X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=doc%2FREADME;h=cda1194336bfb028e8fabd71f46c3d0104fdc088;hb=5310aa5e9871c7fbde7c1f4abec68ef9c4c89c50;hp=4c70d1d8d31efa84c630bd9e6be3b67af77cec3a;hpb=b6ffd187f988196f6295b23da82dc13c3aff239b;p=monkeysphere.git diff --git a/doc/README b/doc/README index 4c70d1d..cda1194 100644 --- a/doc/README +++ b/doc/README @@ -1,5 +1,56 @@ - Monkeysphere - ------------ +Monkeysphere README +=================== +user usage +---------- +For a user to update their known_hosts file: -This is the README! +$ monkeysphere update-known_hosts + +For a user to update their monkeysphere authorized_keys file: + +$ monkeysphere update-authorized_keys + +server service publication +-------------------------- +To publish a server host key: + +# monkeysphere-server gen-key +# monkeysphere-server publish-key + +This will generate the key for server with the service URI +(ssh://server.hostname). The server admin should now sign the server +key so that people in the admin's web of trust can authenticate the +server without manual host key checking: + +$ gpg --search ='ssh://server.hostname' +$ gpg --sign-key 'ssh://server.hostname' + +server authorized_keys maintenance +---------------------------------- +A system can maintain monkeysphere authorized_keys files for it's +users. + +For each user account on the server, the userids of people authorized +to log into that account would be placed in: + +/etc/monkeysphere/authorized_user_ids/USER + +However, in order for users to become authenticated, the server must +determine that the user keys have "full" validity. This means that +the server must fully trust at least one person whose signature on the +connecting users key would validate the user. This would generally be +the server admin. If the server admin's keyid is XXXXXXXX, then on +the server run: + +# monkeysphere-server trust-keys XXXXXXXX + +To update the monkeysphere authorized_keys file for user "bob", the +system would then run the following: + +# monkeysphere-server update-users bob + +To update the monkeysphere authorized_keys file for all users on the +the system, run the same command with no arguments: + +# monkeysphere-server update-users