-The Monkeysphere project's goal is to extend the web of trust model
-and other features of OpenPGP to other areas of the Internet to help
-us securely identify each other while we work online.
+[[!template id="nav"]]
-Specifically, the Monkeysphere is a framework to leverage the OpenPGP
-web of trust for OpenSSH authentication. In other words, it allows
-you to use your OpenPGP keys when using secure shell to both identify
-yourself and the servers you administer or connect to. OpenPGP keys
-are tracked via GnuPG, and managed in the known\_hosts and
-authorized\_keys files used by OpenSSH for connection authentication.
+[[toc ]]
-[[bugs]] | [[download]] | [[news]] | [[documentation|doc]] |
-[[development|dev]]
+The Monkeysphere project's goal is to extend OpenPGP's web of trust to
+new areas of the Internet to help us securely identify each other
+while we work online.
+
+Specifically, monkeysphere currently offers a framework to leverage
+the OpenPGP web of trust for OpenSSH authentication.
+
+In other words, it allows you to use secure shell as you normally do,
+but to identify yourself and the servers you administer or connect to
+with your OpenPGP keys. OpenPGP keys are tracked via GnuPG, and
+monkeysphere manages the `known_hosts` and `authorized_keys` files
+used by OpenSSH for authentication, checking them for cryptographic
+validity.
## Conceptual overview ##
really trying to connect to.
Many users also take advantage of OpenSSH's ability to use RSA or DSA
-keys for authenticating to a server (known as "PubkeyAuthentication"),
-rather than relying on a password exchange. But again, the public
-part of the key needs to be transmitted to the server through a secure
-out-of-band channel (usually via a separate password-based SSH
-connection) in order for this type of authentication to work
+keys for authenticating to a server (known as
+"`PubkeyAuthentication`"), rather than relying on a password exchange.
+But again, the public part of the key needs to be transmitted to the
+server through a secure out-of-band channel (usually via a separate
+password-based SSH connection or a (hopefully signed) e-mail to the
+system administrator) in order for this type of authentication to
+work.
[OpenSSH](http://openssh.com/) currently provides a functional way to
-managing the RSA and DSA keys required for these interactions through
-the known\_hosts and authorized\_keys files. However, it lacks any
+manage the RSA and DSA keys required for these interactions through
+the `known_hosts` and `authorized_keys` files. However, it lacks any
type of [Public Key Infrastructure
(PKI)](http://en.wikipedia.org/wiki/Public_Key_Infrastructure) that
can verify that the keys being used really are the one required or
and server) explicitly designate who they trust to certify the
identity of the other party. These trust designations are explicitly
indicated with traditional GPG keyring trust models. Monkeysphere
-then manages the keys in the known\_hosts and authorized\_keys files
-directly, in such a way that is completely transparent to SSH. No
-modification is made to the SSH protocol on the wire (it continues to
-use raw RSA public keys), and no modification is needed to the OpenSSH
-software.
+then manages the keys in the `known_hosts` and `authorized_keys`
+files directly, in such a way that is completely transparent to SSH.
+No modification is made to the SSH protocol on the wire (it continues
+to use raw RSA public keys), and no modification is needed to the
+OpenSSH software.
To emphasize: *no modifications to SSH are required to use the
Monkeysphere*. OpenSSH can be used as is; completely unpatched and
projects / monkeysphere.git / blobdiff