Merge commit 'jrollins/master'

[monkeysphere.git] / man / man8 / monkeysphere-host.8

diff --git a/man/man8/monkeysphere-host.8 b/man/man8/monkeysphere-host.8
index 78b6b4a375afdaf680b5ab8b5e9a745e75c32d38..0a9fc1b5f2d2b5ad7b8ce6bf996346e779de57f8 100644 (file)
--- a/man/man8/monkeysphere-host.8
+++ b/man/man8/monkeysphere-host.8
@@ -23,15 +23,24 @@ connection authentication.
 
 \fBmonkeysphere-host\fP takes various subcommands:
 .TP
 
 \fBmonkeysphere-host\fP takes various subcommands:
 .TP

+.B import-key FILE [NAME[:PORT]]
+Import a pem-encoded ssh secret host key from file FILE.  If FILE
+is '-', then the key will be imported from stdin.  NAME[:PORT] is used
+to specify the hostname (and port) used in the user ID of the new
+OpenPGP key.  If NAME is not specified, then the system
+fully-qualified domain name will be used (ie. `hostname -f').  If PORT
+is not specified, the no port is added to the user ID, which means
+port 22 is assumed.  `i' may be used in place of `import-key'.
+.TP

 .B show-key
 Output information about host's OpenPGP and SSH keys.  `s' may be used
 in place of `show-key'.
 .TP
 .B show-key
 Output information about host's OpenPGP and SSH keys.  `s' may be used
 in place of `show-key'.
 .TP

-.B extend-key EXPIRE
+.B extend-key [EXPIRE]

 Extend the validity of the OpenPGP key for the host until EXPIRE from
 the present.  If EXPIRE is not specified, then the user will be
 Extend the validity of the OpenPGP key for the host until EXPIRE from
 the present.  If EXPIRE is not specified, then the user will be

-prompted for the extension term.  Expiration is specified like GnuPG
-does:
+prompted for the extension term.  Expiration is specified as with
+GnuPG:

 .nf
          0 = key does not expire
       <n>  = key expires in n days
 .nf
          0 = key does not expire
       <n>  = key expires in n days


@@ -49,13 +58,21 @@ place of `add-hostname'.
 Revoke a hostname user ID from the server host key.  `n-' may be used
 in place of `revoke-hostname'.
 .TP
 Revoke a hostname user ID from the server host key.  `n-' may be used
 in place of `revoke-hostname'.
 .TP

-.B add-revoker FINGERPRINT
-Add a revoker to the host's OpenPGP key.  `o' may be be used in place
+.B add-revoker KEYID|FILE
+Add a revoker to the host's OpenPGP key.  The key ID will be loaded
+from the keyserver.  A file may be loaded instead of pulling the key
+from the keyserver by specifying the path to the file as the argument,
+or by specifying `-` to load from stdin.  `r+' may be be used in place

 of `add-revoker'.
 .TP
 .B revoke-key
 of `add-revoker'.
 .TP
 .B revoke-key

-Revoke the host's OpenPGP key.  `r' may be used in place of
-`revoke-key'.
+Generate (with the option to publish) a revocation certificate for the
+host's OpenPGP key.  If such a certificate is published, your host key
+will be permanently revoked.  This subcommand will ask you a series of
+questions, and then generate a key revocation certificate, sending it
+to stdout.  If you explicitly tell it to publish the revocation
+certificate immediately, it will send it to the public keyservers.
+USE WITH CAUTION!

 .TP
 .B publish-key
 Publish the host's OpenPGP key to the keyserver.  `p' may be used in
 .TP
 .B publish-key
 Publish the host's OpenPGP key to the keyserver.  `p' may be used in


@@ -68,26 +85,8 @@ Output a brief usage summary.  `h' or `?' may be used in place of
 .B version
 show version number
 
 .B version
 show version number
 

-.SH "EXPERT" SUBCOMMANDS

 
 

-Some commands are very unlikely to be needed by most administrators.
-These commands must prefaced by the word `expert'.
-.TP
-.B gen-key [HOSTNAME]
-Generate a OpenPGP key for the host.  If HOSTNAME is not specified,
-then the system fully-qualified domain name will be user.  An
-alternate key bit length can be specified with the `-l' or `--length'
-option (default 2048).  An expiration length can be specified with the
-`-e' or `--expire' option (prompt otherwise).  The expiration format
-is the same as that of \fBextend-key\fP, below.  `g' may be used in
-place of `gen-key'.
-.TP
-.B import-key
-FIXME:
-  import-key (i)                     import existing ssh key to gpg
-   --hostname (-h) NAME[:PORT]         hostname for key user ID
-   --keyfile (-f) FILE                 key file to import
-   --expire (-e) EXPIRE                date to expire
+Other commands:

 .TP
 .B diagnostics
 Review the state of the monkeysphere server host key and report on
 .TP
 .B diagnostics
 Review the state of the monkeysphere server host key and report on


@@ -104,11 +103,6 @@ publish the host key to the keyservers, run the following command:
 
 $ monkeysphere-host publish-key
 
 
 $ monkeysphere-host publish-key
 

-You must also modify the sshd_config on the server to tell sshd where
-the new server host key is located:
-
-HostKey /var/lib/monkeysphere/host/ssh_host_rsa_key
-

 In order for users logging into the system to be able to identify the
 host via the monkeysphere, at least one person (e.g. a server admin)
 will need to sign the host's key.  This is done using standard OpenPGP
 In order for users logging into the system to be able to identify the
 host via the monkeysphere, at least one person (e.g. a server admin)
 will need to sign the host's key.  This is done using standard OpenPGP


@@ -128,6 +122,10 @@ increasing order of verbosity.
 .TP
 MONKEYSPHERE_KEYSERVER
 OpenPGP keyserver to use (pool.sks-keyservers.net).
 .TP
 MONKEYSPHERE_KEYSERVER
 OpenPGP keyserver to use (pool.sks-keyservers.net).

+.TP
+MONKEYSPHERE_PROMPT
+If set to `false', never prompt the user for confirmation. (true)
+

 
 .SH FILES
 
 
 .SH FILES