-.TH MONKEYSPHERE-SERVER "1" "June 2008" "monkeysphere" "User Commands"
+.TH MONKEYSPHERE-SERVER "8" "June 2008" "monkeysphere" "User Commands"
.SH NAME
.B gen-key [HOSTNAME]
Generate a OpenPGP key pair for the host. If HOSTNAME is not
specified, then the system fully-qualified domain name will be user.
-`g' may be used in place of `gen-key'.
+An alternate key bit length can be specified with the `-l' or
+`--length' option (default 2048). An expiration length can be
+specified with the `-e' or `--expire' option (prompt otherwise). A
+key revoker fingerprint can be specified with the `-r' or `--revoker'
+option. `g' may be used in place of `gen-key'.
.TP
.B show-fingerprint
Show the fingerprint for the host's OpenPGP key. `f' may be used in place of
.TP
.B add-identity-certifier KEYID
Instruct system to trust user identity certifications made by KEYID.
-`a' may be used in place of `add-identity-certifier'.
+Using the `-n' or `--domain' option allows you to indicate that you
+only trust the given KEYID to make identifications within a specific
+domain (e.g. "trust KEYID to certify user identities within the
+@example.org domain"). A certifier trust level can be specified with
+the `-t' or `--trust' option (possible values are `marginal' and
+`full' (default is `full')). A certifier trust depth can be specified
+with the `-d' or `--depth' option (default is 1). `a' may be used in
+place of `add-identity-certifier'.
.TP
.B remove-identity-certifier KEYID
Instruct system to ignore user identity certifications made by KEYID.
List key IDs trusted by the system to certify user identities. `l'
may be used in place of `list-identity-certifiers'.
.TP
+.B gpg-authentication-cmd
+Execute a gpg command on the gnupg-authentication keyring as the
+monkeysphere user. This takes a single command (multiple gpg
+arguments need to be quoted). Use this command with caution, as
+modifying the gnupg-authentication keyring can affect ssh user
+authentication.
+.TP
.B help
Output a brief usage summary. `h' or `?' may be used in place of
`help'.
HostKey /var/lib/monkeysphere/ssh_host_rsa_key
In order for users logging into the system to be able to verify the
-host via the monkeysphere, at least one person (ie. a server admin)
+host via the monkeysphere, at least one person (i.e. a server admin)
will need to sign the host's key. This is done in the same way that
key signing is usually done, by pulling the host's key from the
keyserver, signing the key, and re-publishing the signature. Once
It is recommended to add "monkeysphere-server update-users" to a
system crontab, so that user keys are kept up-to-date, and key
-revokations and expirations can be processed in a timely manor.
+revocations and expirations can be processed in a timely manor.
+
+.SH ENVIRONMENT
+
+The following environment variables will override those specified in
+the monkeysphere-server.conf configuration file (defaults in
+parentheses):
+.TP
+MONKEYSPHERE_KEYSERVER
+OpenPGP keyserver to use (subkeys.pgp.net).
+.TP
+MONKEYSPHERE_AUTHORIZED_USER_IDS
+Path to user authorized_user_ids file
+(%h/.config/monkeysphere/authorized_user_ids).
+.TP
+MONKEYSPHERE_RAW_AUTHORIZED_KEYS
+Path to user-controlled authorized_keys file. `-' means not to add
+user-controlled file (%h/.ssh/authorized_keys).
+.TP
+MONKEYSPHERE_MONKEYSPHERE_USER
+User to control authentication keychain (monkeysphere).
.SH FILES
projects / monkeysphere.git / blobdiff