MonkeySphere is a system to leverage the OpenPGP Web of Trust for ssh
authentication and encryption. OpenPGP keys are tracked via GnuPG,
and added to the ssh authorized_keys and known_hosts files to be used
for authentication and encryption of ssh connection.
\fBmonkeysphere\fP is the MonkeySphere client utility.
MonkeySphere is a system to leverage the OpenPGP Web of Trust for ssh
authentication and encryption. OpenPGP keys are tracked via GnuPG,
and added to the ssh authorized_keys and known_hosts files to be used
for authentication and encryption of ssh connection.
\fBmonkeysphere\fP is the MonkeySphere client utility.
specified should be exact matches to OpenPGP user IDs. For each
specified user ID, gpg will be queried for a key associated with that
user ID, querying a keyserver if none is found in the user's keychain.
If a key is found, it will be added to the user_keys cache (see KEY
CACHES) and the user ID will be added to the user's
specified should be exact matches to OpenPGP user IDs. For each
specified user ID, gpg will be queried for a key associated with that
user ID, querying a keyserver if none is found in the user's keychain.
If a key is found, it will be added to the user_keys cache (see KEY
CACHES) and the user ID will be added to the user's
-authorized_user_ids file (if it wasn't already present).
+authorized_user_ids file (if it wasn't already present). `u' may be
+used in place of `update-userids'.
+.TP
+.B remove-userids [USERID]...
+Remove a user ID from the authorized_user_ids file. The user IDs
+specified should be exact matches to OpenPGP user IDs. `r' may be
+used in place of `remove-userids'.
.TP
.B update-authorized_keys
Update the monkeysphere authorized_keys file. The monkeysphere
authorized_keys file will be regenerated from the valid keys in the
user_key cache, and the user's independently controlled
.TP
.B update-authorized_keys
Update the monkeysphere authorized_keys file. The monkeysphere
authorized_keys file will be regenerated from the valid keys in the
user_key cache, and the user's independently controlled
-.B gen-ae-subkey KEYID
-Generate an `ae` capable subkey. For the primary key with the
-specified key ID, generate a subkey with "authentication" and
-"encryption" capability that can be used for MonkeySphere
-transactions.
+.B gen-subkey KEYID
+Generate an `a` capable subkey. For the primary key with the
+specified key ID, generate a subkey with "authentication" capability
+that can be used for MonkeySphere transactions. `g' may be used in
+place of `gen-subkey'.
-The key must have both the "authentication" and "encrypt" capability
-flags.
+For host keys, the key must have both the "authentication" ("a") and
+"encrypt" ("e") capability flags. For user keys, the key must have
+the "authentication" ("a") capability flag.
Monkeysphere keeps track of keys in key cache directories. The files
in the cache are named with the format "USERID_HASH.PUB_KEY_ID", where
USERID_HASH is a hash of the exact OpenPGP user ID, and PUB_KEY_ID is
Monkeysphere keeps track of keys in key cache directories. The files
in the cache are named with the format "USERID_HASH.PUB_KEY_ID", where
USERID_HASH is a hash of the exact OpenPGP user ID, and PUB_KEY_ID is
key lines will be stored in the user_keys cache files. OpenPGP keys
are converted to ssh-style keys with the openpgp2ssh utility (see `man
openpgp2ssh').
key lines will be stored in the user_keys cache files. OpenPGP keys
are converted to ssh-style keys with the openpgp2ssh utility (see `man
openpgp2ssh').