monkeysphere-ssh-proxycommand(1)

NAME

monkeysphere-ssh-proxycommand - MonkeySphere ssh ProxyCommand script

DESCRIPTION

monkeysphere-ssh-proxy is an ssh proxy command that can be used to trigger a monkeysphere update of the ssh known_hosts file for a host that is being connected to with ssh. This works by updating the known_hosts file for the host first, before an attempted connection to the host is made. Once the known_hosts file has been updated, a TCP connection to the host is made by exec'ing netcat(1). Regular ssh communication is then done over this netcat TCP connection (see ProxyCommand in ssh_config(5) for more info).

This command is meant to be run as the ssh "ProxyCommand". This can either be done by specifying the proxy command on the command line:

ssh -o ProxyCommand="monkeysphere-ssh-proxycommand %h %p" ...

or by adding the following line to your ~/.ssh/config script:

ProxyCommand monkeysphere-ssh-proxycommand %h %p

The script can easily be incorporated into other ProxyCommand scripts by calling it with the "--no-connect" option, i.e.:

monkeysphere-ssh-proxycommand --no-connect $HOST $PORT

This will run everything except the final exec of netcat to make the TCP connection to the host. In this way this command can be added to another proxy command that does other stuff, and then makes the connection to the host itself.

KEYSERVER CHECKING

The proxy command has a fairly nuanced policy for when keyservers are queried when processing a host. If the host userID is not found in either the user's keyring or in the known_hosts file, then the keyserver is queried for the host userID. If the host userID is found in the user's keyring, then the keyserver is not checked. This assumes that the keyring is kept up-to-date, in a cronjob or the like, so that revocations are properly handled. If the host userID is not found in the user's keyring, but the host is listed in the known_hosts file, then the keyserver is not checked. This last policy might change in the future, possibly by adding a deferred check, so that hosts that go from non-monkeysphere-enabled to monkeysphere-enabled will be properly checked.

ENVIRONMENT VARIABLES

All environment variables defined in monkeysphere(1) can also be used for the proxy command, with one note:

MONKEYSPHERE_CHECK_KEYSERVER
Setting this variable (to `true' or `false') will override the policy defined in KEYSERVER CHECKING above.

AUTHOR

Written by Jameson Rollins <jrollins@fifthhorseman.net>

SEE ALSO

monkeysphere(1), monkeysphere(7), ssh(1), ssh_config(5), netcat(1), gpg(1)

monkeysphere 0.1 June 2008 MONKEYSPHERE-SSH-PROXYCOMMAND(1)

Copyright © 2010-2025 Platon Technologies, s.r.o.           Home | Man pages | tLDP | Documents | Utilities | About
Design by styleshout