X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=man%2Fman8%2Fmonkeysphere-host.8;h=c457711e831fc6a562ad626ccd99b36f4b311ea6;hb=bd6ff2c983eb8e0b41f6854ea8349c4239d59bc9;hp=78b6b4a375afdaf680b5ab8b5e9a745e75c32d38;hpb=44dfeaec9209521ca6a65e85c1276bad4bdf5c01;p=monkeysphere.git diff --git a/man/man8/monkeysphere-host.8 b/man/man8/monkeysphere-host.8 index 78b6b4a..c457711 100644 --- a/man/man8/monkeysphere-host.8 +++ b/man/man8/monkeysphere-host.8 @@ -7,8 +7,6 @@ monkeysphere-host \- Monkeysphere host admin tool. .SH SYNOPSIS .B monkeysphere-host \fIsubcommand\fP [\fIargs\fP] -.br -.B monkeysphere-host expert \fIexpert-subcommand\fP [\fIargs\fP] .SH DESCRIPTION @@ -23,15 +21,23 @@ connection authentication. \fBmonkeysphere-host\fP takes various subcommands: .TP +.B import-key FILE NAME[:PORT] +Import a pem-encoded ssh secret host key from file FILE. If FILE +is '-', then the key will be imported from stdin. NAME[:PORT] is used +to specify the fully-qualified hostname (and port) used in the user ID +of the new OpenPGP key. If PORT is not specified, the no port is +added to the user ID, which means port 22 is assumed. `i' may be used +in place of `import-key'. +.TP .B show-key Output information about host's OpenPGP and SSH keys. `s' may be used in place of `show-key'. .TP -.B extend-key EXPIRE +.B extend-key [EXPIRE] Extend the validity of the OpenPGP key for the host until EXPIRE from the present. If EXPIRE is not specified, then the user will be -prompted for the extension term. Expiration is specified like GnuPG -does: +prompted for the extension term. Expiration is specified as with +GnuPG: .nf 0 = key does not expire = key expires in n days @@ -49,13 +55,21 @@ place of `add-hostname'. Revoke a hostname user ID from the server host key. `n-' may be used in place of `revoke-hostname'. .TP -.B add-revoker FINGERPRINT -Add a revoker to the host's OpenPGP key. `o' may be be used in place +.B add-revoker KEYID|FILE +Add a revoker to the host's OpenPGP key. The key ID will be loaded +from the keyserver. A file may be loaded instead of pulling the key +from the keyserver by specifying the path to the file as the argument, +or by specifying `-` to load from stdin. `r+' may be be used in place of `add-revoker'. .TP .B revoke-key -Revoke the host's OpenPGP key. `r' may be used in place of -`revoke-key'. +Generate (with the option to publish) a revocation certificate for the +host's OpenPGP key. If such a certificate is published, your host key +will be permanently revoked. This subcommand will ask you a series of +questions, and then generate a key revocation certificate, sending it +to stdout. If you explicitly tell it to publish the revocation +certificate immediately, it will send it to the public keyservers. +USE WITH CAUTION! .TP .B publish-key Publish the host's OpenPGP key to the keyserver. `p' may be used in @@ -68,26 +82,8 @@ Output a brief usage summary. `h' or `?' may be used in place of .B version show version number -.SH "EXPERT" SUBCOMMANDS -Some commands are very unlikely to be needed by most administrators. -These commands must prefaced by the word `expert'. -.TP -.B gen-key [HOSTNAME] -Generate a OpenPGP key for the host. If HOSTNAME is not specified, -then the system fully-qualified domain name will be user. An -alternate key bit length can be specified with the `-l' or `--length' -option (default 2048). An expiration length can be specified with the -`-e' or `--expire' option (prompt otherwise). The expiration format -is the same as that of \fBextend-key\fP, below. `g' may be used in -place of `gen-key'. -.TP -.B import-key -FIXME: - import-key (i) import existing ssh key to gpg - --hostname (-h) NAME[:PORT] hostname for key user ID - --keyfile (-f) FILE key file to import - --expire (-e) EXPIRE date to expire +Other commands: .TP .B diagnostics Review the state of the monkeysphere server host key and report on @@ -104,11 +100,6 @@ publish the host key to the keyservers, run the following command: $ monkeysphere-host publish-key -You must also modify the sshd_config on the server to tell sshd where -the new server host key is located: - -HostKey /var/lib/monkeysphere/host/ssh_host_rsa_key - In order for users logging into the system to be able to identify the host via the monkeysphere, at least one person (e.g. a server admin) will need to sign the host's key. This is done using standard OpenPGP @@ -128,6 +119,10 @@ increasing order of verbosity. .TP MONKEYSPHERE_KEYSERVER OpenPGP keyserver to use (pool.sks-keyservers.net). +.TP +MONKEYSPHERE_PROMPT +If set to `false', never prompt the user for confirmation. (true) + .SH FILES