+.SH SETUP
+
+In order to start using the monkeysphere, you must first generate an
+OpenPGP key for the server and convert that key to an ssh key that can
+be used by ssh for host authentication. This can be done with the
+\fBgen-key\fP subcommand:
+
+$ monkeysphere-server gen-key
+
+To enable host verification via the monkeysphere, you must then
+publish the host's key to the Web of Trust using the \fBpublish-key\fP
+command to push the key to a keyserver. Then modify the sshd_config
+to tell sshd where the new server host key is located:
+
+HostKey /var/lib/monkeysphere/ssh_host_rsa_key
+
+In order for users logging into the system to be able to verify the
+host via the monkeysphere, at least one person (ie. a server admin)
+will need to sign the host's key. This is done in the same way that
+key signing is usually done, by pulling the host's key from the
+keyserver, signing the key, and re-publishing the signature. Once
+that is done, users logging into the host will be able to certify the
+host's key via the signature of the host admin.
+
+If the server will also handle user authentication through
+monkeysphere-generated authorized_keys files, the server must be told
+which keys will act as user certifiers. This is done with the
+\fBadd-certifier\fP command:
+
+$ monkeysphere-server add-certifier KEYID
+
+where KEYID is the key ID of the server admin, or whoever's signature
+will be certifying users to the system. Certifiers can be later
+remove with the \fBremove-certifier\fP command, and listed with the
+\fBlist-certifiers\fP command.
+
+Remote user's will then be granted access to a local user account
+based on the appropriately signed and valid keys associated with user
+IDs listed in the authorized_user_ids file of the local user. By
+default, the authorized_user_ids file for local users is found in
+~/.config/monkeysphere/authorized_user_ids. This can be changed in
+the monkeysphere-server.conf file.
+
+The \fBupdate-users\fP command can then be used to generate
+authorized_keys file for local users based on the authorized user IDs
+listed in the user's authorized_user_ids file:
+
+$ monkeysphere-server update-users USER
+
+sshd can then use these files to grant access to user accounts for
+remote users. If no user is specified, authorized_keys files will be
+generated for all users on the system. You must also tell sshd to
+look at the monkeysphere-generated authorized_keys file for user
+authentication by setting the following in the sshd_config:
+
+AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u
+
+It is recommended to add "monkeysphere-server update-users" to a
+system crontab, so that user keys are kept up-to-date, and key
+revokations and expirations can be processed in a timely manor.
+