X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=doc%2FREADME;h=f6ea1dd14139494d67e8d598f2da8914ea13be00;hb=8c73c7a8cc462b1481baec29ddd053339dfd61d2;hp=2fc2d5fc77ac7f8f33c7d69b6ab4c1f9cec3f216;hpb=ec967faab6f191a33e4a804fc6c913d07d2cf15e;p=monkeysphere.git diff --git a/doc/README b/doc/README deleted file mode 100644 index 2fc2d5f..0000000 --- a/doc/README +++ /dev/null @@ -1,91 +0,0 @@ -Monkeysphere User README -======================== - -As a regular user on a system where the monkeysphere package is -installed, you probably want to do a few things: - -Keeping your keyring up-to-date -------------------------------- - -Regularly refresh your GnuPG keyring from the keyservers. This can be -done with a simple cronjob. An example of crontab line to do this is: - -0 12 * * * /usr/bin/gpg --refresh-keys > /dev/null 2>&1 - -This would refresh your keychain every day at noon. - - -Keeping your known_hosts file in sync with your keyring -------------------------------------------------------- - -With your keyring updated, you want to make sure that openssh can -still see the most recent trusted information about who the various -hosts are. This can be done with the monkeysphere-ssh-proxycommand -(see next section) or with the update-known_hosts command: - -$ monkeysphere update-known_hosts - -This will command will check to see if there is an openpgp key for -each (non-hashed) host listed in the known_hosts file, and then add -the key for that host to the known_hosts file if one is found. This -command could be added to a crontab as well, if desired. - - -Using monkeysphere-ssh-proxycommand(1) --------------------------------------- - -The best way to handle host keys is to use the monkeysphere ssh proxy -command. This command will make sure the known_hosts file is -up-to-date for the host you are connecting to with ssh. The best way -to integrate this is to add the following line to the "Host *" section -of your ~/.ssh/config file: - -ProxyCommand monkeysphere-ssh-proxycommand %h %p - - -Setting up an OpenPGP authentication key ----------------------------------------- - -First things first: you'll need to create a new subkey for your -current key, if you don't already have one. If your OpenPGP key is -keyid $GPGID, you can set up such a subkey relatively easily with: - -$ monkeysphere gen-subkey $GPGID - - -Using your OpenPGP authentication key for SSH ---------------------------------------------- - -FIXME: Sending the key to the ssh-agent? - -FIXME: using the key with a single session? - -NOTE: the current version of openpgp2ssh does *not* deal well with -encrypted keys (as of 2008-07-26) - - -Miscellaneous -------------- - -Users can also maintain their own authorized_keys files, for users -that would be logging into their accounts. This is primarily useful -for accounts on hosts that are not already systematically using the -monkeysphere for user authentication. If you're not sure whether this -is the case for your host, ask your system administrator. - -If you want to do this as a regular user, use the -update-authorized_keys command: - -$ monkeysphere update-authorized_keys - -This command will take all the user IDs listed in the -~/.config/monkeysphere/authorized_user_ids file and check to see if -there are acceptable keys for those user IDs available. If so, they -will be added to the ~/.ssh/authorized_keys file. - -You must have indicated reasonable ownertrust in some key for this -account, or no keys will be found with trusted certification paths. - -If you find this useful, you might want to place a job like this in -your crontab so that revocations and rekeyings can take place -automatically. diff --git a/doc/README b/doc/README new file mode 120000 index 0000000..f6ea1dd --- /dev/null +++ b/doc/README @@ -0,0 +1 @@ +../website/getting-started-user.mdwn \ No newline at end of file