added description of steps needed to get host key published for george.riseup.net.
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>
Thu, 19 Jun 2008 07:04:58 +0000 (03:04 -0400)
committerDaniel Kahn Gillmor <dkg@fifthhorseman.net>
Thu, 19 Jun 2008 07:04:58 +0000 (03:04 -0400)
doc/george/host-key-publication [new file with mode: 0644]

diff --git a/doc/george/host-key-publication b/doc/george/host-key-publication
new file mode 100644 (file)
index 0000000..03e2510
--- /dev/null
@@ -0,0 +1,28 @@
+2008-06-19 02:34:57-0400
+------------------------
+
+Adding george's host key to the monkeysphere was more complicated than
+it needed to be.
+
+As the server admin, i did (accepting the defaults where possible):
+
+ monkeysphere-server gen-key
+ KEYID=$(GNUPGHOME=/etc/monkeysphere/gnupg gpg --with-colons --list-key  =ssh://$(hostname --fqdn) | grep ^pub: | cut -f5 -d:)
+ (umask 077 && GNUPGHOME=/etc/monkeysphere/gnupg gpg --export-secret-key $KEYID | openpgp2ssh $KEYID >/etc/monkeysphere/ssh_host_rsa_key)
+   # modify /etc/ssh/sshd_config to remove old host keys lines, and 
+   # add new line: HostKey /etc/monkeysphere/ssh_host_rsa_key 
+ /etc/init.d/ssh restart
+
+ KEYSERVER=george.riseup.net monkeysphere-server publish-key
+  # (needed to publish by hand here because of reasonable sanity checks)
+ monkeysphere-server show-fingerprint
+
+  # then from a remote host:
+ gpg --keyserver george.riseup.net --search =ssh://george.riseup.net
+ gpg --fingerprint --sign-key =ssh://george.riseup.net
+ KEYID=$(gpg --with-colons --list-key =ssh://george.riseup.net | grep ^pub: | cut -f5 -d:)
+ gpg --keyserver george.riseup.net --send "$KEYID"
+ gpg --keyserver george.riseup.net --send "$MYGPGID"
+
+
+How could this have been streamlined?