========================
You don't have to be an OpenSSH or OpenPGP expert to use the
-Monkeysphere. However, you should be comfortable using secure shell and
-you should already have GnuPG installed and an OpenPGP key pair before
-you begin.
+Monkeysphere. However, you should be comfortable using secure shell
+(ssh), and you should already have GnuPG installed and an OpenPGP key
+pair before you begin.
As a regular user on a system where the monkeysphere package is
installed, you probably want to do a few things:
-Keeping your keyring up-to-date
--------------------------------
+
+Keep your keyring up-to-date
+----------------------------
Regularly refresh your GnuPG keyring from the keyservers. This can be
done with a simple cronjob. An example of crontab line to do this is:
$ monkeysphere update-known_hosts
-This will command will check to see if there is an OpenPGP key for
+This command will check to see if there is an OpenPGP key for
each (non-hashed) host listed in the known_hosts file, and then add
the key for that host to the known_hosts file if one is found. This
command could be added to a crontab as well, if desired.
The remaining steps will complete the second half: allow servers to
verify you based on your OpenPGP key.
+
Setting up an OpenPGP authentication key
----------------------------------------
Typically, you can find out what your keyid is by running:
-gpg --list-key your@email.address
+gpg --list-secret-keys
-The first line (starting with pub) will include your key length followed
+The first line (starting with sec) will include your key length followed
by the type of key (e.g. 1024D) followed by a slash and then your keyid.
+
Using your OpenPGP authentication key for SSH
---------------------------------------------
-Once you have created a OpenPGP authentication key, you can feed it to
-your ssh agent by running seckey2sshagent (currently this is found in
-the src directory). Please run:
+Once you have created an OpenPGP authentication key, you will need to
+feed it to your ssh agent.
-./seckey2sshagent --help
+Currently (2008-08-23), gnutls does not support this operation. In order
+to take this step, you will need to upgrade to a patched version of
+gnutls. You can easily upgrade a Debian system by adding the following
+to /etc/apt/sources.list.d/monkeysphere.list:
-And read the directions - particularly the part about being dropped into
-a gpg edit session. This is a work in progress!
+ deb http://monkeysphere.info/debian experimental gnutls
+ deb-src http://monkeysphere.info/debian experimental gnutls
-NOTE: the current version of openpgp2ssh does *not* deal well with
-encrypted keys (as of 2008-07-26)
+Next, run `aptitude update; aptitude install libgnuttls26`.
+
+With the patched gnutls installed, you can feed your authentication sub
+key to your ssh agent by running:
+
+ monkeysphere subkey-to-ssh-agent
FIXME: using the key with a single session?
+
Miscellaneous
-------------