From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Mon, 11 Aug 2008 22:10:46 +0000 (-0400)
Subject: added monkeysphere-server diagnostics to check for (and advise) AuthorizedKeysFile... 
X-Git-Tag: monkeysphere_0.8-1~33
X-Git-Url: https://codewiz.org/gitweb?a=commitdiff_plain;h=0565fa2f4dd1e6b563d00771bf71142c4004aa9d;p=monkeysphere.git

added monkeysphere-server diagnostics to check for (and advise) AuthorizedKeysFile changes for monkeysphere-enabled authorized_keys
---

diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index 7fac3ee..9e025f9 100755
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -468,11 +468,11 @@ diagnostics() {
 	    fi
 
 	    # propose changes needed for sshd_config (if any)
-	    if ! grep -q "^HostKey ${VARLIB}/ssh_host_rsa_key$" /etc/ssh/sshd_config; then
+	    if ! grep -q "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$" /etc/ssh/sshd_config; then
 		echo "! /etc/ssh/sshd_config does not point to the monkeysphere host key (${VARLIB}/ssh_host_rsa_key)."
 		echo " - Recommendation: add a line to /etc/ssh/sshd_config: 'HostKey ${VARLIB}/ssh_host_rsa_key'"
 	    fi
-	    if badhostkeys=$(grep '^HostKey' | grep -q -v "^HostKey ${VARLIB}/ssh_host_rsa_key$") ; then
+	    if badhostkeys=$(grep -i '^HostKey' | grep -q -v "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$") ; then
 		echo "! /etc/sshd_config refers to some non-monkeysphere host keys:"
 		echo "$badhostkeys"
 		echo " - Recommendation: remove the above HostKey lines from /etc/ssh/sshd_config"
@@ -489,6 +489,19 @@ diagnostics() {
 
 # FIXME:  make sure that at least one identity certifier exists
 
+    echo "Checking for MonkeySphere-enabled public-key authentication for users ..."
+    # Ensure that User ID authentication is enabled:
+    if ! grep -q "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$" /etc/ssh/sshd_config; then
+	echo "! /etc/ssh/sshd_config does not point to monkeysphere authorized keys."
+	echo " - Recommendation: add a line to /etc/ssh/sshd_config: 'AuthorizedKeysFile ${VARLIB}/authorized_keys/%u'"
+    fi
+    if badauthorizedkeys=$(grep -i '^AuthorizedKeysFile' | grep -q -v "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$") ; then
+	echo "! /etc/sshd_config refers to non-monkeysphere authorized_keys files:"
+	echo "$badauthorizedkeys"
+	echo " - Recommendation: remove the above AuthorizedKeysFile lines from /etc/ssh/sshd_config"
+    fi
+
+
 }
 
 # retrieve key from web of trust, import it into the host keyring, and