X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=man%2Fman1%2Fmonkeysphere.1;h=636adcb455ef6a92df9870ed5e5829f916ab1258;hb=a8372a5e6f55e6d830c6aba09a92673b49110a22;hp=4c3d4837cfe3fc2a4599b909e8e57e206f96f6b8;hpb=48cd196efb86f8661fbf77552ef6c26b11fe20c6;p=monkeysphere.git diff --git a/man/man1/monkeysphere.1 b/man/man1/monkeysphere.1 index 4c3d483..636adcb 100644 --- a/man/man1/monkeysphere.1 +++ b/man/man1/monkeysphere.1 @@ -1,6 +1,111 @@ .TH MONKEYSPHERE "1" "June 2008" "monkeysphere 0.1" "User Commands" .SH NAME -monkeysphere \- monkeysphere client user interface +monkeysphere \- MonkeySphere client user interface +.PD .SH SYNOPSIS .B monkeysphere \fIcommand\fP [\fIargs\fP] +.PD .SH DESCRIPTION +.PP +MonkeySphere is a system to leverage the OpenPGP Web of Trust for ssh +authentication and encryption. OpenPGP keys are tracked via GnuPG, +and added to the ssh authorized_keys and known_hosts files to be used +for authentication and encryption of ssh connection. + +\fBmonkeysphere\fP is the MonkeySphere client utility. +.PD +.SH SUBCOMMANDS +\fBmonkeysphere\fP takes various subcommands: +.TP +.B update-known_hosts [HOST]... +Update the known_hosts file. For each specified host, gpg will be +queried for a key associated with the host URI (see HOST URIs), +querying a keyserver if none is found in the user's keychain. search +for a gpg key for the host in the Web of Trust. If a key is found, it +will be added to the host_keys cache (see KEY CACHES) and any ssh keys +for the host will be removed from the user's known_hosts file. If the +found key is acceptable (see KEY ACCEPTABILITY), then the host's gpg +key will be added to the known_hosts file. If no gpg key is found for +the host, then nothing is done. If no hosts are specified, all hosts +listed in the known_hosts file will be processed. `k' may be used in +place of `update-known_hosts'. +.TP +.B update-userids [USERID]... +Add/update a userid in the authorized_user_ids file. The user IDs +specified should be exact matches to OpenPGP user IDs. For each +specified user ID, gpg will be queried for a key associated with that +user ID, querying a keyserver if none is found in the user's keychain. +If a key is found, it will be added to the user_keys cache (see KEY +CACHES) and the user ID will be added to the user's +authorized_user_ids file (if it wasn't already present). +.TP +.B update-authorized_keys +Update the monkeysphere authorized_keys file. The monkeysphere +authorized_keys file will be regenerated from the valid keys in the +user_key cache, and the user's independently controlled +authorized_keys file (usually ~/.ssh/authorized_keys). +.TP +.B gen-ae-subkey KEYID +Generate an `ae` capable subkey. For the primary key with the +specified key ID, generate a subkey with "authentication" and +"encryption" capability that can be used for MonkeySphere +transactions. +.TP +.B help +Output a brief usage summary. `h' or `?' may be used in place of +`help'. +.PD +.SH KEY ACCEPTABILITY +GPG keys are considered acceptable if the following criteria are met: +.PD +.TP +.B capability +The key must have both the "authentication" and "encrypt" capability +flags. +.TP +.B validity +The key must be "fully" valid, and must not be expired or revoked. +.PD +.SH KEY CACHES +Monkeysphere keeps track of keys in key cache directories. The files +in the cache are named with the format "USERID_HASH.PUB_KEY_ID", where +USERID_HASH is a hash of the exact OpenPGP user ID, and PUB_KEY_ID is +the key ID of the primary key. If the user/key ID combo exists in the +Web of Trust but is not acceptable, then the file is empty. If the +primary key has at least one acceptable sub key, then an ssh-style +key, converted from the OpenPGP key, of all acceptable subkeys will be +stored in the cache file, one per line. known_hosts style key lines +will be stored in the host_keys cache files, and authorized_keys style +key lines will be stored in the user_keys cache files. OpenPGP keys +are converted to ssh-style keys with the openpgp2ssh utility (see `man +openpgp2ssh'). +.PD +.SH FILES +.PD 1 +.TP +~/.config/monkeysphere/monkeysphere.conf +User monkeysphere config file. +.TP +/etc/monkeysphere/monkeysphere.conf +System-wide monkeysphere config file. +.TP +~/.config/monkeysphere/authorized_user_ids +GPG user IDs associated with keys that will be checked for addition to +the authorized_keys file. +.TP +~/.config/monkeysphere/authorized_keys +Monkeysphere generated authorized_keys file. +.TP +~/.config/monkeysphere/user_keys +User keys cache directory. +.TP +~/.config/monkeysphere/host_keys +Host keys cache directory. +.PD +.SH AUTHOR +Written by Jameson Rollins +.PD +.SH SEE ALSO +.BR ssh (1), +.BR gpg (1), +.BR monkeysphere-server (8)