X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=man%2Fman1%2Fmonkeysphere-ssh-proxycommand.1;h=a31a9d1598b7f671dce9dca6916be9faed6275b9;hb=ed280485f20fc3d092202cd07bc0c9cd9665cd89;hp=41a95aabfa689cb790b73679512309bfa1f6ead2;hpb=a8372a5e6f55e6d830c6aba09a92673b49110a22;p=monkeysphere.git diff --git a/man/man1/monkeysphere-ssh-proxycommand.1 b/man/man1/monkeysphere-ssh-proxycommand.1 index 41a95aa..a31a9d1 100644 --- a/man/man1/monkeysphere-ssh-proxycommand.1 +++ b/man/man1/monkeysphere-ssh-proxycommand.1 @@ -1,25 +1,62 @@ .TH MONKEYSPHERE-SSH-PROXYCOMMAND "1" "June 2008" "monkeysphere 0.1" "User Commands" + .SH NAME + monkeysphere-ssh-proxycommand \- MonkeySphere ssh ProxyCommand script -.PD -.SH SYNOPSIS -.B ssh -o ProxyCommand="monkeysphere-ssh-proxycommand %h %p" ... -.PD + .SH DESCRIPTION -.PP -MonkeySphere is a system to leverage the OpenPGP Web of Trust for ssh -authentication and encryption. OpenPGP keys are tracked via GnuPG, -and added to the ssh authorized_keys and known_hosts files to be used -for authentication and encryption of ssh connection. \fBmonkeysphere-ssh-proxy\fP is an ssh proxy command that can be used to trigger a monkeysphere update of the known_hosts file for the hosts -that are being connected to. -.PD +that are being connected to. It is meant to be run as an ssh +ProxyCommand. This can either be done by specifying the proxy command +on the command line: + +.B ssh -o ProxyCommand="monkeysphere-ssh-proxycommand %h %p" ... + +or by adding the following line to your ~/.ssh/config script: + +.B ProxyCommand monkeysphere-ssh-proxycommand %h %p + +The script can easily be incorporated into other ProxyCommand scripts +by calling it with the "--no-connect" option, i.e.: + +.B monkeysphere-ssh-proxycommand --no-connect "$HOST" "$PORT" + +This will run everything but will not exec netcat to make the tcp +connection to the host. + +.SH KEYSERVER CHECKING + +The proxy command has a fairly nuanced policy for when keyservers are +queried when processing host. If the host userID is not found in +either the user's keyring or in the known_hosts file, then the +keyserver is queried for the host userID. If the host userID is found +in the user's keyring, then the keyserver is not checked. This +assumes that the keyring is kept up-to-date, in a cron job or the +like, so that revocations are properly handled. If the host userID is +not found in the user's keyring, but the host is listed in the +known_hosts file, then the keyserver is not checked. This last policy +might change in the future, possibly by adding a deferred check, so +that hosts that go from non-monkeysphere-enabled to +monkeysphere-enabled will be properly checked. + +.SH ENVIRONMENT VARIABLES + +All environment variables defined in monkeysphere(1) can also be used +for the proxycommand, with one note: + +.TP +MONKEYSPHERE_CHECK_KEYSERVER +Setting this variable (to `true' or `false') will override the policy +defined in KEYSERVER CHECKING above. + .SH AUTHOR + Written by Jameson Rollins -.PD + .SH SEE ALSO -.BR monkeypshere (1), + +.BR monkeysphere (1), .BR ssh (1), .BR gpg (1)