* debian/control: switched Vcs-Git to use "centralized" git repo instead
of my own.
* More monkeysphere-server diagnostics
+ * monkeysphere --gen-subkey now guesses what KeyID you meant.
-- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Thu, 07 Aug 2008 13:31:14 -0400
# character
# FIXME: undo all escape character translation in with-colons gpg output
unescape() {
- echo "$1" | sed 's/\\x3a/:/'
+ echo "$1" | sed 's/\\x3a/:/g'
}
# remove all lines with specified string from specified file
# (see /usr/share/doc/gnupg/DETAILS.gz)
# output is one line for every found key, in the following format:
#
-# flag fingerprint
+# flag:fingerprint
#
# "flag" is an acceptability flag, 0 = ok, 1 = bad
# "fingerprint" is the fingerprint of the key
fi
;;
'uid') # user ids
+ if [ "$lastKey" != pub ] ; then
+ log " - got a user ID after a sub key! user IDs should only follow primary keys!"
+ continue
+ fi
+ # don't bother with a uid if there is no valid or reasonable primary key.
+ if [ "$keyOK" != true ] ; then
+ continue
+ fi
# if an acceptable user ID was already found, skip
if [ "$uidOK" ] ; then
continue
if [ "$keyOK" -a "$uidOK" -a "$lastKeyOK" ] ; then
log " * acceptable primary key."
if [ -z "$sshKey" ] ; then
- log " ! primary key could not be translated."
+ log " ! primary key could not be translated (not RSA or DSA?)."
else
echo "0:${sshKey}"
fi
else
log " - unacceptable primary key."
if [ -z "$sshKey" ] ; then
- log " ! primary key could not be translated."
+ log " ! primary key could not be translated (not RSA or DSA?)."
else
echo "1:${sshKey}"
fi
lastKey=sub
lastKeyOK=
fingerprint=
+
+ # don't bother with sub keys if the primary key is not valid
+ if [ "$keyOK" != true ] ; then
+ continue
+ fi
+ # don't bother with sub keys if no user ID is acceptable:
+ if [ "$uidOK" != true ] ; then
+ continue
+ fi
+
# if sub key validity is not ok, skip
if [ "$validity" != 'u' -a "$validity" != 'f' ] ; then
continue
continue
fi
- # output a line for the primary key
+ # output a line for the sub key
# 0 = ok, 1 = bad
if [ "$keyOK" -a "$uidOK" -a "$lastKeyOK" ] ; then
log " * acceptable sub key."
if [ -z "$sshKey" ] ; then
- log " ! sub key could not be translated."
+ log " ! sub key could not be translated (not RSA or DSA?)."
else
echo "0:${sshKey}"
fi
else
log " - unacceptable sub key."
if [ -z "$sshKey" ] ; then
- log " ! sub key could not be translated."
+ log " ! sub key could not be translated (not RSA or DSA?)."
else
echo "1:${sshKey}"
fi
########################################################################
usage() {
-cat <<EOF
+ cat <<EOF
usage: $PGRM <subcommand> [options] [args]
MonkeySphere client tool.
esac
done
- keyID="$1"
+ if [ -z "$1" ] ; then
+ # find all secret keys
+ keyID=$(gpg --with-colons --list-secret-keys | grep ^sec | cut -f5 -d:)
+ # if multiple sec keys exist, fail
+ if (( $(echo "$keyID" | wc -l) > 1 )) ; then
+ echo "Multiple secret keys found:"
+ echo "$keyID"
+ failure "Please specify which primary key to use."
+ fi
+ else
+ keyID="$1"
+ fi
if [ -z "$keyID" ] ; then
- failure "You must specify the key ID of your primary key."
+ failure "You have no secret key available. You should create an OpenPGP
+key before joining the monkeysphere. You can do this with:
+ gpg --gen-key"
fi
# get key output, and fail if not found
########################################################################
usage() {
-cat <<EOF
+ cat <<EOF
usage: $PGRM <subcommand> [options] [args]
MonkeySphere server admin tool.
fi
# propose changes needed for sshd_config (if any)
- if ! grep -q "^HostKey ${VARLIB}/ssh_host_rsa_key$" /etc/ssh/sshd_config; then
+ if ! grep -q "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$" /etc/ssh/sshd_config; then
echo "! /etc/ssh/sshd_config does not point to the monkeysphere host key (${VARLIB}/ssh_host_rsa_key)."
echo " - Recommendation: add a line to /etc/ssh/sshd_config: 'HostKey ${VARLIB}/ssh_host_rsa_key'"
fi
- if badhostkeys=$(grep '^HostKey' | grep -q -v "^HostKey ${VARLIB}/ssh_host_rsa_key$") ; then
+ if badhostkeys=$(grep -i '^HostKey' | grep -q -v "^HostKey[[:space:]]\+${VARLIB}/ssh_host_rsa_key$") ; then
echo "! /etc/sshd_config refers to some non-monkeysphere host keys:"
echo "$badhostkeys"
- echo "- Recommendation: remove the above HostKey lines from /etc/ssh/sshd_config"
+ echo " - Recommendation: remove the above HostKey lines from /etc/ssh/sshd_config"
fi
fi
fi
# FIXME: make sure that at least one identity certifier exists
+ echo "Checking for MonkeySphere-enabled public-key authentication for users ..."
+ # Ensure that User ID authentication is enabled:
+ if ! grep -q "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$" /etc/ssh/sshd_config; then
+ echo "! /etc/ssh/sshd_config does not point to monkeysphere authorized keys."
+ echo " - Recommendation: add a line to /etc/ssh/sshd_config: 'AuthorizedKeysFile ${VARLIB}/authorized_keys/%u'"
+ fi
+ if badauthorizedkeys=$(grep -i '^AuthorizedKeysFile' | grep -q -v "^AuthorizedKeysFile[[:space:]]\+${VARLIB}/authorized_keys/%u$") ; then
+ echo "! /etc/sshd_config refers to non-monkeysphere authorized_keys files:"
+ echo "$badauthorizedkeys"
+ echo " - Recommendation: remove the above AuthorizedKeysFile lines from /etc/ssh/sshd_config"
+ fi
+
+
}
# retrieve key from web of trust, import it into the host keyring, and
# Authors: Daniel Kahn Gillmor <dkg@fifthhorseman.net>,
# Jameson Rollins <jrollins@fifthhorseman.net>
-
-cleanup() {
- echo -n "removing temp gpg home... " 1>&2
- rm -rf "$TMPPRIVATE"
- echo "done." 1>&2
-}
-
explanation() {
- echo -n "The basic strategy of seckey2sshagent is to dump your
-OpenPGP authentication key(s) into your agent.
+ cat <<EOF
+Usage: $0 [GPGID [FILE]]
+
+The basic strategy of seckey2sshagent is to dump your OpenPGP
+authentication key(s) into your agent or a file. With no arguments,
+it will add all secret keys in your keyring to the agent. With one
+argument, it adds only the specified key to the agent. With two
+arguments, it dumps the specified key to FILE, with the pub key in
+FILE.pub.
This script is a gross hack at the moment. It is done by creating a
new, temporary private keyring, letting the user remove the
ssh-add -l
-"
+EOF
+}
+
+cleanup() {
+ echo -n "removing temp gpg home... " 1>&2
+ rm -rf "$TMPPRIVATE"
+ echo "done." 1>&2
+}
+
+export_sec_key() {
+ gpg --export-secret-key "$GPGID" | GNUPGHOME="$TMPPRIVATE" gpg --import
+ GNUPGHOME="$TMPPRIVATE" gpg --edit-key "$GPGID"
+
+ # idea to script the password stuff. not working.
+ # read -s -p "enter gpg password: " PASSWD; echo
+ # cmd=$(cat <<EOF
+ # passwd
+ # $PASSWD
+ # \n
+ # \n
+ # \n
+ # yes
+ # save
+ # EOF
+ # )
+ # echo -e "$cmd" | GNUPGHOME="$TMPPRIVATE" gpg --command-fd 0 --edit-key $GPGID
+
+ # export secret key to file
+ GNUPGHOME="$TMPPRIVATE" gpg --export-secret-keys "$GPGID" | \
+ openpgp2ssh "$GPGID"
}
# if no hex string is supplied, just print an explanation.
exit
fi
-trap cleanup EXIT
+# set the file creation umask
+umask 077
GPGIDS="$1"
+if [ "$2" -a ! -e "$2" ] ; then
+ FILE="$2"
+fi
if [ -z "$GPGIDS" ]; then
# hack: we need to get the list of secret keys, because if you
# --list-secret-keys with no arguments, GPG fails to print the
# capability flags (i've just filed this as
# https://bugs.g10code.com/gnupg/issue945)
- KEYIDS=$(gpg2 --with-colons --list-secret-keys | grep ^sec | cut -f5 -d:)
+ KEYIDS=$(gpg --with-colons --list-secret-keys | grep ^sec | cut -f5 -d:)
# default to using all fingerprints of authentication-enabled keys
- GPGIDS=$(gpg --with-colons --fingerprint --fingerprint --list-secret-keys $KEYIDS | egrep -A1 '^(ssb|sec):.*:[^:]*a[^:]*:$' | grep ^fpr: | cut -d: -f10)
+ GPGIDS=$(gpg --with-colons --fingerprint --fingerprint --list-secret-keys $KEYIDS | egrep -A1 '^(ssb|sec):.*:[^:]*a[^:]*:$' | grep ^fpr: | cut -d: -f10)
fi
+trap cleanup EXIT
+
for GPGID in $GPGIDS; do
TMPPRIVATE=$(mktemp -d)
- gpg --export-secret-key "$GPGID" | GNUPGHOME="$TMPPRIVATE" gpg --import
-
-# idea to script the password stuff. not working.
-# read -s -p "enter gpg password: " PASSWD; echo
-# cmd=$(cat <<EOF
-# passwd
-# $PASSWD
-# \n
-# \n
-# \n
-# yes
-# save
-# EOF
-# )
-# echo -e "$cmd" | GNUPGHOME="$TMPPRIVATE" gpg --command-fd 0 --edit-key $GPGID
-
- GNUPGHOME="$TMPPRIVATE" gpg --edit-key "$GPGID"
-
- KEYNAME='MonkeySphere Key '$(echo "$GPGID" | tr -c -d '0-9a-fA-F')''
-# creating this alias so the key is named "monkeysphere-key" in the
-# comment stored by the agent, while never being written to disk in
-# SSH form:
- ln -s /dev/stdin "$TMPPRIVATE/$KEYNAME"
-
- GNUPGHOME="$TMPPRIVATE" gpg --export-secret-keys "$GPGID" | \
- openpgp2ssh $GPGID | (cd "$TMPPRIVATE" && ssh-add -c "$KEYNAME")
+ # if specified, write key to fail and passprotect
+ if [ "$FILE" ] ; then
+ # export secret key to file
+ export_sec_key > "$TMPPRIVATE/key"
+ # passprotect file
+ ssh-keygen -f "${TMPPRIVATE}/key" -p
+ # move into place
+ mv "${TMPPRIVATE}/key" "$FILE"
+
+ # export public key
+ gpg --export "$GPGID" | openpgp2ssh "$GPGID" > "${FILE}.pub"
+
+ # otherwise add to agent
+ else
+ KEYNAME='MonkeySphere Key '$(echo "$GPGID" | tr -c -d '0-9a-fA-F')''
+
+ # creating this alias so the key is named "monkeysphere-key" in the
+ # comment stored by the agent, while never being written to disk in
+ # SSH form:
+ ln -s /dev/stdin "${TMPPRIVATE}/${KEYNAME}"
+
+ # export secret key to agent
+ export_sec_key | (cd "$TMPPRIVATE" && ssh-add -c "$KEYNAME")
+ fi
- cleanup
done
-
-
--- /dev/null
+[[meta title="Missing `~/.ssh/known_hosts` file causes errors from monkeysphere-ssh-proxycommand"]]
+
+As a user, if you don't have a `~/.ssh/known_hosts` file,
+`monkeysphere-ssh-proxycommand` produces some bogus output, like:
+
+ cat: /home/foo/.ssh/known_hosts: No such file or directory
+
+this should be fixable with a simple test.
fail, and report the different key IDs that they user might want to
select (reporting which keys already have authorization subkeys or
the authorization capability on the primary key would be useful too)
+
+[[bugs/done]] completed 2008-08-08 09:40:33-0400 (to be released in 0.8-1)
--- /dev/null
+[[meta title="monkeysphere --gen-subkey seems to fail if no gpg-agent is running"]]
+
+Consider the following transcript of a user who starts with no OpenPGP
+key in the first place:
+
+ 0 wt215@squeak:~$ monkeysphere gen-subkey
+ You have no secret key available. You should create an OpenPGP
+ key before joining the monkeysphere. You can do this with:
+ gpg --gen-key
+ 255 wt215@squeak:~$ gpg --gen-key
+ gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc.
+ This is free software: you are free to change and redistribute it.
+ There is NO WARRANTY, to the extent permitted by law.
+
+ Please select what kind of key you want:
+ (1) DSA and Elgamal (default)
+ (2) DSA (sign only)
+ (5) RSA (sign only)
+ Your selection? 5
+ RSA keys may be between 1024 and 4096 bits long.
+ What keysize do you want? (2048) 1024
+ Requested keysize is 1024 bits
+ Please specify how long the key should be valid.
+ 0 = key does not expire
+ <n> = key expires in n days
+ <n>w = key expires in n weeks
+ <n>m = key expires in n months
+ <n>y = key expires in n years
+ Key is valid for? (0) 1
+ Key expires at Sat 09 Aug 2008 09:41:34 AM EDT
+ Is this correct? (y/N) y
+
+ You need a user ID to identify your key; the software constructs the user ID
+ from the Real Name, Comment and Email Address in this form:
+ "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
+
+ Real name: Foo T. Bar
+ Email address: monkey@example.org
+ Comment: DO NOT USE!
+ You selected this USER-ID:
+ "Foo T. Bar (DO NOT USE!) <monkey@example.org>"
+
+ Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
+ You need a Passphrase to protect your secret key.
+
+ We need to generate a lot of random bytes. It is a good idea to perform
+ some other action (type on the keyboard, move the mouse, utilize the
+ disks) during the prime generation; this gives the random number
+ generator a better chance to gain enough entropy.
+ +++++
+ gpg: key A09F70B7 marked as ultimately trusted
+ public and secret key created and signed.
+
+ gpg: checking the trustdb
+ gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
+ gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
+ gpg: next trustdb check due at 2008-08-09
+ pub 1024R/A09F70B7 2008-08-08 [expires: 2008-08-09]
+ Key fingerprint = C3D3 1063 7CA1 5809 9EB9 7A63 F4E4 8D01 A09F 70B7
+ uid Foo T. Bar (DO NOT USE!) <monkey@example.org>
+
+ Note that this key cannot be used for encryption. You may want to use
+ the command "--edit-key" to generate a subkey for this purpose.
+ 0 wt215@squeak:~$ monkeysphere gen-subkey
+ Please specify how long the key should be valid.
+ 0 = key does not expire
+ <n> = key expires in n days
+ <n>w = key expires in n weeks
+ <n>m = key expires in n months
+ <n>y = key expires in n years
+ Key is valid for? (0) 2
+ ms: generating subkey...
+ gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc.
+ This is free software: you are free to change and redistribute it.
+ There is NO WARRANTY, to the extent permitted by law.
+
+ Secret key is available.
+
+ pub 1024R/A09F70B7 created: 2008-08-08 expires: 2008-08-09 usage: SC
+ trust: ultimate validity: ultimate
+ [ultimate] (1). Foo T. Bar (DO NOT USE!) <monkey@example.org>
+
+ Key is protected.
+
+ You need a passphrase to unlock the secret key for
+ user: "Foo T. Bar (DO NOT USE!) <monkey@example.org>"
+ 1024-bit RSA key, ID A09F70B7, created 2008-08-08
+
+ gpg: Invalid passphrase; please try again ...
+
+ You need a passphrase to unlock the secret key for
+ user: "Foo T. Bar (DO NOT USE!) <monkey@example.org>"
+ 1024-bit RSA key, ID A09F70B7, created 2008-08-08
+
+ gpg: Invalid passphrase; please try again ...
+
+ You need a passphrase to unlock the secret key for
+ user: "Foo T. Bar (DO NOT USE!) <monkey@example.org>"
+ 1024-bit RSA key, ID A09F70B7, created 2008-08-08
+
+ gpg: Key generation failed: bad passphrase
+
+
+ Invalid command (try "help")
+
+ ms: done.
+ 0 wt215@squeak:~$
+
+This user does not have `use-agent` configured in `~/.gnupg/gpg.conf`.
+
+This problem can be resolved by the user doing:
+
+ echo use-agent >> ~/.gnupg/gpg.conf
+ gpg-agent --daemon monkeysphere --gen-subkey
+
+Then they will be prompted for their passphrase during key creation.
+
+If we're OK with relying on `gpg-agent`, we should make make that an
+explicit dependency, and ensure that an agent is running (or start one
+up specifically for the process).
+
+If we're not OK with relying on the agent, `--gen-subkey` needs
+fixing.
--- /dev/null
+[[meta title="Monkeysphere should consult keyserver setting in gpg.conf"]]
+
+Currently, monkeysphere-ssh-proxycommand checks the following places to
+determine which keyserver to use (in order of priority):
+
+ * environment variable (MONKEYSPHERE_KEYSERVER)
+ * KEYSERVER variable in ~/.config/monkeysphere/monkeysphere.conf
+ * default value of subkeys.pgp.net
+
+It would be useful if monkeysphere also consulted ~/.gnupg/gpg.conf, using the
+following order instead:
+
+ * environment variable (MONKEYSPHERE_KEYSERVER)
+ * KEYSERVER variable in ~/.config/monkeysphere/monkeysphere.conf
+ * keyserver variable in ~/.gnupg/gpg.conf
+ * default value of subkeys.pgp.net
+
+- Sir Jam Jam
--- /dev/null
+[[meta title="Monkeysphere should consult keyserver setting in gpg.conf"]]
+
+Currently, monkeysphere-ssh-proxycommand checks the following places to
+determine which keyserver to use (in order of priority):
+
+ * environment variable (MONKEYSPHERE_KEYSERVER)
+ * KEYSERVER variable in ~/.config/monkeysphere/monkeysphere.conf
+ * default value of subkeys.pgp.net
+
+It would be useful if monkeysphere also consulted ~/.gnupg/gpg.conf, using the
+following order instead:
+
+ * environment variable (MONKEYSPHERE_KEYSERVER)
+ * KEYSERVER variable in ~/.config/monkeysphere/monkeysphere.conf
+ * keyserver variable in ~/.gnupg/gpg.conf
+ * default value of subkeys.pgp.net
+
+-- Sir Jam Jam
projects / monkeysphere.git / commitdiff