-Monkeysphere User README
+#Monkeysphere User README
========================
You don't have to be an OpenSSH or OpenPGP expert to use the
-Monkeysphere. However, you should be comfortable using secure shell and
-you should already have GnuPG installed and an OpenPGP key pair before
-you begin.
+Monkeysphere. However, you should be comfortable using secure shell
+(ssh), and you should already have GnuPG installed and an OpenPGP key
+pair before you begin.
As a regular user on a system where the monkeysphere package is
installed, you probably want to do a few things:
-Keeping your keyring up-to-date
--------------------------------
+
+Keep your keyring up-to-date
+----------------------------
Regularly refresh your GnuPG keyring from the keyservers. This can be
done with a simple cronjob. An example of crontab line to do this is:
-0 12 * * * /usr/bin/gpg --refresh-keys > /dev/null 2>&1
+ 0 12 * * * /usr/bin/gpg --refresh-keys > /dev/null 2>&1
This would refresh your keychain every day at noon.
hosts are. This can be done with the monkeysphere-ssh-proxycommand
(see next section) or with the update-known_hosts command:
-$ monkeysphere update-known_hosts
+ $ monkeysphere update-known_hosts
This command will check to see if there is an OpenPGP key for
each (non-hashed) host listed in the known_hosts file, and then add
to integrate this is to add the following line to the "Host *" section
of your ~/.ssh/config file:
-ProxyCommand monkeysphere-ssh-proxycommand %h %p
+ ProxyCommand monkeysphere-ssh-proxycommand %h %p
The "Host *" section specifies what ssh options to use for all
connections. If you don't already have a "Host *" line, you can add it
by entering:
-Host *
+ Host *
On a line by itself. Add the ProxyCommand line just below it.
The remaining steps will complete the second half: allow servers to
verify you based on your OpenPGP key.
+
Setting up an OpenPGP authentication key
----------------------------------------
current key, if you don't already have one. If your OpenPGP key is
keyid $GPGID, you can set up such a subkey relatively easily with:
-$ monkeysphere gen-subkey $GPGID
+ $ monkeysphere gen-subkey $GPGID
Typically, you can find out what your keyid is by running:
-gpg --list-secret-keys
+ $ gpg --list-secret-keys
The first line (starting with sec) will include your key length followed
by the type of key (e.g. 1024D) followed by a slash and then your keyid.
+
Using your OpenPGP authentication key for SSH
---------------------------------------------
With the patched gnutls installed, you can feed your authentication sub
key to your ssh agent by running:
- monkeysphere subkey-to-ssh-agent
+ $ monkeysphere subkey-to-ssh-agent
FIXME: using the key with a single session?
If you want to do this as a regular user, use the
update-authorized_keys command:
-$ monkeysphere update-authorized_keys
+ $ monkeysphere update-authorized_keys
This command will take all the user IDs listed in the
~/.config/monkeysphere/authorized_user_ids file and check to see if