.TH MONKEYSPHERE-SERVER "1" "June 2008" "monkeysphere 0.1" "User Commands"
+
.SH NAME
+
monkeysphere-server \- monkeysphere server admin user interface
+
.SH SYNOPSIS
+
.B monkeysphere-server \fIcommand\fP [\fIargs\fP]
+
.SH DESCRIPTION
+
+\fBMonkeySphere\fP is a system to leverage the OpenPGP Web of Trust
+for ssh authentication and encryption. OpenPGP keys are tracked via
+GnuPG, and added to the ssh authorized_keys and known_hosts files to
+be used for authentication of ssh connections.
+
+\fBmonkeysphere-server\fP is the MonkeySphere server admin utility.
+
+.SH SUBCOMMANDS
+
+\fBmonkeysphere-server\fP takes various subcommands:
+.TP
+.B update-users [USER]...
+Update the admin-controlled authorized_keys files for user. For each
+user specified, user ID's listed in the user's authorized_user_ids
+file are processed, and the user's authorized_keys file in
+/var/cache/monkeysphere/authorized_keys/USER. See `man monkeysphere'
+for more info. If the USER_CONTROLLED_AUTHORIZED_KEYS variable is
+set, then a user-controlled authorized_keys file (usually
+~USER/.ssh/authorized_keys) is added to the authorized_keys file. `k'
+may be used in place of `update-known_hosts'.
+.TP
+.B gen-key
+Generate a gpg key for the host. `g' may be used in place of
+`gen-key'.
+.TP
+.B show-fingerprint
+Show the fingerprint for the host's OpenPGP key. `f' may be used in place of
+`show-fingerprint'.
+.TP
+.B publish-key
+Publish the host's gpg key to the keyserver. `p' may be used in place
+of `publish-key'.
+.TP
+.B trust-keys KEYID...
+Mark key specified with key IDs with full owner trust. `t' may be used
+in place of `trust-keys'.
+.TP
+.B help
+Output a brief usage summary. `h' or `?' may be used in place of
+`help'.
+
+.SH SETUP
+
+In order to start using the monkeysphere, there are a couple of things
+you need to do first. The first is to generate an OpenPGP key for the
+server and convert that key to an ssh key that can be used by ssh for
+host authentication. To do this, run the "gen-key" subcommand. Once
+that is done, publish the key to a keyserver with "publish-key"
+subcommand. Finally, you need to modify the sshd_config to tell sshd
+where the new server host key:
+
+HostKey /etc/monkeysphere/ssh_host_rsa_key
+
+If the server will also handle user authentication through
+monkeysphere-generated authorized_keys files, set the following:
+
+AuthorizedKeysFile /var/cache/monkeysphere/authorized_keys/%u
+
+Once those changes are made, restart the ssh server.
+
+.SH FILES
+
+.TP
+/etc/monkeysphere/monkeysphere-server.conf
+System monkeysphere-server config file.
+.TP
+/etc/monkeysphere/monkeysphere.conf
+System-wide monkeysphere config file.
+.TP
+/etc/monkeysphere/gnupg
+Monkeysphere GNUPG home directory.
+.TP
+/etc/monkeysphere/ssh_host_rsa_key
+Copy of the host's private key in ssh format, suitable for use by sshd.
+.TP
+/etc/monkeysphere/authorized_user_ids/USER
+Server maintained authorized_user_ids files for users.
+.TP
+/var/cache/monkeysphere/authorized_keys/USER
+User authorized_keys file.
+
+.SH AUTHOR
+
+Written by Jameson Rollins <jrollins@fifthhorseman.net>
+
+.SH SEE ALSO
+
+.BR monkeysphere (1),
+.BR gpg (1),
+.BR ssh (1)
projects / monkeysphere.git / blobdiff