\fBMonkeySphere\fP is a system to leverage the OpenPGP Web of Trust
for ssh authentication and encryption. OpenPGP keys are tracked via
GnuPG, and added to the ssh authorized_keys and known_hosts files to
-be used for authentication and encryption of ssh connection.
+be used for authentication of ssh connections.
\fBmonkeysphere-server\fP is the MonkeySphere server admin utility.
.TP
.B update-users [USER]...
Update the admin-controlled authorized_keys files for user. For each
-user specified, update the user's authorized_keys file in
+user specified, user ID's listed in the user's authorized_user_ids
+file are processed, and the user's authorized_keys file in
/var/cache/monkeysphere/authorized_keys/USER. See `man monkeysphere'
for more info. If the USER_CONTROLLED_AUTHORIZED_KEYS variable is
set, then a user-controlled authorized_keys file (usually
Generate a gpg key for the host. `g' may be used in place of
`gen-key'.
.TP
+.B show-fingerprint
+Show the fingerprint for the host's OpenPGP key. `f' may be used in place of
+`show-fingerprint'.
+.TP
.B publish-key
Publish the host's gpg key to the keyserver. `p' may be used in place
-of `publish-key'
+of `publish-key'.
.TP
.B trust-keys KEYID...
Mark key specified with key IDs with full owner trust. `t' may be used
in place of `trust-keys'.
.TP
-.B update-user-userids USER USERID...
-Add/update a user ID to the authorized_user_ids file for USER. `u' may
-be used in place of `update-user-userids'.
-.TP
-.B remove-user-userids USER USERID...
-Remove a user ID from the authorized_user_ids file for USER. `r' may
-be used in place of `remove-user-userids'.
-.TP
.B help
Output a brief usage summary. `h' or `?' may be used in place of
`help'.
+.SH SETUP
+
+In order to start using the monkeysphere, there are a couple of things
+you need to do first. The first is to generate an OpenPGP key for the
+server and convert that key to an ssh key that can be used by ssh for
+host authentication. To do this, run the "gen-key" subcommand. Once
+that is done, publish the key to a keyserver with "publish-key"
+subcommand. Finally, you need to modify the sshd_config to tell sshd
+where the new server host key:
+
+HostKey /etc/monkeysphere/ssh_host_rsa_key
+
+If the server will also handle user authentication through
+monkeysphere-generated authorized_keys files, set the following:
+
+AuthorizedKeysFile /var/cache/monkeysphere/authorized_keys/%u
+
+Once those changes are made, restart the ssh server.
+
.SH FILES
.TP
/etc/monkeysphere/gnupg
Monkeysphere GNUPG home directory.
.TP
+/etc/monkeysphere/ssh_host_rsa_key
+Copy of the host's private key in ssh format, suitable for use by sshd.
+.TP
/etc/monkeysphere/authorized_user_ids/USER
Server maintained authorized_user_ids files for users.
.TP