-.TH MONKEYSPHERE-SERVER "1" "June 2008" "monkeysphere 0.1" "User Commands"
+.TH MONKEYSPHERE-SERVER "8" "June 2008" "monkeysphere" "User Commands"
.SH NAME
.SH SYNOPSIS
-.B monkeysphere-server \fIcommand\fP [\fIargs\fP]
+.B monkeysphere-server \fIsubcommand\fP [\fIargs\fP]
.SH DESCRIPTION
-\fBMonkeySphere\fP is a system to leverage the OpenPGP Web of Trust
+\fBMonkeySphere\fP is a framework to leverage the OpenPGP Web of Trust
for ssh authentication. OpenPGP keys are tracked via GnuPG, and added
-to the ssh authorized_keys and known_hosts files to be used for
-authentication of ssh connections.
+to the authorized_keys and known_hosts files used by ssh for
+connection authentication.
\fBmonkeysphere-server\fP is the MonkeySphere server admin utility.
\fBmonkeysphere-server\fP takes various subcommands:
.TP
-.B update-users [USER]...
-Update admin-controlled authorized_keys files at
-/var/cache/monkeysphere/authorized_keys/USER. For each specified
-user, the user ID's listed in the user's authorized_user_ids file are
-processed. For each user ID, gpg will be queried for keys associated
-with that user ID, querying a keyserver if specified. If a key is
-found, it will be converted to an ssh key, and any matching ssh keys
-will be removed from the user's authorized_keys file. If the found
-key is acceptable (see KEY ACCEPTABILITY), then the key will be
-updated and re-added to the authorized_keys file. If no gpg key is
-found for the user ID, then nothing is done. If the
-RAW_AUTHORIZED_KEYS variable is set, then a user-controlled
-authorized_keys file (usually ~USER/.ssh/authorized_keys) is added to
-the authorized_keys file. If no users are specified, then all users
-listed in /etc/passwd are processed. `u' may be used in place of
-`update-users.
-.TP
-.B gen-key
-Generate a OpenPGP key pair for the host. `g' may be used in place of
-`gen-key'.
+.B update-users [ACCOUNT]...
+Rebuild the monkeysphere-controlled authorized_keys files. For each
+specified account, the user ID's listed in the account's
+authorized_user_ids file are processed. For each user ID, gpg will be
+queried for keys associated with that user ID, optionally querying a
+keyserver. If an acceptable key is found (see KEY ACCEPTABILITY in
+monkeysphere(5)), the key is added to the account's
+monkeysphere-controlled authorized_keys file. If the
+RAW_AUTHORIZED_KEYS variable is set, then a separate authorized_keys
+file (usually ~USER/.ssh/authorized_keys) is appended to the
+monkeysphere-controlled authorized_keys file. If no accounts are
+specified, then all accounts on the system are processed. `u' may be
+used in place of `update-users'.
+.TP
+.B gen-key [HOSTNAME]
+Generate a OpenPGP key pair for the host. If HOSTNAME is not
+specified, then the system fully-qualified domain name will be user.
+An alternate key bit length can be specified with the `-l' or
+`--length' option (default 2048). An expiration length can be
+specified with the `-e' or `--expire' option (prompt otherwise). A
+key revoker fingerprint can be specified with the `-r' or `--revoker'
+option. `g' may be used in place of `gen-key'.
.TP
.B show-fingerprint
Show the fingerprint for the host's OpenPGP key. `f' may be used in place of
Publish the host's OpenPGP key to the keyserver. `p' may be used in
place of `publish-key'.
.TP
-.B add-certifier KEYID
-Add a certifier key to host keyring. The key with specified key ID
-will be retrieved from the keyserver and imported to the host keyring.
-It will then be given a non-exportable trust signature, with default
-depth of 1, so that the key may certifier users to log into the
-system. `a' may be used in place of `add-certifier'.
-.TP
-.B remove-certifier KEYID
-Remove a certifier key from the host keyring. The key with specified
-key ID will be removed entirely from the host keyring so that the key
-will not longer be able to certify users on the system. `r' may be
-used in place of `remove-certifier'.
-.TP
-.B list-certifiers
-List certifier keys. `l' may be used in place of `list-certifiers'.
+.B add-identity-certifier KEYID
+Instruct system to trust user identity certifications made by KEYID.
+A certifier domain can be specified with the `-n' or `--domain'
+option. A certifier trust level can be specified with the `-t' or
+`--trust' option (possible values are `1' for `marginal' and `2' for
+`full' (default is `2')). A certifier trust depth can be specified
+with the `-d' or `--depth' option (default is 1). `a' may be used in
+place of `add-identity-certifier'.
+.TP
+.B remove-identity-certifier KEYID
+Instruct system to ignore user identity certifications made by KEYID.
+`r' may be used in place of `remove-identity-certifier'.
+.TP
+.B list-identity-certifiers
+List key IDs trusted by the system to certify user identities. `l'
+may be used in place of `list-identity-certifiers'.
+.TP
+.B gpg-authentication-cmd
+Execute a gpg command on the gnupg-authentication keyring as the
+monkeysphere user. This takes a single command (multiple gpg
+arguments need to be quoted). Use this command with caution, as
+modifying the gnupg-authentication keyring can affect ssh user
+authentication.
.TP
.B help
Output a brief usage summary. `h' or `?' may be used in place of
HostKey /var/lib/monkeysphere/ssh_host_rsa_key
In order for users logging into the system to be able to verify the
-host via the monkeysphere, at least one person (ie. a server admin)
+host via the monkeysphere, at least one person (i.e. a server admin)
will need to sign the host's key. This is done in the same way that
key signing is usually done, by pulling the host's key from the
keyserver, signing the key, and re-publishing the signature. Once
It is recommended to add "monkeysphere-server update-users" to a
system crontab, so that user keys are kept up-to-date, and key
-revokations and expirations can be processed in a timely manor.
+revocations and expirations can be processed in a timely manor.
-.SH KEY ACCEPTABILITY
+.SH ENVIRONMENT
-GPG keys are considered acceptable if the following criteria are met:
+The following environment variables will override those specified in
+the monkeysphere-server.conf configuration file (defaults in
+parentheses):
+.TP
+MONKEYSPHERE_KEYSERVER
+OpenPGP keyserver to use (subkeys.pgp.net).
+.TP
+MONKEYSPHERE_AUTHORIZED_USER_IDS
+Path to user authorized_user_ids file
+(%h/.config/monkeysphere/authorized_user_ids).
.TP
-.B capability
-The key must have the "authentication" ("a") usage flag set.
+MONKEYSPHERE_RAW_AUTHORIZED_KEYS
+Path to user-controlled authorized_keys file. `-' means not to add
+user-controlled file (%h/.ssh/authorized_keys).
.TP
-.B validity
-The key must be "fully" valid (ie. signed by a trusted certifier), and
-must not be expired or revoked.
+MONKEYSPHERE_MONKEYSPHERE_USER
+User to control authentication keychain (monkeysphere).
.SH FILES
.SH AUTHOR
-Written by Jameson Rollins <jrollins@fifthhorseman.net>
+Written by Jameson Rollins <jrollins@fifthhorseman.net>, Daniel Kahn
+Gillmor <dkg@fifthhorseman.net>
.SH SEE ALSO
.BR monkeysphere (1),
+.BR monkeysphere (5),
.BR gpg (1),
.BR ssh (1)
projects / monkeysphere.git / blobdiff