\fBmonkeysphere-host\fP takes various subcommands:
.TP
-.B import-key FILE [NAME[:PORT]]
+.B import-key FILE NAME[:PORT]
Import a pem-encoded ssh secret host key from file FILE. If FILE
is '-', then the key will be imported from stdin. NAME[:PORT] is used
-to specify the hostname (and port) used in the user ID of the new
-OpenPGP key. If NAME is not specified, then the system
-fully-qualified domain name will be used (ie. `hostname -f'). If PORT
-is not specified, the no port is added to the user ID, which means
-port 22 is assumed. `i' may be used in place of `import-key'.
+to specify the fully-qualified hostname (and port) used in the user ID
+of the new OpenPGP key. If PORT is not specified, the no port is
+added to the user ID, which means port 22 is assumed. `i' may be used
+in place of `import-key'.
.TP
.B show-key
Output information about host's OpenPGP and SSH keys. `s' may be used
Monkeysphere host admin tool.
subcommands:
- import-key (i) FILE [NAME[:PORT]] import existing ssh key to gpg
+ import-key (i) FILE NAME[:PORT] import existing ssh key to gpg
show-key (s) output all host key information
publish-key (p) publish host key to keyserver
set-expire (e) [EXPIRE] set host key expiration
failure "Must specify ssh key file to import, or specify '-' for stdin."
fi
-# use the default hostname if not specified
+# fail if hostname not specified
if [ -z "$hostName" ] ; then
- hostName=$(hostname -f) || failure "Could not determine hostname."
- # test that the domain is not obviously illegitimate
- domain=${foo##*.}
- case $domain in
- 'local'|'localdomain')
- failure "Host domain '$domain' is not legitimate. Aborting key import."
- ;;
- esac
- # test that there are at least two parts
- if (( $(echo "$hostName" | tr . ' ' | wc -w) < 2 )) ; then
- failure "Host name '$hostName' is not legitimate. Aborting key import."
- fi
+ failure "You must specify a fully-qualified domain name for use in the host certificate user ID."
fi
userID="ssh://${hostName}"
-if [ "$PROMPT" = "true" ] ; then
- cat <<EOF
-The ssh key will be imported and an OpenPGP certificate for this host
-will be generated with the following user ID:
- $userID
-EOF
- read -p "Are you sure you would like to create certificate? [Y/n] " OK; OK=${OK:-Y}
- if [ "${OK/y/Y}" != 'Y' ] ; then
- failure "ssh key not imported."
- fi
-else
- log debug "importing key without prompting."
-fi
-
-
# create host home
mkdir -p "${MHDATADIR}"
mkdir -p "${GNUPGHOME_HOST}"
you have the ssh server installed, and that you have generated a host
RSA key. Once that has been done, import the key:
- # monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key
+ # monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key server.example.net
This will generate an OpenPGP certificate for server. The primary
user ID for this certificate will be the ssh service URI for the host,
-which by default is based on the output of `hostname -f`
-(eg. `ssh://server.example.net`). If the name determined from
-`hostname -f` is not the name you want to have in the service URI,
-then you can enter one manually:
-
- # monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key host.example.net
-
-Remember that the name you provide here must be a fully qualified
-domain name for the host in order for the monkeysphere to work.
+(eg. `ssh://server.example.net`). Remember that the name you provide
+here must be a fully qualified domain name for the host in order for
+the monkeysphere to work.
Now you can display information about the host key's certificate with
the 'show-key' command: