its functionality has been folded into monkeysphere as a subcommand.
So if you are currently using:
ssh -oProxyCommand='monkeysphere-ssh-proxycommand %h %p'
- plese use instead:
+ please use instead:
ssh -oProxyCommand='monkeysphere ssh-proxycommand %h %p'
* For sysadmins: monkeysphere-server has been split into
monkeysphere-host (for publishing the ssh host key of your machine)
# show info about the host key
show_key() {
local GNUPGHOME
+ local TMPSSH
+ local revokers
# tmp gpghome dir
export GNUPGHOME=$(msmktempdir)
| grep -v "^${GNUPGHOME}/pubring.gpg$" \
| egrep -v '^-+$'
+ # list revokers, if there are any
+ revokers=$(gpg --list-keys --with-colons --fixed-list-mode \
+ | awk -F: '/^rvk:/{ print $10 }' )
+ if [ "$revokers" ] ; then
+ echo "The following keys are allowed to revoke this host key:"
+ for key in $revokers ; do
+ echo "revoker: $key"
+ done
+ echo
+ fi
+
# list the pgp fingerprint
echo "OpenPGP fingerprint: $HOST_FINGERPRINT"
# try to add all authentication subkeys to the agent
+# FIXME: what if you only want to add one authentication subkey to the
+# agent?
+
subkey_to_ssh_agent() {
local sshaddresponse=0
local secretkeys
trap "rm -rf $workingdir" EXIT
umask 077
mkfifo "$workingdir/passphrase"
- keysuccess=1
# FIXME: we're currently allowing any other options to get passed
# through to ssh-add. should we limit it to known ones? For
if [ "$1" = '-d' ]; then
# we're removing the subkey:
gpg_user --export "0x${subkey}!" | openpgp2ssh "$subkey" > "$workingdir/$kname"
- (cd "$workingdir" && ssh-add -d "$kname")
+ (cd "$workingdir" && ssh-add -d "$kname") || keysuccess="$?"
else
# we're adding the subkey:
mkfifo "$workingdir/$kname"
(cd "$workingdir" && DISPLAY=nosuchdisplay SSH_ASKPASS=/bin/false ssh-add "$@" "$kname" </dev/null )&
passphrase_prompt "Enter passphrase for key $kname: " "$workingdir/passphrase"
- wait %2
- fi || keysuccess="$?"
+ wait %2 || keysuccess="$?"
+ fi
rm -f "$workingdir/$kname"
done
rm -rf "$workingdir"
# FIXME: sort out the return values: we're just returning the
- # success or failure of the final authentication subkey in this
- # case. What if earlier ones failed?
+ # failure code of the last authentication subkey which fails.
+ # what if more than one authentication subkey fails?
return "$keysuccess"
}
# test ssh connection
# first argument is expected return code from ssh connection
ssh_test() {
+ local RETURN=0
+
umask 0077
CODE=${1:-0}
Monkeysphere Server Administrator README
========================================
+ Note: This documentation is for Monkeysphere version 0.23 or later.
+ If you are running a version prior to 0.23, we recommend that you upgrade.
+
As the administrator of an SSH server, you can take advantage of the
Monkeysphere in two ways:
Monkeysphere User README
========================
+ Note: This documentation is for Monkeysphere version 0.23 or later.
+ If you are running a version prior to 0.23, we recommend that you upgrade.
+
You don't have to be an OpenSSH or OpenPGP expert to use the
Monkeysphere. However, you should be comfortable using secure shell
(ssh), and you should already have an OpenPGP key before you begin.