png" alt="monkeysphere" /></a></td>
+<td><a href="/"><img class="title" src="/logo.title.png" alt="monkeysphere" /></a></td>
+</tr><tr>
+<td>
[[WHY?|why]]
[[DOWNLOAD|download]]
[[DOCUMENTATION|doc]]
[[NEWS|news]]
[[COMMUNITY|community]]
-[[BUGS|bugs]]
+<a href="https://labs.riseup.net/code/wiki/monkeysphere">WIKI</a>
+<a href="https://labs.riseup.net/code/projects/monkeysphere/issues">BUGS</a>
+[[VISION|vision]]
+</td>
+</tr>
+</table>
-</td></tr></tbody></table>
--- /dev/null
+# Signing a host's SSH key using OpenPGP #
+
+This page is meant to address the issue of signing OpenPGP-based SSH
+host keys. Machines are not people, so the circumstances under which
+one should sign a host key are different from those under which one
+should sign another person's key.
+
+# Why are signatures on an SSH host key important? #
+
+In order for users to validate a host (an SSH server) in a
+monkeysphere-enabled network, the host key must have *full* calculated
+validity from the perspective of the connecting user. If the user has
+not themselves signed the server's key, then the server's key can only
+be valid if other people that the user trusts have signed the key.
+
+If only one person has signed the server's key, then the user must
+fully trust the single person who has signed the host key. Full trust
+should be granted sparingly and with consideration, though, so unless
+the user knows the server admin very well, they will in general not
+have full trust of this person.
+
+However, full trust of the host key can also be achieved if the
+server key has been signed by three or more people that the user has
+ *marginal* trust of. In other words, three or more *marginally*
+trusted signatures equals one *fully* trusted signature. It is much
+more common for users to have marginal trust of other users in the Web
+of Trust. For this reason, it is advisable to have as many people
+sign the server key as possible.
+
+## What information should you have before signing a host key? ##
+
+Before signing the key of a person, you want to do two things:
+
+1. verify the identity of the person.
+2. verify that the person is actually in control of the key that you
+are signing.
+
+For a server, you want to do basically the same thing:
+
+1. verify the identity of the server.
+2. verify that the server is actually in control of the key that you
+are signing.
+
+However, verifying these things for a server is less intuitive than it
+is for a human.
+
+Verifying that the host is in control of the key is, in principle,
+straightforward. If you are logged on to the machine in question,
+then you can check directly that the key exists on the system.
+
+What is not so straightforward is what exactly it means to "verify the
+identity" of a remote server on the internet? The identity in this
+case is the fully qualified domain name (FQDN) of the host. Verifying
+this identity amounts to being sure that the host in question really
+is located at that FQDN.
+
+## Signing the host key ##
+
+If you are the person (or persons) that actually setup the server and
+configured Monkeysphere and ssh on the server, then you should sign
+the host key as part of that process. When the server is first set
+up, the administrators who set it up are the only ones who can
+actually vouch for the server key, so their signatures are necessary
+to get things going. Their signatures are also necessary so that they
+can validate the host key themselves and log into the server via
+monkeysphere-enabled ssh in the future.
+
+If you did not set up the server initially, you do not have an
+accumulated full trust of the person(s) who did, and you do not
+necessarily have console access to the server directly, it's hard to
+confidently verify the server identity and key ownership. You would
+like to be able to walk up to the server, log in at the console, and
+get the fingerprint of the ssh host key directly. But this is usually
+impossible.
+
+However, it is still possible to verify the server identity *and*
+server ownership of the key, even in this case.
+
+## Remotely verifying host identity and key possession ##
+
+It is in fact possible to verify the identity and key ownership of a
+server in one fell swoop with monkeysphere-enabled ssh. Here is the
+procedure:
+
+> **Attempt to make a monkeysphere-enabled ssh connection to the host in
+question. Monkeysphere will check that the ssh host key offered by the
+host matches the OpenPGP key with the correct host FQDN user ID. If
+the ssh host key and the OpenPGP key with the correct user ID match,
+then you will have effectively:**
+
+>**1. verified the host identity, because you actually connected to the
+host in question, which you know because you:**
+
+>**2. verified the host is in control of the key, because the ssh host
+key offered by the host matches the OpenPGP key with correct host FQDN
+user ID.**
+
+Here is an example:
+
+ servo:~ 0$ ssh zimmermann.mayfirst.org
+ -------------------- Monkeysphere warning -------------------
+ Monkeysphere found OpenPGP keys for this hostname, but none had full validity.
