1 .TH MONKEYSPHERE "1" "June 2008" "monkeysphere 0.1" "User Commands"
5 monkeysphere \- MonkeySphere client user interface
9 .B monkeysphere \fIcommand\fP [\fIargs\fP]
13 MonkeySphere is a system to leverage the OpenPGP Web of Trust for ssh
14 authentication and encryption. OpenPGP keys are tracked via GnuPG,
15 and added to the ssh authorized_keys and known_hosts files to be used
16 for authentication of ssh connections.
18 \fBmonkeysphere\fP is the MonkeySphere client utility.
22 \fBmonkeysphere\fP takes various subcommands:
24 .B update-known_hosts [HOST]...
25 Update the known_hosts file. For each specified host, gpg will be
26 queried for a key associated with the host URI (see HOST URIs),
27 querying a keyserver if specified. If a key is found, it will be
28 converted to an ssh key, and any matching ssh keys will be removed
29 from the user's known_hosts file. If the found key is acceptable (see
30 KEY ACCEPTABILITY), then the key will be updated and re-added to the
31 known_hosts file. If no gpg key is found for the host, then nothing
32 is done. If no hosts are specified, all hosts listed in the
33 known_hosts file will be processed. `k' may be used in place of
36 .B update-authorized_keys
37 Update the monkeysphere authorized_keys file. For each user ID in the
38 user's authorized_user_ids file, gpg will be queried for keys
39 associated with that user ID, querying a keyserver if specified. If a
40 key is found, it will be converted to an ssh key, and any matching ssh
41 keys will be removed from the user's authorized_keys file. If the
42 found key is acceptable (see KEY ACCEPTABILITY), then the key will be
43 updated and re-added to the authorized_keys file. If no gpg key is
44 found for the user ID, then nothing is done. `a' may be used in place
45 of `update-authorized_keys'.
48 Generate an `a` capable subkey. For the primary key with the
49 specified key ID, generate a subkey with "authentication" capability
50 that can be used for MonkeySphere transactions. `g' may be used in
51 place of `gen-subkey'.
54 Output a brief usage summary. `h' or `?' may be used in place of
59 Host OpenPGP keys have associated user IDs that use the ssh URI
60 specification for the host, ie. "ssh://host.full.domain".
64 GPG keys are considered acceptable if the following criteria are met:
67 The key must have the "authentication" ("a") usage flag set.
70 The key must be "fully" valid, and must not be expired or revoked.
75 ~/.config/monkeysphere/monkeysphere.conf
76 User monkeysphere config file.
78 /etc/monkeysphere/monkeysphere.conf
79 System-wide monkeysphere config file.
81 ~/.config/monkeysphere/authorized_user_ids
82 OpenPGP user IDs associated with keys that will be checked for
83 addition to the authorized_keys file.
87 Written by Jameson Rollins <jrollins@fifthhorseman.net>
91 .BR monkeysphere-ssh-proxycommand (1),
92 .BR monkeysphere-server (8),