+.B diagnostics
+Review the state of the server with respect to the MonkeySphere in
+general and report on suggested changes. Among other checks, this
+includes making sure there is a valid host key, that the key is
+published, that the sshd configuration points to the right place, and
+that there are at least some valid identity certifiers. `d' may be
+used in place of `diagnostics'.
+.TP
+.B add-identity-certifier KEYID
+Instruct system to trust user identity certifications made by KEYID.
+Using the `-n' or `--domain' option allows you to indicate that you
+only trust the given KEYID to make identifications within a specific
+domain (e.g. "trust KEYID to certify user identities within the
+@example.org domain"). A certifier trust level can be specified with
+the `-t' or `--trust' option (possible values are `marginal' and
+`full' (default is `full')). A certifier trust depth can be specified
+with the `-d' or `--depth' option (default is 1). `a' may be used in
+place of `add-identity-certifier'.
+.TP
+.B remove-identity-certifier KEYID
+Instruct system to ignore user identity certifications made by KEYID.
+`r' may be used in place of `remove-identity-certifier'.
+.TP
+.B list-identity-certifiers
+List key IDs trusted by the system to certify user identities. `l'
+may be used in place of `list-identity-certifiers'.
+.TP
+.B gpg-authentication-cmd
+Execute a gpg command on the gnupg-authentication keyring as the
+monkeysphere user. This takes a single command (multiple gpg
+arguments need to be quoted). Use this command with caution, as
+modifying the gnupg-authentication keyring can affect ssh user
+authentication.