1 .TH MONKEYSPHERE "5" "June 2008" "monkeysphere" "System Frameworks"
5 monkeysphere \- ssh authentication framework using OpenPGP Web of
10 \fBMonkeySphere\fP is a framework to leverage the OpenPGP Web of Trust
11 for ssh authentication. OpenPGP keys are tracked via GnuPG, and added
12 to the authorized_keys and known_hosts files used by ssh for
13 connection authentication.
15 .SH IDENTITY CERTIFIERS
17 FIXME: describe identity certifier concept
21 During known_host and authorized_keys updates, the monkeysphere
22 commands work from a set of user IDs to determine acceptable keys for
23 ssh authentication. OpenPGP keys are considered acceptable if the
24 following criteria are met:
27 The key must have the "authentication" ("a") usage flag set.
30 The key itself must be valid, i.e. it must be well-formed, not
31 expired, and not revoked.
34 The relevant user ID must be signed by a trusted identity certifier.
36 .SH HOST IDENTIFICATION
38 The OpenPGP keys for hosts have associated user IDs that use the ssh
39 URI specification for the host, i.e. "ssh://host.full.domain[:port]".
43 Written by Jameson Rollins <jrollins@fifthhorseman.net>, Daniel Kahn
44 Gillmor <dkg@fifthhorseman.net>
49 .BR monkeysphere-server (8),
50 .BR monkeysphere-ssh-proxycommand (1),
53 .BR http://tools.ietf.org/html/rfc4880,
54 .BR http://tools.ietf.org/wg/secsh/draft-ietf-secsh-scp-sftp-ssh-uri/