.TH MONKEYSPHERE-SERVER "1" "June 2008" "monkeysphere 0.1" "User Commands"
+
.SH NAME
+
monkeysphere-server \- monkeysphere server admin user interface
+
.SH SYNOPSIS
+
.B monkeysphere-server \fIcommand\fP [\fIargs\fP]
+
.SH DESCRIPTION
-.PP
-\fBmonkeysphere-server\fP is the server admin monkeysphere tool.
+
+\fBMonkeySphere\fP is a system to leverage the OpenPGP Web of Trust
+for ssh authentication and encryption. OpenPGP keys are tracked via
+GnuPG, and added to the ssh authorized_keys and known_hosts files to
+be used for authentication of ssh connections.
+
+\fBmonkeysphere-server\fP is the MonkeySphere server admin utility.
+
.SH SUBCOMMANDS
+
\fBmonkeysphere-server\fP takes various subcommands:
-.PD
.TP
-.B update-users [HOST]...
+.B update-users [USER]...
+Update the admin-controlled authorized_keys files for user. For each
+user specified, user ID's listed in the user's authorized_user_ids
+file are processed, and the user's authorized_keys file in
+/var/cache/monkeysphere/authorized_keys/USER. See `man monkeysphere'
+for more info. If the USER_CONTROLLED_AUTHORIZED_KEYS variable is
+set, then a user-controlled authorized_keys file (usually
+~USER/.ssh/authorized_keys) is added to the authorized_keys file. `u'
+may be used in place of `update-users.
.TP
.B gen-key
+Generate a gpg key for the host. `g' may be used in place of
+`gen-key'.
.TP
-.B publish-key
+.B show-fingerprint
+Show the fingerprint for the host's OpenPGP key. `f' may be used in place of
+`show-fingerprint'.
.TP
-.B trust-keys KEYID...
+.B publish-key
+Publish the host's gpg key to the keyserver. `p' may be used in place
+of `publish-key'.
.TP
-.B update-user-userids USER USERID...
+.B trust-key KEYID [LEVEL]
+Set owner trust for key. If LEVEL is not specified, then the program
+will prompt for an owner trust level to set for KEYID. This function
+lsigns the key as well so that it will have a known validity. `t' may
+be used in place of `trust-key'.
.TP
.B help
Output a brief usage summary. `h' or `?' may be used in place of
`help'.
-.PD
+
+.SH SETUP
+
+In order to start using the monkeysphere, there are a couple of things
+you need to do first. The first is to generate an OpenPGP key for the
+server and convert that key to an ssh key that can be used by ssh for
+host authentication. To do this, run the "gen-key" subcommand. Once
+that is done, publish the key to a keyserver with "publish-key"
+subcommand. Finally, you need to modify the sshd_config to tell sshd
+where the new server host key:
+
+HostKey /etc/monkeysphere/ssh_host_rsa_key
+
+If the server will also handle user authentication through
+monkeysphere-generated authorized_keys files, set the following:
+
+AuthorizedKeysFile /var/cache/monkeysphere/authorized_keys/%u
+
+Once those changes are made, restart the ssh server.
+
.SH FILES
-.PD 1
+
.TP
/etc/monkeysphere/monkeysphere-server.conf
System monkeysphere-server config file.
/etc/monkeysphere/gnupg
Monkeysphere GNUPG home directory.
.TP
+/etc/monkeysphere/ssh_host_rsa_key
+Copy of the host's private key in ssh format, suitable for use by sshd.
+.TP
/etc/monkeysphere/authorized_user_ids/USER
Server maintained authorized_user_ids files for users.
.TP
-/var/lib/monkeysphere/stage/USER
-Staging directory for user key caches.
-.PD
+/var/cache/monkeysphere/authorized_keys/USER
+User authorized_keys file.
+
.SH AUTHOR
-Written by Jameson Rollins
-.SH "REPORTING BUGS"
-Report bugs to <???@???>.
-.SH COPYRIGHT
-Copyright \(co 2008 Jameson Graef Rollins and Daniel Kahn Gillmor
-.br
-This is free software. You may redistribute copies of it under the
-terms of the GNU General Public License
-<http://www.gnu.org/licenses/gpl.html>. There is NO WARRANTY, to the
-extent permitted by law.
-.SH "SEE ALSO"
+
+Written by Jameson Rollins <jrollins@fifthhorseman.net>
+
+.SH SEE ALSO
+
.BR monkeysphere (1),
.BR gpg (1),
.BR ssh (1)
projects / monkeysphere.git / blobdiff