- Monkeysphere
- ------------
+Monkeysphere README
+===================
+user usage
+----------
+For a user to update their known_hosts file:
-This is the README!
+$ monkeysphere update-known_hosts
+
+For a user to update their monkeysphere authorized_keys file:
+
+$ monkeysphere update-authorized_keys
+
+server service publication
+--------------------------
+To publish a server host key:
+
+# monkeysphere-server gen-key
+# monkeysphere-server publish-key
+
+This will generate the key for server with the service URI
+(ssh://server.hostname). The server admin should now sign the server
+key so that people in the admin's web of trust can authenticate the
+server without manual host key checking:
+
+$ gpg --search ='ssh://server.hostname'
+$ gpg --sign-key 'ssh://server.hostname'
+
+server authorized_keys maintenance
+----------------------------------
+A system can maintain monkeysphere authorized_keys files for it's
+users.
+
+For each user account on the server, the userids of people authorized
+to log into that account would be placed in:
+
+/etc/monkeysphere/authorized_user_file/USER
+
+However, in order for users to become authenticated, the server must
+determine that the user keys have "full" validity. This means that
+the server must fully trust at least one person whose signature on the
+connecting users key would validate the user. This would generally be
+the server admin. If the server admin's keyid is XXXXXXXX, then on
+the server run:
+
+# monkeysphere-server trust-keys XXXXXXXX
+
+To update the monkeysphere authorized_keys file for user "bob", the
+system would then run the following:
+
+# monkeysphere-server update-users bob
+
+To update the monkeysphere authorized_keys file for all users on the
+the system, run the same command with no arguments:
+
+# monkeysphere-server update-users bob