8 [x] jrollins will talk and gesture - in progress
12 * client-side componants
13 ** "Marmoset": update known_hosts file with public key of server(s):
14 *** be responsible for removing keys from the file as key revocation happens
15 *** be responsible for updating a key in the file where there is a key replacement
16 *** must result in a file that is parsable by the existing ssh client without errors
17 *** manual management must be allowed without stomping on it
18 *** provide a simple, intelligible, clear policy for key acceptance
19 *** questions: should this query keyserver & update known host files? (we already
20 have awesome tool that queries keyservers and updates a web of trust (gpg)
21 ** "Howler": simple script that could be placed as a trigger function (in your .ssh/config)
22 *** runs on connection to a certain host
23 *** triggers update to known_hosts file then makes connection
24 *** proxy-command | pre-hook script | wrapper script
25 ** "Langur": policy-editor for viewing/editing policies
27 * server-side componants
28 ** "Rhesus" updates a per-user authorized_keys file, instead of updating a
29 known_hosts file from a public key by matching a specified user-id (for given
30 user: update authkeys file with public keys derived from authorized_uids
32 *** Needs to operate with the same principles that Marmoset client-side does
33 ** "Tamarin" triggers Rhesus during an attempt to initiate a connection or a scheduler (or both)
34 ** "Barbary" - policy editor / viewer
37 ** Create a ssh keypair from a openpgp keypair
41 Specifies a command to execute on the local machine after suc‐
42 cessfully connecting to the server. The command string extends
43 to the end of the line, and is executed with /bin/sh. This
44 directive is ignored unless PermitLocalCommand has been enabled.
49 * Daniel and Elliot lie. <check>
50 * We will use a distributed VCS, each developer will create their own git repository and publish it publically for others to pull from, mail out
51 * public project page doesn't perhaps make sense yet
52 * approximate goal - using the web of trust to authenticate ppl for SSH
53 * outline of various components of monkeysphere
54 * M: what does it mean to be in the monkeysphere? not necessarily a great coder.
55 * J: interested in seeing project happen, not in actually doing it. anybody can contribute as much as they want.
56 * J: if we put the structure in place to work on monkeysphere then we don't have to do anything
57 * D: we are not creating
58 * understand gpg's keyring better, understanding tools better, building scripts
59 * Some debian packages allow automated configuration of config files.
62 * GENERAL GOAL - use openpgp web-of-trust to authenticate ppl for SSH
63 * SPECIFIC GOAL - allow openssh to tie into pgp web-of-trust without modifying either openpgp and openssh
64 * DESIGN GOALS - authentication, use the existing generic OpenSSH client, the admin can make it default, although end-user should be decide to use monkeysphere or not
65 * DESIGN GOAL - use of monkeysphere should not radically change connecting-to-server experience
66 * GOAL - pick a monkey-related name for each component
68 Dramatis Personae: http://en.wikipedia.org/wiki/Alice_and_Bob
69 Backstory: http://www.conceptlabs.co.uk/alicebob.html
71 * Use Case: Bob wants to sign on to the computer "mangabey" via monkeysphere
72 framework. He doesn't have access to the machine, but he knows Alice, who is
73 the admin of magabey. Alice creates a user bob and puts bob's userid in the
74 auth_user_ids file for bob. Tamarin triggers which causes Rhesus to take all
75 the things in the auth_userids file, takes those users, look son a keyserver
76 finds the public keys for the users, converts the gpg public keys into ssh
77 public keys and inserts those into a user_authorized_keys file. Bob goes to
78 connect, bob's ssh client which is monkeysphere enbaled, howler is triggered
79 which triggers marmoset which looks out into the web of trust and find an
80 OpenPGP key that has a userid that matches the URI of magabey. Marmoset checks
81 to see if this key for mangabey has been signed by any keys that you trust
82 (based on your policy). Has this key been signed by somebody that you trust?
83 If yes, connect, if no: abort or fail-through or whatever. Alice has signed
84 this uid, so Marmoset says "OK, this server has been verified" it then
85 converts the gpg public key into a ssh public key and then adds this gpg key
86 to the known_host file. ssh says, "you" are about to connect to magabey and
87 you know this is magabey because alice says so and you trust alice". The gpg
88 private key of bob has to be converted (somehow, via agent or something) into
89 a ssh private_key. SSH connection happens.
91 Host identity piece of monkeysphere could be used without buying into the
92 authorization component.
94 Monkeysphere is authentication layer that allows the sysadmin to perform
95 authorization on user identities instead of on keys, it additionally allows the
96 sysadmin also to authenticate the server to the end-user.
98 git clone http://git.mlcastle.net/monkeysphere.git/ monkeysphere
100 Fix gpgkey2ssh so that the entire key fingerprint will work, accept full fingerprint, or accept a pipe and do the conversion
101 Write manpage for gpgkey2ssh
102 gpg private key (start with passwordless) to PEM encoded private key: perl libraries, libopencdk / gnutls, gpgme
103 setup remote git repo
104 think through / plan merging of known_hosts (& auth_keys?)
105 think about policies and their representation
projects / monkeysphere.git / blob