aboutsummaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorEivind Eklund <eivind@FreeBSD.org>2002-10-31 21:11:07 +0000
committerEivind Eklund <eivind@FreeBSD.org>2002-10-31 21:11:07 +0000
commitadc23812ca05338d73b0362090599be5315a8581 (patch)
treec6a3aa77f22badf11e6f5e431d94cbae96a39c0a /security
parentbc820dd0a398e0c76ec1b57eed9d0a1dea616bbb (diff)
downloadports-adc23812ca05338d73b0362090599be5315a8581.tar.gz
ports-adc23812ca05338d73b0362090599be5315a8581.zip
Notes
Diffstat (limited to 'security')
-rw-r--r--security/safesh/Makefile6
-rw-r--r--security/safesh/pkg-plist4
-rw-r--r--security/safesh/src/safesh.1294
-rw-r--r--security/safesh/src/safesh.sh14
4 files changed, 200 insertions, 118 deletions
diff --git a/security/safesh/Makefile b/security/safesh/Makefile
index 3b509249b005..32da5514e825 100644
--- a/security/safesh/Makefile
+++ b/security/safesh/Makefile
@@ -8,7 +8,7 @@
#
PORTNAME= safesh
-PORTVERSION= 1.3
+PORTVERSION= 1.4
CATEGORIES= security
MASTER_SITES= # none
DISTFILES= # none
@@ -20,6 +20,8 @@ NO_WRKSUBDIR= yes
SRC= ${.CURDIR}/src
+# XXX Anybody that know how to create manlinks from ports easily, please
+# contact me.
MAN1= ${PORTNAME}.1
do-fetch:
@@ -29,5 +31,7 @@ do-install:
@${INSTALL_SCRIPT} ${SRC}/${PORTNAME}.sh ${PREFIX}/bin/${PORTNAME}
@${INSTALL_SCRIPT} ${SRC}/cvs-safesh.sh ${PREFIX}/bin/cvs-safesh
@${INSTALL_MAN} ${SRC}/${PORTNAME}.1 ${PREFIX}/man/man1
+ @${LN} ${PREFIX}/bin/${PORTNAME} ${PREFIX}/bin/scpsh
+ @${LN} ${PREFIX}/bin/${PORTNAME} ${PREFIX}/bin/safeshinstall
.include <bsd.port.mk>
diff --git a/security/safesh/pkg-plist b/security/safesh/pkg-plist
index 2e7225e6d2cb..20fa5e476333 100644
--- a/security/safesh/pkg-plist
+++ b/security/safesh/pkg-plist
@@ -1,2 +1,4 @@
-bin/safesh
bin/cvs-safesh
+bin/safesh
+bin/safeshinstall
+bin/scpsh
diff --git a/security/safesh/src/safesh.1 b/security/safesh/src/safesh.1
index f3ad4785d44c..1ba321d6c157 100644
--- a/security/safesh/src/safesh.1
+++ b/security/safesh/src/safesh.1
@@ -34,9 +34,33 @@
.Nd safe key manager for OpenSSH
.Sh SYNOPSIS
.Nm
-.Op Ar host
-.Op Ar -- ssh-parameters ...
+.Sm off
+.Op Ar user@
+.Ar host
+.Sm on
+.Op Ar "-- ssh-parameters ..."
+.Nm safeshinstall
+.Sm off
+.Op Ar user@
+.Ar host
+.Sm on
+.Nm cvs-safesh
+.Sm off
+.Op Ar user@
+.Ar host
+.Sm on
+.Op Ar command
+.Nm scpsh
+.Sm off
+.Op Ar user@
+.Ar host
+.Sm on
.Sh DESCRIPTION
+NOTE: This text often refers to $VARIABLE in description.
+What each of the references will be replaced with when
+.Nm
+runs is described at the end of the manpage.
+.Pp
.Nm
automatically creates one DSA key (called an identity) for each host you
connect to, and store this in a separate agent for each host.
