From: Jameson Graef Rollins Date: Thu, 19 Jun 2008 03:48:45 +0000 (-0400) Subject: Merge commit 'micah/master' X-Git-Tag: monkeysphere_0.1-1~16^2~2 X-Git-Url: https://codewiz.org/gitweb?p=monkeysphere.git;a=commitdiff_plain;h=48cb8a96becb8cf089b78f594c6b5264f1878e99;hp=8a977a8371f2ea54e3888494e1b474befeba318b Merge commit 'micah/master' --- diff --git a/doc/TODO b/doc/TODO index bf51ae0..c17ef61 100644 --- a/doc/TODO +++ b/doc/TODO @@ -11,13 +11,11 @@ Determine how openssh handles multiple processes writing to Handle unknown hosts in such a way that they're not always removed from known_hosts file. Ask user to lsign the host key? -Handle multiple multiple hostnames (multiple user IDs?) when - generating host keys with gen-key. +Handle multiple hostnames (multiple user IDs?) when generating host + keys with gen-key. Make sure alternate ports are handled for known_hosts. -Add environment variables sections to man pages. - Script to import private key into ssh agent. Provide a friendly interactive UI for marginal or failing client-side @@ -56,3 +54,28 @@ Make it easier to do domain-relative ssh host trust signatures with "tsign" in gpg(1). Fix the order of questions when user does a tsign in gpg or gpg2. + +File bug against ssh-keygen about how "-R" option removes comments + from known_hosts file. + +File bug against ssh-keygen to see if we can get it to write to hash a + known_hosts file to/from stdout/stdin. + +Note all threat model reductions (with diagrams). + +Add environment variables sections to man pages. + +Environment variable scoping. + +Move environment variable precedence before conf file. + +Handle lockfiles when modifying known_hosts or authorized_keys. + +When using ssh-proxycommand, if only host keys found are expired or + revoked, then output loud warning with prompt, or fail hard. + +Update monkeysphere-ssh-proxycommand man page with new keyserver + checking policy info. + +Update monkeysphere-ssh-proxycommand man page with info about + no-connect option. diff --git a/etc/monkeysphere.conf b/etc/monkeysphere.conf index 17c1a14..f2ba4a7 100644 --- a/etc/monkeysphere.conf +++ b/etc/monkeysphere.conf @@ -15,7 +15,7 @@ # s = sign # c = certify # a = authentication -#REQUIRED_HOST_KEY_CAPABILITY="e a" +#REQUIRED_HOST_KEY_CAPABILITY="a" #REQUIRED_USER_KEY_CAPABILITY="a" # ssh known_hosts file @@ -27,3 +27,7 @@ # ssh authorized_keys file #AUTHORIZED_KEYS=~/.ssh/known_hosts + +# This overrides other environment variables +# NOTE: there is leakage +#CHECK_KEYRING=true diff --git a/src/common b/src/common index 7a90453..9b06b1d 100644 --- a/src/common +++ b/src/common @@ -73,7 +73,7 @@ unescape() { } # remove all lines with specified string from specified file -remove_file_line() { +remove_line() { local file local string @@ -120,7 +120,7 @@ ssh2authorized_keys() { key="$2" echo -n "$key" | tr -d '\n' - echo " MonkeySphere${DATE}: ${userID}" + echo " MonkeySphere${DATE} ${userID}" } # convert key from gpg to ssh known_hosts format @@ -153,7 +153,7 @@ gpg2authorized_keys() { # following regexp: # '^MonkeySphere[[:digit:]]{4}(-[[:digit:]]{2}){2}T[[:digit:]]{2}(:[[:digit:]]{2}){2}$' gpg2ssh "$keyID" | tr -d '\n' - echo " MonkeySphere${DATE}: ${userID}" + echo " MonkeySphere${DATE} ${userID}" } ### GPG UTILITIES @@ -395,7 +395,7 @@ remove_userid() { # remove user ID from file log -n " removing user ID '$userID'... " - remove_file_line "$AUTHORIZED_USER_IDS" "^${userID}$" + remove_line "$AUTHORIZED_USER_IDS" "^${userID}$" loge "done." } @@ -416,7 +416,7 @@ process_host_known_hosts() { while read -r ok keyid ; do sshKey=$(gpg2ssh "$keyid") # remove the old host key line - remove_file_line "$KNOWN_HOSTS" "$sshKey" + remove_line "$KNOWN_HOSTS" "$sshKey" # if key OK, add new host line if [ "$ok" -eq '0' ] ; then # hash if specified @@ -449,7 +449,7 @@ process_uid_authorized_keys() { while read -r ok keyid ; do sshKey=$(gpg2ssh "$keyid") # remove the old host key line - remove_file_line "$AUTHORIZED_KEYS" "$sshKey" + remove_line "$AUTHORIZED_KEYS" "$sshKey" # if key OK, add new host line if [ "$ok" -eq '0' ] ; then ssh2authorized_keys "$userID" "$sshKey" >> "$AUTHORIZED_KEYS" @@ -507,7 +507,7 @@ process_authorized_keys() { comment="$key" fi - if echo "$comment" | egrep -v -q '^MonkeySphere[[:digit:]]{4}(-[[:digit:]]{2}){2}T[[:digit:]]{2}(:[[:digit:]]{2}){2}:' ; then + if echo "$comment" | egrep -v -q '^MonkeySphere[[:digit:]]{4}(-[[:digit:]]{2}){2}T[[:digit:]]{2}(:[[:digit:]]{2}){2}' ; then continue fi userID=$(echo "$comment" | awk "{ print $2 }") diff --git a/src/monkeysphere b/src/monkeysphere index 6853f58..a6cecfd 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -115,7 +115,7 @@ AUTHORIZED_USER_IDS=${AUTHORIZED_USER_IDS:-"${MS_HOME}/authorized_user_ids"} GNUPGHOME=${GNUPGHOME:-"${HOME}/.gnupg"} KEYSERVER=${KEYSERVER:-"subkeys.pgp.net"} CHECK_KEYSERVER=${CHECK_KEYSERVER:="true"} -REQUIRED_HOST_KEY_CAPABILITY=${REQUIRED_HOST_KEY_CAPABILITY:-"e a"} +REQUIRED_HOST_KEY_CAPABILITY=${REQUIRED_HOST_KEY_CAPABILITY:-"a"} REQUIRED_USER_KEY_CAPABILITY=${REQUIRED_USER_KEY_CAPABILITY:-"a"} KNOWN_HOSTS=${KNOWN_HOSTS:-"${HOME}/.ssh/known_hosts"} AUTHORIZED_KEYS=${AUTHORIZED_KEYS:-"${HOME}/.ssh/authorized_keys"} diff --git a/src/monkeysphere-ssh-proxycommand b/src/monkeysphere-ssh-proxycommand index 4b90a0d..4cbcd51 100755 --- a/src/monkeysphere-ssh-proxycommand +++ b/src/monkeysphere-ssh-proxycommand @@ -13,9 +13,6 @@ # established. Can be added to ~/.ssh/config as follows: # ProxyCommand monkeysphere-ssh-proxycommand %h %p -HOST="$1" -PORT="$2" - usage() { cat <&2 usage: ssh -o ProxyCommand="$(basename $0) %h %p" ... @@ -26,6 +23,14 @@ log() { echo "$@" >&2 } +if [ "$1" = '--no-connect' ] ; then + NO_CONNECT='true' + shift 1 +fi + +HOST="$1" +PORT="$2" + if [ -z "$HOST" ] ; then log "host must be specified." usage @@ -37,20 +42,39 @@ if [ -z "$PORT" ] ; then exit 1 fi -# check for the host key in the known_hosts file -hostKey=$(ssh-keygen -F "$HOST") +# set the host URI +URI="ssh://${HOST}" +if [ "$PORT" != '22' ] ; then + URI="${URI}:$PORT" +fi -# if the host key is found in the known_hosts file, -# don't check the keyserver -if [ "$hostKey" ] ; then +# if the host is in the gpg keyring... +if gpg --list-key ="${URI}" >/dev/null ; then + # do not check the keyserver CHECK_KEYSERVER="false" +# if the host is NOT in the keyring... else - CHECK_KEYSERVER="true" + # if the host key is found in the known_hosts file... + # FIXME: this only works for default known_hosts location + hostKey=$(ssh-keygen -F "$HOST") + if [ "$hostKey" ] ; then + # if the check keyserver variable is NOT set to true... + if [ "$CHECK_KEYSERVER" != 'true' ] ; then + # schedule a keyserver check for host at a later time + echo "monkeysphere update-known_hosts $HOST" | at noon + fi + # if the host key is not found in the known_hosts file... + else + # check the keyserver + CHECK_KEYSERVER="true" + fi fi export CHECK_KEYSERVER # update the known_hosts file for the host -monkeysphere update-known-hosts "$HOST" +monkeysphere update-known_hosts "$HOST" # exec a netcat passthrough to host for the ssh connection -exec nc "$HOST" "$PORT" +if [ -z "$NO_CONNECT" ] ; then + exec nc "$HOST" "$PORT" +fi