/var/cache/monkeysphere/authorized_keys/USER. See `man monkeysphere'
for more info. If the USER_CONTROLLED_AUTHORIZED_KEYS variable is
set, then a user-controlled authorized_keys file (usually
-~USER/.ssh/authorized_keys) is added to the authorized_keys file. `k'
-may be used in place of `update-known_hosts'.
+~USER/.ssh/authorized_keys) is added to the authorized_keys file. `u'
+may be used in place of `update-users.
.TP
.B gen-key
Generate a gpg key for the host. `g' may be used in place of
Publish the host's gpg key to the keyserver. `p' may be used in place
of `publish-key'.
.TP
-.B trust-keys KEYID...
-Mark key specified with key IDs with full owner trust. `t' may be used
-in place of `trust-keys'.
+.B trust-key KEYID [LEVEL]
+Set owner trust for key. If LEVEL is not specified, then the program
+will prompt for an owner trust level to set for KEYID. This function
+lsigns the key as well so that it will have a known validity. `t' may
+be used in place of `trust-key'.
.TP
.B help
Output a brief usage summary. `h' or `?' may be used in place of
`help'.
+.SH SETUP
+
+In order to start using the monkeysphere, there are a couple of things
+you need to do first. The first is to generate an OpenPGP key for the
+server and convert that key to an ssh key that can be used by ssh for
+host authentication. To do this, run the "gen-key" subcommand. Once
+that is done, publish the key to a keyserver with "publish-key"
+subcommand. Finally, you need to modify the sshd_config to tell sshd
+where the new server host key:
+
+HostKey /etc/monkeysphere/ssh_host_rsa_key
+
+If the server will also handle user authentication through
+monkeysphere-generated authorized_keys files, set the following:
+
+AuthorizedKeysFile /var/cache/monkeysphere/authorized_keys/%u
+
+Once those changes are made, restart the ssh server.
+
.SH FILES
.TP
/etc/monkeysphere/gnupg
Monkeysphere GNUPG home directory.
.TP
+/etc/monkeysphere/ssh_host_rsa_key
+Copy of the host's private key in ssh format, suitable for use by sshd.
+.TP
/etc/monkeysphere/authorized_user_ids/USER
Server maintained authorized_user_ids files for users.
.TP