From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Thu, 19 Jun 2008 04:13:39 +0000 (-0400)
Subject: Merge commit 'jrollins/master'
X-Git-Tag: monkeysphere_0.1-1~16
X-Git-Url: https://codewiz.org/gitweb?p=monkeysphere.git;a=commitdiff_plain;h=10d38ac8e8580322d533c3c5e1b7fad13363b7e5;hp=18c15c1adf65d47df5b3753c99f06092d81906d0

Merge commit 'jrollins/master'
---

diff --git a/doc/TODO b/doc/TODO
index bf51ae0..3538fbf 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -3,21 +3,19 @@ Next-Steps Monkeysphere Projects:
 
 Detail advantages of monkeysphere: detail the race conditions in ssh,
    and how the monkeysphere can help you reduce these threat vectors:
-   threat model reduction diagrams 
+   threat model reduction diagrams.
 
 Determine how openssh handles multiple processes writing to
-   known_hosts file (atomic appends?)
+   known_hosts/authorized_keys files (lockfile, atomic appends?)
 
 Handle unknown hosts in such a way that they're not always removed
    from known_hosts file.  Ask user to lsign the host key?
 
-Handle multiple multiple hostnames (multiple user IDs?) when
-   generating host keys with gen-key.
+Handle multiple hostnames (multiple user IDs?) when generating host
+   keys with gen-key.
 
 Make sure alternate ports are handled for known_hosts.
 
-Add environment variables sections to man pages.
-
 Script to import private key into ssh agent.
 
 Provide a friendly interactive UI for marginal or failing client-side
@@ -56,3 +54,24 @@ Make it easier to do domain-relative ssh host trust signatures with
    "tsign" in gpg(1).
 
 Fix the order of questions when user does a tsign in gpg or gpg2.
+
+File bug against ssh-keygen about how "-R" option removes comments
+   from known_hosts file.
+
+File bug against ssh-keygen to see if we can get it to write to hash a
+   known_hosts file to/from stdout/stdin.
+
+Add environment variables sections to man pages.
+
+Environment variable scoping.
+
+Move environment variable precedence before conf file.
+
+When using ssh-proxycommand, if only host keys found are expired or
+   revoked, then output loud warning with prompt, or fail hard.
+
+Update monkeysphere-ssh-proxycommand man page with new keyserver
+   checking policy info.
+
+Update monkeysphere-ssh-proxycommand man page with info about
+   no-connect option.
diff --git a/doc/george/changelog b/doc/george/changelog
index 2442061..5d35355 100644
--- a/doc/george/changelog
+++ b/doc/george/changelog
@@ -7,6 +7,9 @@
 *  changes to this system 					             *
 ******************************************************************************
 
+2008-06-18 - jrollins
+	* installed less, emacs;
+	* aptitude update && aptitude dist-upgrade
 
 2008-06-18 - micah
 	* debootstrap'd debian etch install
diff --git a/etc/monkeysphere.conf b/etc/monkeysphere.conf
index 17c1a14..f2ba4a7 100644
--- a/etc/monkeysphere.conf
+++ b/etc/monkeysphere.conf
@@ -15,7 +15,7 @@
 #   s = sign
 #   c = certify
 #   a = authentication
-#REQUIRED_HOST_KEY_CAPABILITY="e a"
+#REQUIRED_HOST_KEY_CAPABILITY="a"
 #REQUIRED_USER_KEY_CAPABILITY="a"
 
 # ssh known_hosts file
@@ -27,3 +27,7 @@
 
 # ssh authorized_keys file
 #AUTHORIZED_KEYS=~/.ssh/known_hosts
+
+# This overrides other environment variables
+# NOTE: there is leakage
+#CHECK_KEYRING=true
diff --git a/src/common b/src/common
index ac43f0a..9b06b1d 100644
--- a/src/common
+++ b/src/common
@@ -73,7 +73,7 @@ unescape() {
 }
 
 # remove all lines with specified string from specified file
-remove_file_line() {
+remove_line() {
     local file
     local string
 
@@ -395,7 +395,7 @@ remove_userid() {
 
     # remove user ID from file
     log -n " removing user ID '$userID'... "
-    remove_file_line "$AUTHORIZED_USER_IDS" "^${userID}$"
+    remove_line "$AUTHORIZED_USER_IDS" "^${userID}$"
     loge "done."
 }
 