@@ -46,7 +70,7 @@ Because each host use its own
.Xr ssh-agent 1 ,
the hosts you forward authentication to can only get at the authentication for
the hosts you specifically say it should be able to get at.
-
+.Pp
When run,
.Nm
.Bl -enum
@@ -80,7 +104,6 @@ Executes
.Xr ssh 1
with either $USER@$HOST or the extra command line supplied by the user.
.El
-
.Sh BASIC CONCEPT DESCRIPTION
.Nm
is an authentication manager for OpenSSH.
@@ -94,98 +117,87 @@ OpenSSH has improved this security model somewhat by not forwarding ssh
authentication by default, but still allows the host that you connect to
to grab your credentials and authenticate as you to anybody else when you
do authentication forwarding to it.
-
.Sh SIMPLE HOWTO
Starting to make use of
.Nm
is trivial:
.Bl -enum
.It
-Do "safesh <hostname>".
-This will ask you for a passphrase (three times), and create a directory
-$HOME/.safesh/<yourusername>@<hostname>-22, which contains authentication
-data for your user at <hostname>.
-.It
-Add the contents of $HOME/.safesh/<yourusername>@<hostname>-22/id_dsa.pub to
-$HOME/.ssh/authorized_keys2 on the host you
-.Nm
-*to*.
+Do
+.Dl % safeshinstall <[user@]hostname>
+This will ask for a passphrase (three times), create a directory
+$HOME/.safesh/<user>@<hostname>-22, which contains authentication
+data for your user at <hostname>, and add the contents of
+$HOME/.safesh/<user>@<hostname>-22/id_dsa.pub to
+$HOME/.ssh/authorized_keys2 on the host you connect to.
+The latter will result in
+.Xr ssh 1
+asking for authentication in the fashion you already use (most likely by
+asking for your password.)
.It
-Log in with "safesh <hostname>" from now on.
+Log in with
+.Li "safesh <hostname>"
+from now on.
This will ask you for a passphrase if you have not logged into that host this
session, and otherwise just let right in.
.El
-
-To give an example, let us say I (eivind@FreeBSD.org) want to set up this up
-for use with the main FreeBSD development server, freefall.freebsd.org, from
-the account "eivind" on my workstation:
-.Bl -enum
-.It
-eivind(ws)--% safesh freefall.freebsd.org
-
-<answer passphrase three times, then break off password prompt>
-.It
-eivind(ws)--% cat ~/.safesh/eivind@freefall.freebsd.org-22/id_dsa.pub | safesh freefall.freebsd.org -- freefall.freebsd.org 'mkdir -p .ssh && cat >> ~/.ssh/authorized_keys2'
-
-Answer password prompt with the password used on freefall.
-The command above updates authorized_keys2 file with the key we just
-generated.
-From now on, it is possible to connect to freefall with just
-"safesh freefall.freebsd.org"
-.El
-
-.Sh NAME REPLACEMENT
-.Bl -tag -width "$HOME/.safesh" -compact
-.It Pa $HOME
-is replaced with the path your home directory,
-.It Pa $HOST
-is replaced with the name of the host you are running
+.Sh UTILITY COMMANDS
.Nm
-towards.
-This is the machine you are
-.Xr ssh 1 ing
-into.
-.It Pa $YOURHOST
-is replaced with the name of the host you are running
-.Nm
-on, as output by
-.Xr hostname 1 .
-This is the name of the machine you are
-.Xr ssh 1 ing
-from.
-The use of $YOURHOST makes
+ships with two utility hacks to work around the fact that it is not a complete
+.Xr ssh 1
+replacement,
+.Nm scpsh
+and
+.Nm cvs-safesh .
+.Pp
+.Nm scpsh
+is for supporting use of
+.Xr scp 1
+with
+.Nm .
+.Nm scpsh
+.Sm off
+.Op Ar user@
+.Ar host
+.Sm on
+will start a new interactive shell (using the
+.Ev SHELL
+environment variable to determine which it should be), with the environment
+variables for using
+.Xr ssh-agent 1
+to authenticate to [user@]host already set.
