X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=man%2Fman1%2Fmonkeysphere.1;h=25421cef9fcf7580c1826c1315091e7b1ad9aefa;hb=072e05ac7a9872edc3a3e18e103bbba2706254bf;hp=2d97670e08b3107fe6d677eac9a2b5ffea4fa800;hpb=3d0033e5b511bb54df9e0120e55a6b551e844003;p=monkeysphere.git diff --git a/man/man1/monkeysphere.1 b/man/man1/monkeysphere.1 index 2d97670..25421ce 100644 --- a/man/man1/monkeysphere.1 +++ b/man/man1/monkeysphere.1 @@ -11,9 +11,11 @@ monkeysphere - Monkeysphere client user interface .SH DESCRIPTION \fBMonkeysphere\fP is a framework to leverage the OpenPGP web of trust -for OpenSSH authentication. OpenPGP keys are tracked via GnuPG, and -added to the authorized_keys and known_hosts files used by OpenSSH for -connection authentication. +for OpenSSH and TLS key-based authentication. OpenPGP keys are +tracked via GnuPG, and added to the authorized_keys and known_hosts +files used by OpenSSH for connection authentication. Monkeysphere can +also be used by a validation agent to validate TLS connections +(e.g. https). \fBmonkeysphere\fP is the Monkeysphere client utility. @@ -42,8 +44,8 @@ were found but none were acceptable. `k' may be used in place of .B update\-authorized_keys Update the authorized_keys file for the user executing the command (see MONKEYSPHERE_AUTHORIZED_KEYS in ENVIRONMENT, below). First all -monkeysphere keys are cleared from the authorized_keys file. Then, or -each user ID in the user's authorized_user_ids file, gpg will be +monkeysphere keys are cleared from the authorized_keys file. Then, +for each user ID in the user's authorized_user_ids file, gpg will be queried for keys associated with that user ID, optionally querying a keyserver. If an acceptable key is found (see KEY ACCEPTABILITY in .BR monkeysphere (7)), @@ -126,6 +128,17 @@ specify the full fingerprints of specific keys to add to the agent (space separated), instead of adding them all. `s' may be used in place of `subkey\-to\-ssh\-agent'. .TP +.B keys\-for\-userid USERID +Output to stdout all acceptable keys for a given user ID. +`u' may be used in place of `keys\-for\-userid'. +.TP +.B sshfprs\-for\-userid USERID +Output the ssh fingerprints of acceptable keys for a given user ID. +.TP +.B version +Show the monkeysphere version number. `v' may be used in place of +`version'. +.TP .B help Output a brief usage summary. `h' or `?' may be used in place of `help'. @@ -160,6 +173,11 @@ Path to ssh authorized_keys file. (~/.ssh/authorized_keys) MONKEYSPHERE_PROMPT If set to `false', never prompt the user for confirmation. (true) .TP +MONKEYSPHERE_STRICT_MODES +If set to `false', ignore too-loose permissions on known_hosts, +authorized_keys, and authorized_user_ids files. NOTE: setting this to +false may expose you to abuse by other users on the system. (true) +.TP MONKEYSPHERE_SUBKEYS_FOR_AGENT A space-separated list of authentication-capable subkeys to add to the ssh agent with subkey-to-ssh-agent. @@ -174,13 +192,15 @@ User monkeysphere config file. System-wide monkeysphere config file. .TP ~/.monkeysphere/authorized_user_ids -OpenPGP user IDs associated with keys that will be checked for -addition to the authorized_keys file. +A list of OpenPGP user IDs, one per line. OpenPGP keys with an +exactly-matching User ID (calculated valid by the designated identity +certifiers), will have any valid authorization-capable keys or subkeys +added to the given user's authorized_keys file. .SH AUTHOR Written by: -Jameson Rollins , +Jameson Rollins , Daniel Kahn Gillmor .SH SEE ALSO