Detail advantages of monkeysphere: detail the race conditions in ssh,
and how the monkeysphere can help you reduce these threat vectors:
- threat model reduction diagrams
+ threat model reduction diagrams.
Determine how openssh handles multiple processes writing to
- known_hosts file (atomic appends?)
+ known_hosts/authorized_keys files (lockfile, atomic appends?)
Handle unknown hosts in such a way that they're not always removed
from known_hosts file. Ask user to lsign the host key?
-Handle multiple multiple hostnames (multiple user IDs?) when
- generating host keys with gen-key.
+Handle multiple hostnames (multiple user IDs?) when generating host
+ keys with gen-key.
Make sure alternate ports are handled for known_hosts.
-Add environment variables sections to man pages.
-
Script to import private key into ssh agent.
Provide a friendly interactive UI for marginal or failing client-side
"tsign" in gpg(1).
Fix the order of questions when user does a tsign in gpg or gpg2.
+
+File bug against ssh-keygen about how "-R" option removes comments
+ from known_hosts file.
+
+File bug against ssh-keygen to see if we can get it to write to hash a
+ known_hosts file to/from stdout/stdin.
+
+Add environment variables sections to man pages.
+
+Environment variable scoping.
+
+Move environment variable precedence before conf file.
+
+When using ssh-proxycommand, if only host keys found are expired or
+ revoked, then output loud warning with prompt, or fail hard.
+
+Update monkeysphere-ssh-proxycommand man page with new keyserver
+ checking policy info.
+
+Update monkeysphere-ssh-proxycommand man page with info about
+ no-connect option.
* changes to this system *
******************************************************************************
+2008-06-18 - jrollins
+ * installed less, emacs;
+ * aptitude update && aptitude dist-upgrade
2008-06-18 - micah
* debootstrap'd debian etch install
# s = sign
# c = certify
# a = authentication
-#REQUIRED_HOST_KEY_CAPABILITY="e a"
+#REQUIRED_HOST_KEY_CAPABILITY="a"
#REQUIRED_USER_KEY_CAPABILITY="a"
# ssh known_hosts file
# ssh authorized_keys file
#AUTHORIZED_KEYS=~/.ssh/known_hosts
+
+# This overrides other environment variables
+# NOTE: there is leakage
+#CHECK_KEYRING=true
}
# remove all lines with specified string from specified file
-remove_file_line() {
+remove_line() {
local file
local string
# remove user ID from file
log -n " removing user ID '$userID'... "
- remove_file_line "$AUTHORIZED_USER_IDS" "^${userID}$"
+ remove_line "$AUTHORIZED_USER_IDS" "^${userID}$"
loge "done."
}
while read -r ok keyid ; do
sshKey=$(gpg2ssh "$keyid")
# remove the old host key line
- remove_file_line "$KNOWN_HOSTS" "$sshKey"
+ remove_line "$KNOWN_HOSTS" "$sshKey"
# if key OK, add new host line
if [ "$ok" -eq '0' ] ; then
# hash if specified
while read -r ok keyid ; do
sshKey=$(gpg2ssh "$keyid")
# remove the old host key line
- remove_file_line "$AUTHORIZED_KEYS" "$sshKey"
+ remove_line "$AUTHORIZED_KEYS" "$sshKey"
# if key OK, add new host line
if [ "$ok" -eq '0' ] ; then
ssh2authorized_keys "$userID" "$sshKey" >> "$AUTHORIZED_KEYS"
GNUPGHOME=${GNUPGHOME:-"${HOME}/.gnupg"}
KEYSERVER=${KEYSERVER:-"subkeys.pgp.net"}
CHECK_KEYSERVER=${CHECK_KEYSERVER:="true"}
-REQUIRED_HOST_KEY_CAPABILITY=${REQUIRED_HOST_KEY_CAPABILITY:-"e a"}
+REQUIRED_HOST_KEY_CAPABILITY=${REQUIRED_HOST_KEY_CAPABILITY:-"a"}
REQUIRED_USER_KEY_CAPABILITY=${REQUIRED_USER_KEY_CAPABILITY:-"a"}
KNOWN_HOSTS=${KNOWN_HOSTS:-"${HOME}/.ssh/known_hosts"}
AUTHORIZED_KEYS=${AUTHORIZED_KEYS:-"${HOME}/.ssh/authorized_keys"}
# established. Can be added to ~/.ssh/config as follows:
# ProxyCommand monkeysphere-ssh-proxycommand %h %p
-HOST="$1"
-PORT="$2"
-
usage() {
cat <<EOF >&2
usage: ssh -o ProxyCommand="$(basename $0) %h %p" ...
echo "$@" >&2
}
+if [ "$1" = '--no-connect' ] ; then
+ NO_CONNECT='true'
+ shift 1
+fi
+
+HOST="$1"
+PORT="$2"
+
if [ -z "$HOST" ] ; then
log "host must be specified."
usage
exit 1
fi
-# check for the host key in the known_hosts file
-hostKey=$(ssh-keygen -F "$HOST")
+# set the host URI
+URI="ssh://${HOST}"
+if [ "$PORT" != '22' ] ; then
+ URI="${URI}:$PORT"
+fi
-# if the host key is found in the known_hosts file,
-# don't check the keyserver
-if [ "$hostKey" ] ; then
+# if the host is in the gpg keyring...
+if gpg --list-key ="${URI}" >/dev/null ; then
+ # do not check the keyserver
CHECK_KEYSERVER="false"
+# if the host is NOT in the keyring...
else
- CHECK_KEYSERVER="true"
+ # if the host key is found in the known_hosts file...
+ # FIXME: this only works for default known_hosts location
+ hostKey=$(ssh-keygen -F "$HOST")
+ if [ "$hostKey" ] ; then
+ # if the check keyserver variable is NOT set to true...
+ if [ "$CHECK_KEYSERVER" != 'true' ] ; then
+ # schedule a keyserver check for host at a later time
+ echo "monkeysphere update-known_hosts $HOST" | at noon
+ fi
+ # if the host key is not found in the known_hosts file...
+ else
+ # check the keyserver
+ CHECK_KEYSERVER="true"
+ fi
fi
export CHECK_KEYSERVER
# update the known_hosts file for the host
-monkeysphere update-known-hosts "$HOST"
+monkeysphere update-known_hosts "$HOST"
# exec a netcat passthrough to host for the ssh connection
-exec nc "$HOST" "$PORT"
+if [ -z "$NO_CONNECT" ] ; then
+ exec nc "$HOST" "$PORT"
+fi
projects / monkeysphere.git / commitdiff