+This allows use of
+.Xr scp 1
+without having to type passwords to authenticate.
+.Pp
+.Nm cvs-safesh
+makes it easy to use
.Nm
-safe to use with NFS-mounted home directories.
-.It Pa $AUTHTARGET
-is replaced with the authentication target for an authentication forwarding.
-This is
-.Pa not
-the same as $HOST.
-$AUTHTARGET is a machine you are
-.Xr ssh 1 ing
+along with
+.Xr cvs 1
+and other programs that use
+.Xr rsh 1
+or
+.Xr ssh 1
+with the format
+.Qq Li "ssh <user@host> <command>"
+or
+.Qq Li "ssh <host> <command>" .
+To use with
+.Xr cvs 1 ,
+just set
+.Ev CVS_RSH
to
-.Pa from
-$HOST.
-The format of $AUTHTARGET is <user>@<somehost>-<someport>, where <user>
-defaults to the username you run
-.Nm
-as, and <someport> default to 22 (and it is not possible to set anything
-else at this time.)
-.It Pa $USER
-is replaced with The username used on $HOST; defaults to the same as the
-username you have on $YOURHOST, but will be different if you do safesh
-user@host instead of just safesh host.
-.It Pa $PORT
-The port used on $HOST.
-Presently always 22.
-.El
-
+.Qq Li cvs-safesh
+instead of
+.Qq Li ssh .
+.Pp
.Sh FILES
.Bl -tag -width "$HOME/.safesh" -compact
.It Pa $HOME/.safesh/
Directory containing information for
.Nm .
-
+.Pp
.It Pa $HOME/.safesh/map
Mapping file for
.Nm ,
@@ -193,22 +205,22 @@ describing how to map host names to their canonical form.
This is usually used to map short names to their long form.
The format of the file is one mapping per line, what it is mapped from as the
first word, what it is mapped to as the second.
-
+.Pp
It is also possible to use this to map DNS names to their safe form by having
the name of the host as the first parameter, and the name of the host with a
period (.) at the end as the second parameter.
E.g, "freefall.freebsd.org freefall.freebsd.org."
-
+.Pp
.It Pa $HOME/.safesh/$USER@$HOST-$PORT/
Directory with data for a particular hostname.
Automatically generated on first connect to a host with
.Nm .
-
+.Pp
.It Pa $HOME/.safesh/$USER@$HOST-$PORT/dsa_id
Private key for use to authenticate as $USER@$HOST.
Automatically generated on first connect to a host with
.Nm .
-
+.Pp
.It Pa $HOME/.safesh/$USER@$HOST-$PORT/dsa_id.pub
Public key for use by $HOST to authenticate $USER.
To connect to $HOST as $USER using
@@ -217,19 +229,19 @@ without giving a password, add the contents of this file
to the end of $HOME/.ssh/authorized_keys2.
Automatically generated on first connect to a host with
.Nm .
-
+.Pp
.It Pa $HOME/.safesh/$USER@$HOST-$PORT/$AUTHTARGET
Private key for use when $HOST authenticates towards $AUTHTARGET.
This is used in preference to $HOME/.safesh/$AUTHTARGET/dsa_id for authentication
forwarding through $HOST to $AUTHTARGET.
-The file is only used if $AUTHTARGET is listed in $HOME/.safesh/$HOST/extra_keys.
+The file is only used if $AUTHTARGET is listed in $HOME/.safesh/$USER@$HOST-$PORT/extra_keys.
This file is not generated automatically by
.Nm .
It is only present if you have generated it using
.Xr ssh-keygen 1 .
Note that it is usually more than useless (can pose a security risk) to copy a
key used for other authentication to this location.
-
+.Pp
The use of explict authentication files for authentication forwarding is
primarily for protection against the case where the machine you run
.Nm
@@ -243,11 +255,11 @@ runs on cannot connect to $AUTHTARGET using the authentication forwarding
key.
The use of a separate forwarding key can also be used in combination with a
modified SSH to log which key was used where, and thus track key propagation.
