-echo "-- generating key for testuser..."
-MONKEYSPHERE_GNUPGHOME="$TEMPDIR"/testuser/.gnupg \
- monkeysphere gen-subkey --expire 0
-
-# connect to sample sshd host key, using monkeysphere to verify the
-# identity before connection.
-
-## FIXME: implement!
-
-# create a new client side key, certify it with the "CA", use it to
-# log in.
-
-## FIXME: implement!
-
+echo "### generating key for testuser..."
+export GNUPGHOME="$TEMPDIR"/testuser/.gnupg
+export SSH_ASKPASS="$TEMPDIR"/testuser/.ssh/askpass
+export MONKEYSPHERE_HOME="$TEMPDIR"/testuser/.monkeysphere
+
+monkeysphere gen-subkey --expire 0
+
+# add server key to testuser keychain
+echo "### export server key to testuser..."
+gpgadmin --armor --export "$HOSTKEYID" | gpg --import
+
+# teach the "server" about the testuser's key
+echo "### export testuser key to server..."
+gpg --export testuser | monkeysphere-server gpg-authentication-cmd --import
+echo "### update server authorized_keys file for this testuser..."
+monkeysphere-server update-users "$USER"
+
+# connect to test sshd, using monkeysphere-ssh-proxycommand to verify
+# the identity before connection. This should work in both directions!
+echo "### testuser connecting to sshd socket..."
+ssh_test
+
+# kill the previous sshd process if it's still running
+kill "$SSHD_PID"
+
+# now remove the testuser's authorized_user_ids file and reupdate
+# authorized_keys file...
+echo "### removing testuser authorized_user_ids and reupdating authorized_keys..."
+rm -f "$TEMPDIR"/testuser/.monkeysphere/authorized_user_ids
+monkeysphere-server update-users "$USER"
+
+# restart the sshd
+echo "### restarting sshd..."
+launch_sshd
+
+# and make sure the user can no longer connect
+echo "### testuser attempting to connect to sshd socket..."
+ssh_test || SSH_RETURN="$?"
+if [ "$SSH_RETURN" != '255' ] ; then
+ exit
+fi
+
+trap - EXIT
+
+echo
+echo "Monkeysphere basic tests completed successfully!"
+echo
+
+cleanup