The Monkeysphere enables you to use the OpenPGP web of trust to verify ssh connections. SSH key-based authentication is tried-and-true, but it lacks a true public key infrastructure for key certification, revocation, and expiration. Monkeysphere is a framework that uses the OpenPGP web of trust for these PKI functions. It can be used in both directions: for users to get validated host keys, and for hosts to authenticate users.
|Tags||Security Cryptography Systems Administration|
|Operating Systems||POSIX Linux|
|Implementation||Unix Shell bash|
Release Notes: The marginal UI was updated. Code portability improvements were made. The code was cleaned up. monkeysphere update-known_hosts was fixed for sshd running on non-standard ports. The "sshfpr" subcommand was added to output the ssh fingerprint of a gpg key. pem2openpgp now generates self-sigs over SHA-256 instead of SHA-1. Translation of keys with fingerprints with leading all-zero bytes is now properly handled. Symlinks are resolved when checking paths. MONKEYSPHERE_GROUP is now explicitly set and used from system "groups". monkeysphere-host now uses keytrans to add and revoke hostname.
Release Notes: This release adds info log output when a new key is added to the known_hosts file. It adds some useful output to the ssh-proxycommand for "marginal" cases where keys are found for the host but do not have full validity. It forces ssh-keygen to read from stdin to get the SSH key fingerprint. It will automatically output two copies of the host's public key: one a standard SSH public key file, and the other a minimal OpenPGP key with just the latest valid self-sig. In debian/control, the alternate dependency has been corrected from procfile to procmail (which provides /usr/bin/lockfile).
No changes have been submitted for this release.