+monkeysphere gen-subkey --expire 2
+
+# add server key to testuser keychain
+echo "### export server key to testuser..."
+gpgadmin --armor --export "$HOSTKEYID" | gpg --import
+
+# teach the "server" about the testuser's key
+echo "### export testuser key to server..."
+gpg --export testuser | monkeysphere-server gpg-authentication-cmd --import
+echo "### update server authorized_keys file for this testuser..."
+monkeysphere-server update-users $(whoami)
+
+# connect to test sshd, using monkeysphere-ssh-proxycommand to verify
+# the identity before connection. This should work in both directions!
+echo "### ssh connection test for success..."
+ssh_test
+
+# remove the testuser's authorized_user_ids file and update
+# authorized_keys file, this is to make sure that the ssh
+# authentication FAILS...
+echo "### removing testuser authorized_user_ids and reupdating authorized_keys..."
+rm -f "$TEMPDIR"/testuser/.monkeysphere/authorized_user_ids
+monkeysphere-server update-users $(whoami)
+
+# make sure the user can NOT connect
+echo "### ssh connection test for server authentication denial..."
+ssh_test
+ret="$?"
+if [ "$ret" != '255' ] ; then
+ echo "### connection should have failed!"
+ exit "$ret"
+fi