.SH NAME
-monkeysphere-server \- monkeysphere server admin user interface
+monkeysphere-server \- Monkeysphere server admin user interface
.SH SYNOPSIS
.SH DESCRIPTION
-\fBMonkeySphere\fP is a framework to leverage the OpenPGP Web of Trust
-for ssh authentication. OpenPGP keys are tracked via GnuPG, and added
-to the authorized_keys and known_hosts files used by ssh for
+\fBMonkeysphere\fP is a framework to leverage the OpenPGP web of trust
+for OpenSSH authentication. OpenPGP keys are tracked via GnuPG, and
+added to the authorized_keys and known_hosts files used by OpenSSH for
connection authentication.
-\fBmonkeysphere-server\fP is the MonkeySphere server admin utility.
+\fBmonkeysphere-server\fP is the Monkeysphere server admin utility.
.SH SUBCOMMANDS
key revoker fingerprint can be specified with the `-r' or `--revoker'
option. `g' may be used in place of `gen-key'.
.TP
-.B show-fingerprint
-Show the fingerprint for the host's OpenPGP key. `f' may be used in place of
-`show-fingerprint'.
+.B add-hostname HOSTNAME
+Add a hostname user ID to the server host key. `n+' may be used in
+place of `add-hostname'.
+.TP
+.B revoke-hostname HOSTNAME
+Revoke a hostname user ID from the server host key. `n-' may be used
+in place of `revoke-hostname'.
+.TP
+.B show-key
+Output gpg information about host's OpenPGP key. `s' may be used in
+place of `show-key'.
+.TP
+.B fingerprint
+Output just the fingerprint for the host's OpenPGP key. `f' may be
+used in place of `fingerprint'.
.TP
.B publish-key
Publish the host's OpenPGP key to the keyserver. `p' may be used in
place of `publish-key'.
.TP
+.B diagnostics
+Review the state of the server with respect to the MonkeySphere in
+general and report on suggested changes. Among other checks, this
+includes making sure there is a valid host key, that the key is
+published, that the sshd configuration points to the right place, and
+that there are at least some valid identity certifiers. `d' may be
+used in place of `diagnostics'.
+.TP
.B add-identity-certifier KEYID
Instruct system to trust user identity certifications made by KEYID.
-A certifier domain can be specified with the `-n' or `--domain'
-option. A certifier trust level can be specified with the `-t' or
-`--trust' option (possible values are `1' for `marginal' and `2' for
-`full' (default is `2')). A certifier trust depth can be specified
-with the `-d' or `--depth' option (default is 1). `a' may be used in
+Using the `-n' or `--domain' option allows you to indicate that you
+only trust the given KEYID to make identifications within a specific
+domain (e.g. "trust KEYID to certify user identities within the
+@example.org domain"). A certifier trust level can be specified with
+the `-t' or `--trust' option (possible values are `marginal' and
+`full' (default is `full')). A certifier trust depth can be specified
+with the `-d' or `--depth' option (default is 1). `c+' may be used in
place of `add-identity-certifier'.
.TP
.B remove-identity-certifier KEYID
Instruct system to ignore user identity certifications made by KEYID.
-`r' may be used in place of `remove-identity-certifier'.
+`c-' may be used in place of `remove-identity-certifier'.
.TP
.B list-identity-certifiers
-List key IDs trusted by the system to certify user identities. `l'
+List key IDs trusted by the system to certify user identities. `c'
may be used in place of `list-identity-certifiers'.
.TP
.B gpg-authentication-cmd