Do you administer servers, and wish you could re-key them without sowing massive pain and confusion among your users (or worse, encouraging bad security habits among them)? Do you wish you could -identify the users to grant access by name, instead of by opaque -string? Do you wish you could rapidly grant or revoke access to a -user across a group of machines by enabling or disabling -authentication for that user?
+grant access to your users by name, instead of by opaque string? Do +you wish you could rapidly revoke access to a user (or compromised +key) across a group of machines by disabling authentication for that +user?A group of us have been working on a public key infrastructure for
-SSH. Monkeysphere makes use of
-the existing OpenPGP web-of-trust to fetch and cryptographically
+SSH. Monkeysphere makes use
+of the existing OpenPGP web-of-trust to fetch and cryptographically
validate (and revoke!) keys. This works in either directions: both
authorized_keys and known_hosts are
handled. Monkeysphere gives users and admins tools to deal with SSH
@@ -39,14 +39,17 @@ keys by thinking about the people and machines to whom the keys
belong, instead of requiring humans to do tedious (and error-prone)
manual key verification.
We have debian packages
+ We have debian packages
available which should install against lenny, a mailing
list, and open ears for good questions, suggestions and
criticism. If you have a chance to give it a try (as a user
-or as an admin), it would be great to If you have a chance to give it a try (as a
+user or as an
+admin), it would be great to get
feedback.