+ An OpenPGP key matching the ssh key offered by the host was found:
+
+ pub 2048R/860E8F9C 2008-10-29 [expires: 2009-02-26]
+ uid [marginal] ssh://zimmermann.mayfirst.org
+ sig! 76CC057D 2008-11-15 Jamie McClelland <jamie@mayfirst.org>
+ sig!3 860E8F9C 2008-10-29 ssh://zimmermann.mayfirst.org
+ sig! D21739E9 2008-10-29 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+ sig! 1CF2D62A 2008-11-16 Micah Anderson <micah@riseup.net>
+
+ RSA key fingerprint is 81:96:13:3e:24:c9:3c:5b:3c:6d:55:ba:58:85:e9:9e.
+ -------------------- ssh continues below --------------------
+ The authenticity of host 'zimmermann.mayfirst.org (<no hostip for proxy command>)' can't be established.
+ RSA key fingerprint is 81:96:13:3e:24:c9:3c:5b:3c:6d:55:ba:58:85:e9:9e.
+ No matching host key fingerprint found in DNS.
+ Are you sure you want to continue connecting (yes/no)? no
+ Host key verification failed.
+ servo:~ 255$
+
+I have attempted to connect to the host zimmermann.mayfirst.org.
+zimmermann's host key has only *marginal* validity for the FQDN user
+ID in question, so I am not able to connect. However, the
+Monkeysphere has checked that the ssh host key actually does match the
+OpenPGP key with the correct user ID `ssh://zimmermann.mayfirst.org`.
+I have therefore verified the identity of zimmermann, and verified
+that zimmermann is in possession of the key in question.
--- /dev/null
+[[meta title="Technical Details"]]
+
+# Technical Details #
+
+Under construction.
+
+## Host key verification ##
+
+When an ssh connection is initiated, the ssh client checks that the
+host key presented by the server matches one found in the connecting
+user's `known_hosts` file. If so, the ssh client allows the
+connection to continue. If not, the client asks the user if they
+would like to accept the host key for future session by asking the
+user to verify the host key's fingerprint.
+
+### Adding a server to the monkeysphere ###
+
+Servers are "monkeysphere enabled" by generating an OpenPGP
+authentication key for the server, translating the key into on ssh
+key, and publishing the host key to the Web of Trust.
+
+### Verifying a host key ###
+
+## User authentication ##
+
+### Adding an individual to the monkeysphere ###
+
+### Verifying a user key ###
--- /dev/null
+[[meta title="Our vision for the future of the monkeysphere"]]
+
+## External Validation Agent ##
+
+This is probably at the crux of the Monkeysphere vision for the future:
+
+* [Simon Josefsson proposed out-of-process certificate verification model in gnutls-devel](http://news.gmane.org/find-root.php?group=gmane.comp.encryption.gpg.gnutls.devel&article=3231)
+* [Werner Koch's dirmngr](http://www.gnupg.org/documentation/manuals/dirmngr/)
+* [GnuTLS wiki external validation](http://redmine.josefsson.org/wiki/gnutls/GnuTLSExternalValidation)
+* [Pathfinder PKI validation](http://code.google.com/p/pathfinder-pki/) (includes validation plugins for OpenSSL and LibNSS).
+
+## TLS transition strategies ##
+
+While [RFC 5081](http://tools.ietf.org/html/rfc5081) is quite a while
+off from widespread adoption, it would be good to have an interim
+translation step. This is analogous to the SSH work we've done, where
+the on-the-wire protocol remains the same, but the keys themselves are
+looked up in the OpenPGP WoT.
+
+Firefox extensions that deal with certificate validation seem to be
+the easiest path toward demonstrating this technique. We should look
+at:
+
+* [SSL Blacklist](http://codefromthe70s.org/sslblacklist.aspx)
+* [Perspectives](http://www.cs.cmu.edu/~perspectives/firefox.html)
+* there is another firefox extension that basically disables all TLS certificate checking. The download page says things like "this is a bad idea" and "do not install this extension", but i'm unable to find it at the moment.
+
+## Related discussions ##
+
+* [Wandering Thoughts blog discussion about Web of Trust flaws](http://utcc.utoronto.ca/~cks/space/blog/tech/WebOfTrustFlaws?showcomments)
+* [Wandering Thoughts blog discussion about certificate authorities](http://utcc.utoronto.ca/~cks/space/blog/web/SSLCANeed?showcomments)
projects / monkeysphere.git / commitdiff
