Merge commit 'dkg/master'

diff --combined src/monkeysphere-server
index 1e5f2096677cb8dfa9522babeeec5877817b28e0,9e025f9d66265169ae9775c3e8e44bc9c75c5dc9..3ca0656e4ad5168b48a6282c4174a25f301168ce
--- 1/src/monkeysphere-server
--- 2/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@@ -32,7 -32,7 +32,7 @@@ RETURN=
  ########################################################################
  
  usage() {
- cat <<EOF
+     cat <<EOF
  usage: $PGRM <subcommand> [options] [args]
  MonkeySphere server admin tool.
  
@@@ -56,7 -56,7 +56,7 @@@ subcommands
  
   gpg-authentication-cmd CMD          gnupg-authentication command
  
 - help (h,?)                          this help
 + -h|--help|help (h,?)                this help
  EOF
  }
  
@@@ -236,7 -236,7 +236,7 @@@ gen_key() 
      revoker=
  
      # get options
 -    TEMP=$(getopt -o l:e:r: -l length:,expire:,revoker: -n "$PGRM" -- "$@")
 +    TEMP=$(getopt -o e:l:r -l expire:,length:,revoker: -n "$PGRM" -- "$@")
  
      if [ $? != 0 ] ; then
        exit 1
@@@ -468,14 -468,14 +468,14 @@@ diagnostics() 
            fi
  
            # propose changes needed for sshd_config (if any)
-           if ! grep -q "^HostKey ${VARLIB}/ssh_host_rsa_key$" /etc/ssh/sshd_config; then
+           if ! grep -q "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$" /etc/ssh/sshd_config; then
                echo "! /etc/ssh/sshd_config does not point to the monkeysphere host key (${VARLIB}/ssh_host_rsa_key)."
                echo " - Recommendation: add a line to /etc/ssh/sshd_config: 'HostKey ${VARLIB}/ssh_host_rsa_key'"
            fi
-           if badhostkeys=$(grep '^HostKey' | grep -q -v "^HostKey ${VARLIB}/ssh_host_rsa_key$") ; then
+           if badhostkeys=$(grep -i '^HostKey' | grep -q -v "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$") ; then
                echo "! /etc/sshd_config refers to some non-monkeysphere host keys:"
                echo "$badhostkeys"
-               echo "- Recommendation: remove the above HostKey lines from /etc/ssh/sshd_config"
+               echo " - Recommendation: remove the above HostKey lines from /etc/ssh/sshd_config"
            fi
        fi
      fi
@@@ -489,6 -489,19 +489,19 @@@
  
  # FIXME:  make sure that at least one identity certifier exists
  
+     echo "Checking for MonkeySphere-enabled public-key authentication for users ..."
+     # Ensure that User ID authentication is enabled:
+     if ! grep -q "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$" /etc/ssh/sshd_config; then
+       echo "! /etc/ssh/sshd_config does not point to monkeysphere authorized keys."
+       echo " - Recommendation: add a line to /etc/ssh/sshd_config: 'AuthorizedKeysFile ${VARLIB}/authorized_keys/%u'"
+     fi
+     if badauthorizedkeys=$(grep -i '^AuthorizedKeysFile' | grep -q -v "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$") ; then
+       echo "! /etc/sshd_config refers to non-monkeysphere authorized_keys files:"
+       echo "$badauthorizedkeys"
+       echo " - Recommendation: remove the above AuthorizedKeysFile lines from /etc/ssh/sshd_config"
+     fi
+ 
+ 
  }
  
  # retrieve key from web of trust, import it into the host keyring, and
@@@ -699,7 -712,7 +712,7 @@@ case $COMMAND i
        gpg_authentication_cmd "$@"
        ;;
  
 -    'help'|'h'|'?')
 +    '--help'|'help'|'-h'|'h'|'?')
          usage
          ;;