.SH SYNOPSIS
.B monkeysphere-host \fIsubcommand\fP [\fIargs\fP]
-.br
-.B monkeysphere-host expert \fIexpert-subcommand\fP [\fIargs\fP]
.SH DESCRIPTION
\fBmonkeysphere-host\fP takes various subcommands:
.TP
+.B import-key FILE NAME[:PORT]
+Import a pem-encoded ssh secret host key from file FILE. If FILE
+is '-', then the key will be imported from stdin. NAME[:PORT] is used
+to specify the fully-qualified hostname (and port) used in the user ID
+of the new OpenPGP key. If PORT is not specified, the no port is
+added to the user ID, which means port 22 is assumed. `i' may be used
+in place of `import-key'.
+.TP
.B show-key
Output information about host's OpenPGP and SSH keys. `s' may be used
in place of `show-key'.
.TP
-.B extend-key EXPIRE
+.B extend-key [EXPIRE]
Extend the validity of the OpenPGP key for the host until EXPIRE from
the present. If EXPIRE is not specified, then the user will be
-prompted for the extension term. Expiration is specified like GnuPG
-does:
+prompted for the extension term. Expiration is specified as with
+GnuPG:
.nf
0 = key does not expire
<n> = key expires in n days
Revoke a hostname user ID from the server host key. `n-' may be used
in place of `revoke-hostname'.
.TP
-.B add-revoker FINGERPRINT
-Add a revoker to the host's OpenPGP key. `o' may be be used in place
+.B add-revoker KEYID|FILE
+Add a revoker to the host's OpenPGP key. The key ID will be loaded
+from the keyserver. A file may be loaded instead of pulling the key
+from the keyserver by specifying the path to the file as the argument,
+or by specifying `-` to load from stdin. `r+' may be be used in place
of `add-revoker'.
.TP
.B revoke-key
-Revoke the host's OpenPGP key. `r' may be used in place of
-`revoke-key'.
+Generate (with the option to publish) a revocation certificate for the
+host's OpenPGP key. If such a certificate is published, your host key
+will be permanently revoked. This subcommand will ask you a series of
+questions, and then generate a key revocation certificate, sending it
+to stdout. If you explicitly tell it to publish the revocation
+certificate immediately, it will send it to the public keyservers.
+USE WITH CAUTION!
.TP
.B publish-key
Publish the host's OpenPGP key to the keyserver. `p' may be used in
place of `publish-key'.
.TP
-.B import-key [NAME[:PORT]]
-Import a pem-encoded ssh secret host key, from stdin. NAME[:PORT] is
-used to specify the hostname (and port) used in the user ID of the new
-OpenPGP key. If NAME is not specified, then the system
-fully-qualified domain name will be used (ie. `hostname -f'). If PORT
-is not specified, the no port is added to the user ID, which means
-port 22 is assumed. `i' may be used in place of `import-key'.
+.B help
+Output a brief usage summary. `h' or `?' may be used in place of
+`help'.
+.TP
+.B version
+show version number
+
+
+Other commands:
.TP
.B diagnostics
Review the state of the monkeysphere server host key and report on
there is a valid host key, that the key is published, that the sshd
configuration points to the right place, etc. `d' may be used in
place of `diagnostics'.
-.TP
-.B help
-Output a brief usage summary. `h' or `?' may be used in place of
-`help'.
-.TP
-.B version
-show version number
.SH SETUP HOST AUTHENTICATION
.TP
MONKEYSPHERE_KEYSERVER
OpenPGP keyserver to use (pool.sks-keyservers.net).
+.TP
+MONKEYSPHERE_PROMPT
+If set to `false', never prompt the user for confirmation. (true)
+
.SH FILES
projects / monkeysphere.git / blobdiff