Merge commit 'jrollins/master'

[monkeysphere.git] / man / man8 / monkeysphere-host.8

diff --git a/man/man8/monkeysphere-host.8 b/man/man8/monkeysphere-host.8
index 6c973156ed790e01b92857cde8e1bbb344064b6c..c457711e831fc6a562ad626ccd99b36f4b311ea6 100644 (file)
--- a/man/man8/monkeysphere-host.8
+++ b/man/man8/monkeysphere-host.8
@@ -7,8 +7,6 @@ monkeysphere-host \- Monkeysphere host admin tool.
 .SH SYNOPSIS
 
 .B monkeysphere-host \fIsubcommand\fP [\fIargs\fP]
 .SH SYNOPSIS
 
 .B monkeysphere-host \fIsubcommand\fP [\fIargs\fP]

-.br
-.B monkeysphere-host expert \fIexpert-subcommand\fP [\fIargs\fP]

 
 .SH DESCRIPTION
 
 
 .SH DESCRIPTION
 


@@ -23,23 +21,23 @@ connection authentication.
 
 \fBmonkeysphere-host\fP takes various subcommands:
 .TP
 
 \fBmonkeysphere-host\fP takes various subcommands:
 .TP

-.B import-key [NAME[:PORT]]
-Import a pem-encoded ssh secret host key, from stdin.  NAME[:PORT] is
-used to specify the hostname (and port) used in the user ID of the new
-OpenPGP key.  If NAME is not specified, then the system
-fully-qualified domain name will be used (ie. `hostname -f').  If PORT
-is not specified, the no port is added to the user ID, which means
-port 22 is assumed.  `i' may be used in place of `import-key'.
+.B import-key FILE NAME[:PORT]
+Import a pem-encoded ssh secret host key from file FILE.  If FILE
+is '-', then the key will be imported from stdin.  NAME[:PORT] is used
+to specify the fully-qualified hostname (and port) used in the user ID
+of the new OpenPGP key.  If PORT is not specified, the no port is
+added to the user ID, which means port 22 is assumed.  `i' may be used
+in place of `import-key'.

 .TP
 .B show-key
 Output information about host's OpenPGP and SSH keys.  `s' may be used
 in place of `show-key'.
 .TP
 .TP
 .B show-key
 Output information about host's OpenPGP and SSH keys.  `s' may be used
 in place of `show-key'.
 .TP

-.B extend-key EXPIRE
+.B extend-key [EXPIRE]

 Extend the validity of the OpenPGP key for the host until EXPIRE from
 the present.  If EXPIRE is not specified, then the user will be
 Extend the validity of the OpenPGP key for the host until EXPIRE from
 the present.  If EXPIRE is not specified, then the user will be

-prompted for the extension term.  Expiration is specified like GnuPG
-does:
+prompted for the extension term.  Expiration is specified as with
+GnuPG:

 .nf
          0 = key does not expire
       <n>  = key expires in n days
 .nf
          0 = key does not expire
       <n>  = key expires in n days


@@ -57,13 +55,21 @@ place of `add-hostname'.
 Revoke a hostname user ID from the server host key.  `n-' may be used
 in place of `revoke-hostname'.
 .TP
 Revoke a hostname user ID from the server host key.  `n-' may be used
 in place of `revoke-hostname'.
 .TP

-.B add-revoker FINGERPRINT
-Add a revoker to the host's OpenPGP key.  `o' may be be used in place
+.B add-revoker KEYID|FILE
+Add a revoker to the host's OpenPGP key.  The key ID will be loaded
+from the keyserver.  A file may be loaded instead of pulling the key
+from the keyserver by specifying the path to the file as the argument,
+or by specifying `-` to load from stdin.  `r+' may be be used in place

 of `add-revoker'.
 .TP
 .B revoke-key
 of `add-revoker'.
 .TP
 .B revoke-key

-Revoke the host's OpenPGP key.  `r' may be used in place of
-`revoke-key'.
+Generate (with the option to publish) a revocation certificate for the
+host's OpenPGP key.  If such a certificate is published, your host key
+will be permanently revoked.  This subcommand will ask you a series of
+questions, and then generate a key revocation certificate, sending it
+to stdout.  If you explicitly tell it to publish the revocation
+certificate immediately, it will send it to the public keyservers.
+USE WITH CAUTION!

 .TP
 .B publish-key
 Publish the host's OpenPGP key to the keyserver.  `p' may be used in
 .TP
 .B publish-key
 Publish the host's OpenPGP key to the keyserver.  `p' may be used in