-
-.It Pa $HOME/.safesh/$HOST/$AUTHTARGET.pub
+.Pp
+.It Pa $HOME/.safesh/$USER@$HOST-$PORT/$AUTHTARGET.pub
Public key corresponding to the private key described above.
-
-.It Pa $HOME/.safesh/$HOST/extra_keys
+.Pp
+.It Pa $HOME/.safesh/$USER@$HOST-$PORT/extra_keys
List of extra keys to make available for this host.
Each line in the file is first attempted matched against the host/user/port
database in $HOME/.safesh/.
@@ -263,8 +275,8 @@ If it does not find either of these,
will exit with an error message.
If it finds one, it will add it using
.Xr ssh-add 1 .
-
-.It Pa $HOME/.safesh/$HOST/activeagent-$YOURHOST.sh
+.Pp
+.It Pa $HOME/.safesh/$USER@$HOST-$PORT/activeagent-$YOURHOST.sh
Bourne shell (see
.Xr sh 1 ,
.Xr bash 1 ,
@@ -276,8 +288,8 @@ has been run against that host as this user since the machine
.Nm
runs on was last booted.
Note that this file most be source'd, not just run as a shell script.
-
-.It Pa $HOME/.safesh/$HOST/activeagent-$YOURHOST.csh
+.Pp
+.It Pa $HOME/.safesh/$USER@$HOST-$PORT/activeagent-$YOURHOST.csh
CSH (see
.Xr csh 1 ,
.Xr tcsh 1 )
@@ -289,7 +301,7 @@ has been run against that host as this user since the machine
runs on was last booted.
Note that this file most be source'd, not just run as a shell script.
.El
-
+.Pp
.Sh AUTHORS
.Nm
was written by
@@ -299,10 +311,11 @@ was written by
.Xr ssh-add 1 ,
.Xr ssh-agent 1 ,
.Xr ssh-keygen 1 .
-
+.Pp
.Sh KNOWN ISSUES
-.Nm does not handle whitespace in filenames specified in extra_keys correctly.
-
+.Nm
+does not handle whitespace in filenames specified in extra_keys correctly.
+.Pp
The ssh-agents that are started by will hang around until next reboot unless
you put 'killall ssh-agent' in .logout or similar.
This allows any login to your account to use your authentication towards
@@ -312,7 +325,7 @@ You must always assume that root can grab your authentication at the moment
you run do it, so this is only an issue in that the authentication stays
available longer.
This is not resolvable without rewriting ssh-agent.
-
+.Pp
.Sh MISSING FEATURES
.Bl -tag -width "mmmm" -compact
.It Pa Two-step secure SSH with an untrusted host in the middle
@@ -325,7 +338,7 @@ doing direct authentication to the server on the other side.
With the present version of OpenSSH, this has the problem of leaving the
actual port forwarding open while the tunnel is open - allowing other users to
set up their own tunnels, and weakening another side of the security model.
-
+.Pp
.It Pa Read out fingerprints
.Nm
should make it trivial to retrieve the fingerprint for
@@ -340,26 +353,26 @@ Other hosts, as registered in the known_host file on the host it is running
on.
This must presently be done by manual inspection.
.El
-
+.Pp
.It Pa Merge known_hosts
.Nm
should make it trivial to merge known_hosts and known_hosts2 with ones from
another host, including retrieving and uploading known_hosts as appropriate.
-
+.Pp
.It Pa Manage .ssh/authorized_keys2
.Nm
-should be able to automatically add/remove keys from the authorized_keys2 file
-on other machines, to make the entire
+should be able to automatically remove keys from the authorized_keys2 file
+on other machines, to make everything about the
.Nm
process self-contained.
-
+.Pp
.It Pa Manage setup of key limitations
When managing authorized_keys2, it is also reasonable to manage key limitation
in this.
IP restrictions ("from=") should be handled to make it easy to create setups
where the local machine do not have direct access to a target.
Command restrictions etc would be good to have just for completeness.
