X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=man%2Fman1%2Fmonkeysphere.1;h=6abd36c6caafcfb679428e9ba7ab920395360b2f;hb=71d180394c3357d2a99e9f1fc6a2fa7514552da9;hp=6972583416f5682b8ff7629c7ea4c3264d7a1f1f;hpb=04d3ff158b70e20bc4dc42678aa836498e670cce;p=monkeysphere.git diff --git a/man/man1/monkeysphere.1 b/man/man1/monkeysphere.1 index 6972583..6abd36c 100644 --- a/man/man1/monkeysphere.1 +++ b/man/man1/monkeysphere.1 @@ -11,9 +11,11 @@ monkeysphere - Monkeysphere client user interface .SH DESCRIPTION \fBMonkeysphere\fP is a framework to leverage the OpenPGP web of trust -for OpenSSH authentication. OpenPGP keys are tracked via GnuPG, and -added to the authorized_keys and known_hosts files used by OpenSSH for -connection authentication. +for OpenSSH and TLS key-based authentication. OpenPGP keys are +tracked via GnuPG, and added to the authorized_keys and known_hosts +files used by OpenSSH for connection authentication. Monkeysphere can +also be used by a validation agent to validate TLS connections +(e.g. https). \fBmonkeysphere\fP is the Monkeysphere client utility. @@ -42,8 +44,8 @@ were found but none were acceptable. `k' may be used in place of .B update\-authorized_keys Update the authorized_keys file for the user executing the command (see MONKEYSPHERE_AUTHORIZED_KEYS in ENVIRONMENT, below). First all -monkeysphere keys are cleared from the authorized_keys file. Then, or -each user ID in the user's authorized_user_ids file, gpg will be +monkeysphere keys are cleared from the authorized_keys file. Then, +for each user ID in the user's authorized_user_ids file, gpg will be queried for keys associated with that user ID, optionally querying a keyserver. If an acceptable key is found (see KEY ACCEPTABILITY in .BR monkeysphere (7)), @@ -65,7 +67,7 @@ will be used. The length of the generated key can be specified with the `\-\-length' or `\-l' option. `g' may be used in place of `gen\-subkey'. .TP -.B ssh\-proxycommand +.B ssh\-proxycommand [--no-connect] HOST [PORT] An ssh ProxyCommand that can be used to trigger a monkeysphere update of the ssh known_hosts file for a host that is being connected to with ssh. This works by updating the known_hosts file for the host first, @@ -121,7 +123,22 @@ to .BR ssh\-add (1). For example, to remove the authentication subkeys, pass an additional `\-d' argument. To require confirmation on each use of the key, pass -`\-c'. `s' may be used in place of `subkey\-to\-ssh\-agent'. +`\-c'. The MONKEYSPHERE_SUBKEYS_FOR_AGENT environment can be used to +specify the full fingerprints of specific keys to add to the agent +(space separated), instead of adding them all. `s' may be used in +place of `subkey\-to\-ssh\-agent'. +.TP +.B sshfpr KEYID +Output the ssh fingerprint of a key in your gpg keyring. `f' may be +used in place of `fingerprint'. +.TP +.B keys\-for\-userid USERID +Output to stdout all acceptable keys for a given user ID literal. +`u' may be used in place of `keys\-for\-userid'. +.TP +.B version +Show the monkeysphere version number. `v' may be used in place of +`version'. .TP .B help Output a brief usage summary. `h' or `?' may be used in place of @@ -156,6 +173,15 @@ Path to ssh authorized_keys file. (~/.ssh/authorized_keys) .TP MONKEYSPHERE_PROMPT If set to `false', never prompt the user for confirmation. (true) +.TP +MONKEYSPHERE_STRICT_MODES +If set to `false', ignore too-loose permissions on known_hosts, +authorized_keys, and authorized_user_ids files. NOTE: setting this to +false may expose you to abuse by other users on the system. (true) +.TP +MONKEYSPHERE_SUBKEYS_FOR_AGENT +A space-separated list of authentication-capable subkeys to add to the +ssh agent with subkey-to-ssh-agent. .SH FILES @@ -167,8 +193,10 @@ User monkeysphere config file. System-wide monkeysphere config file. .TP ~/.monkeysphere/authorized_user_ids -OpenPGP user IDs associated with keys that will be checked for -addition to the authorized_keys file. +A list of OpenPGP user IDs, one per line. OpenPGP keys with an +exactly-matching User ID (calculated valid by the designated identity +certifiers), will have any valid authorization-capable keys or subkeys +added to the given user's authorized_keys file. .SH AUTHOR