@@ -416,7 +416,7 @@ process_host_known_hosts() {
     while read -r ok keyid ; do
 	sshKey=$(gpg2ssh "$keyid")
 	# remove the old host key line
-	remove_file_line "$KNOWN_HOSTS" "$sshKey"
+	remove_line "$KNOWN_HOSTS" "$sshKey"
 	# if key OK, add new host line
 	if [ "$ok" -eq '0' ] ; then
 	    # hash if specified
@@ -449,7 +449,7 @@ process_uid_authorized_keys() {
     while read -r ok keyid ; do
 	sshKey=$(gpg2ssh "$keyid")
 	# remove the old host key line
-	remove_file_line "$AUTHORIZED_KEYS" "$sshKey"
+	remove_line "$AUTHORIZED_KEYS" "$sshKey"
 	# if key OK, add new host line
 	if [ "$ok" -eq '0' ] ; then
 	    ssh2authorized_keys "$userID" "$sshKey" >> "$AUTHORIZED_KEYS"
diff --git a/src/monkeysphere b/src/monkeysphere
index 6853f58..a6cecfd 100755
--- a/src/monkeysphere
+++ b/src/monkeysphere
@@ -115,7 +115,7 @@ AUTHORIZED_USER_IDS=${AUTHORIZED_USER_IDS:-"${MS_HOME}/authorized_user_ids"}
 GNUPGHOME=${GNUPGHOME:-"${HOME}/.gnupg"}
 KEYSERVER=${KEYSERVER:-"subkeys.pgp.net"}
 CHECK_KEYSERVER=${CHECK_KEYSERVER:="true"}
-REQUIRED_HOST_KEY_CAPABILITY=${REQUIRED_HOST_KEY_CAPABILITY:-"e a"}
+REQUIRED_HOST_KEY_CAPABILITY=${REQUIRED_HOST_KEY_CAPABILITY:-"a"}
 REQUIRED_USER_KEY_CAPABILITY=${REQUIRED_USER_KEY_CAPABILITY:-"a"}
 KNOWN_HOSTS=${KNOWN_HOSTS:-"${HOME}/.ssh/known_hosts"}
 AUTHORIZED_KEYS=${AUTHORIZED_KEYS:-"${HOME}/.ssh/authorized_keys"}
diff --git a/src/monkeysphere-ssh-proxycommand b/src/monkeysphere-ssh-proxycommand
index 4b90a0d..4cbcd51 100755
--- a/src/monkeysphere-ssh-proxycommand
+++ b/src/monkeysphere-ssh-proxycommand
@@ -13,9 +13,6 @@
 # established.  Can be added to ~/.ssh/config as follows:
 #  ProxyCommand monkeysphere-ssh-proxycommand %h %p
 
-HOST="$1"
-PORT="$2"
-
 usage() {
 cat <<EOF >&2
 usage: ssh -o ProxyCommand="$(basename $0) %h %p" ...
@@ -26,6 +23,14 @@ log() {
     echo "$@" >&2
 }
 
+if [ "$1" = '--no-connect' ] ; then
+    NO_CONNECT='true'
+    shift 1
+fi
+
+HOST="$1"
+PORT="$2"
+
 if [ -z "$HOST" ] ; then
     log "host must be specified."
     usage
@@ -37,20 +42,39 @@ if [ -z "$PORT" ] ; then
     exit 1
 fi
 
-# check for the host key in the known_hosts file
-hostKey=$(ssh-keygen -F "$HOST")
+# set the host URI
+URI="ssh://${HOST}"
+if [ "$PORT" != '22' ] ; then
+    URI="${URI}:$PORT"
+fi
 
-# if the host key is found in the known_hosts file,
-# don't check the keyserver
-if [ "$hostKey" ] ; then
+# if the host is in the gpg keyring...
+if gpg --list-key ="${URI}" >/dev/null ; then
+    # do not check the keyserver
     CHECK_KEYSERVER="false"
+# if the host is NOT in the keyring...
 else
-    CHECK_KEYSERVER="true"
+    # if the host key is found in the known_hosts file...
+    # FIXME: this only works for default known_hosts location
+    hostKey=$(ssh-keygen -F "$HOST")
+    if [ "$hostKey" ] ; then
+	# if the check keyserver variable is NOT set to true...
+	if  [ "$CHECK_KEYSERVER" != 'true' ] ; then
+	    # schedule a keyserver check for host at a later time
+	    echo "monkeysphere update-known_hosts $HOST" | at noon
+	fi
+    # if the host key is not found in the known_hosts file...
+    else
+	# check the keyserver
+	CHECK_KEYSERVER="true"
+    fi
 fi
 export CHECK_KEYSERVER
 
 # update the known_hosts file for the host
-monkeysphere update-known-hosts "$HOST"
+monkeysphere update-known_hosts "$HOST"
 
 # exec a netcat passthrough to host for the ssh connection
-exec nc "$HOST" "$PORT"
+if [ -z "$NO_CONNECT" ] ; then
+    exec nc "$HOST" "$PORT"
+fi