* More monkeysphere-server diagnostics
* monkeysphere --gen-subkey now guesses what KeyID you meant.
* set up host-key revocation
+ * added Recommends: ssh-askpass to ensure monkeysphere --gen-subkey works
[ Jameson Graef Rollins ]
* fix another bug for when ssh key files are missing.
* enabled host key publication.
* added checking of gpg.conf for keyserver
- -- Jameson Graef Rollins <jrollins@phys.columbia.edu> Fri, 15 Aug 2008 10:46:23 -0700
+ -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Fri, 15 Aug 2008 16:06:31 -0400
monkeysphere (0.7-1) experimental; urgency=low
Package: monkeysphere
Architecture: any
Depends: openssh-client, gnupg | gnupg2, coreutils (>= 6), moreutils, lockfile-progs, adduser, ${shlibs:Depends}
-Recommends: netcat | socat
+Recommends: netcat | socat, ssh-askpass
Enhances: openssh-client, openssh-server
Description: use the OpenPGP web of trust to verify ssh connections
SSH key-based authentication is tried-and-true, but it lacks a true
}
# generate a subkey with the 'a' usage flags set
-# FIXME: this needs some tweaking to clean it up
gen_subkey(){
local keyLength
local keyExpire
)
log "generating subkey..."
- echo "$editCommands" | gpg --expert --command-fd 0 --edit-key "$keyID"
+ fifoDir=$(mktemp -d)
+ (umask 077 && mkfifo "$fifoDir/pass")
+ echo "$editCommands" | gpg --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --edit-key "$keyID" &
+
+ if [ "$DISPLAY" ] && which ssh-askpass >/dev/null; then
+ ssh-askpass "Please enter your passphrase for $keyID: " > "$fifoDir/pass"
+ else
+ read -s -p "Please enter your passphrase for $keyID: " PASS
+ echo "$PASS" > "$fifoDir/pass"
+ fi
+ rm -rf "$fifoDir"
+ wait
log "done."
}
Alternately, we could use `--passwd-fd` and `ssh-agent`, along the
lines i proposed [for handling passphrase-locked secret
keys](/bugs/handle-passphrase-locked-secret-keys).
+
+---
+
+[[bugs/done]] as of 2008-08-15 16:48:26-0400 (to be released in 0.8-1)
+
+I opted to go with the `ssh-askpass` route, and fall back to echoing
+stuff to a fifo directly if `ssh-askpass` is not available.