-
+.Pp
.It Pa Emulate the entire ssh syntax
Presently, the
.Nm
@@ -368,18 +381,69 @@ This is because it is a fairly quick hack, just made to be usable.
Later, it would be nice to rewrite it to be fully compatible with
.Xr ssh 1 .
This would allow use as a drop-in replacement.
-
-.It Pa Description of the trust/threath/security model
-It would be nice to have a complete description of the normal SSH threath model
+.Pp
+.It Pa Description of the trust/threat/security model
+It would be nice to have a complete description of the normal SSH threat model
as well as the
.Nm
-threath model, in order to make people fully conscious of their own model.
-
+threat model, in order to make people fully conscious of their own model.
+.Pp
.It Pa Emulate scp
.Xr scp 1
-is a very useful command.
-Unfortunately, it is almost unusable along with safesh, unless you use the
-activeagent files (preferably along with running all of this in a subshell, so
-you do not get extra authentication keys when you are not planning to.)
-
+is very useful, and the only way to use it with
+.Nm
+at the moment is through a subshell created by
+.Nm scpsh .
+An ideal
+.Nm
+implementation would include wrapping of
+.Xr scp 1 ,
+too.
+.Pp
+.El
+.Sh VARIABLE REPLACEMENT IN DESCRIPTIONS
+.Bl -tag -width "$HOME/.safesh" -compact
+.It Pa $HOME
+is replaced with the path your home directory,
+.It Pa $HOST
+is replaced with the name of the host you are running
+.Nm
+towards.
+This is the machine you are
+.Xr ssh 1 ing
+into.
+.It Pa $YOURHOST
+is replaced with the name of the host you are running
+.Nm
+on, as output by
+.Xr hostname 1 .
+This is the name of the machine you are
+.Xr ssh 1 ing
+from.
+The use of $YOURHOST makes
+.Nm
+safe to use with NFS-mounted home directories.
+.It Pa $AUTHTARGET
+is replaced with the authentication target for an authentication forwarding.
+This is
+.Pa not
+the same as $HOST.
+$AUTHTARGET is a machine you are
+.Xr ssh 1 ing
+to
+.Pa from
+$HOST.
+The format of $AUTHTARGET is <user>@<somehost>-<someport>, where <user>
+defaults to the username you run
+.Nm
+as, and <someport> default to 22 (and it is not possible to set anything
+else at this time.)
+.It Pa $USER
+is replaced with The username used on $HOST; defaults to the same as the
+username you have on $YOURHOST, but will be different if you do safesh
+user@host instead of just safesh host.
+.It Pa $PORT
+The port used on $HOST.
+Presently always 22.
.El
+.Pp
diff --git a/security/safesh/src/safesh.sh b/security/safesh/src/safesh.sh
index 1774e594e0a8..194ed20a4ddd 100644
--- a/security/safesh/src/safesh.sh
+++ b/security/safesh/src/safesh.sh
@@ -38,6 +38,13 @@ shift 2> /dev/null;
HOSTDIR=$AKEYS/$USER@${HOST}-22
if [ ! -d $HOSTDIR ]; then
+ while ! [ "$answer" = "yes" -o "$answer" = "no" ]; do
+ echo -n "New host $HOST - create key (yes/no)? " 1>&2
+ read answer
+ done
+ if [ "$answer" = "no" ]; then
+ exit 1
+ fi
mkdir -p $HOSTDIR || myx "$0: Unable to create $HOSTDIR"
fi
@@ -106,7 +113,12 @@ if [ "${KEYLIST}" != "" ]; then
fi
fi
-if [ "$1" = "" ]; then
+BASENAME=`basename $0`
+if [ "$BASENAME" = "scpsh" ]; then
+ exec $SHELL -i
+elif [ "$BASENAME" = "safeshinstall" ]; then
+ cat $HOSTDIR/id_dsa.pub | ssh $USER@$HOST 'mkdir -p .ssh && cat >> .ssh/authorized_keys2'
+elif [ "$1" = "" ]; then
exec ssh -A $USER@$HOST
else
exec ssh "$@"