X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=man%2Fman8%2Fmonkeysphere-server.8;h=2b5af5ec574f936bdcc4359808f227c7c1ccb6cb;hb=3cea2ab969f54fc33ed238c5b326fb3868392a15;hp=302bffb3a3cedbcb2f706de29eda30ba4adeb9fd;hpb=48cd196efb86f8661fbf77552ef6c26b11fe20c6;p=monkeysphere.git diff --git a/man/man8/monkeysphere-server.8 b/man/man8/monkeysphere-server.8 index 302bffb..2b5af5e 100644 --- a/man/man8/monkeysphere-server.8 +++ b/man/man8/monkeysphere-server.8 @@ -1,6 +1,102 @@ .TH MONKEYSPHERE-SERVER "1" "June 2008" "monkeysphere 0.1" "User Commands" + .SH NAME + monkeysphere-server \- monkeysphere server admin user interface + .SH SYNOPSIS + .B monkeysphere-server \fIcommand\fP [\fIargs\fP] + .SH DESCRIPTION + +\fBMonkeySphere\fP is a system to leverage the OpenPGP Web of Trust +for ssh authentication and encryption. OpenPGP keys are tracked via +GnuPG, and added to the ssh authorized_keys and known_hosts files to +be used for authentication of ssh connections. + +\fBmonkeysphere-server\fP is the MonkeySphere server admin utility. + +.SH SUBCOMMANDS + +\fBmonkeysphere-server\fP takes various subcommands: +.TP +.B update-users [USER]... +Update the admin-controlled authorized_keys files for user. For each +user specified, user ID's listed in the user's authorized_user_ids +file are processed, and the user's authorized_keys file in +/var/cache/monkeysphere/authorized_keys/USER. See `man monkeysphere' +for more info. If the USER_CONTROLLED_AUTHORIZED_KEYS variable is +set, then a user-controlled authorized_keys file (usually +~USER/.ssh/authorized_keys) is added to the authorized_keys file. `k' +may be used in place of `update-known_hosts'. +.TP +.B gen-key +Generate a gpg key for the host. `g' may be used in place of +`gen-key'. +.TP +.B show-fingerprint +Show the fingerprint for the host's OpenPGP key. `f' may be used in place of +`show-fingerprint'. +.TP +.B publish-key +Publish the host's gpg key to the keyserver. `p' may be used in place +of `publish-key'. +.TP +.B trust-keys KEYID... +Mark key specified with key IDs with full owner trust. `t' may be used +in place of `trust-keys'. +.TP +.B help +Output a brief usage summary. `h' or `?' may be used in place of +`help'. + +.SH SETUP + +In order to start using the monkeysphere, there are a couple of things +you need to do first. The first is to generate an OpenPGP key for the +server and convert that key to an ssh key that can be used by ssh for +host authentication. To do this, run the "gen-key" subcommand. Once +that is done, publish the key to a keyserver with "publish-key" +subcommand. Finally, you need to modify the sshd_config to tell sshd +where the new server host key: + +HostKey /etc/monkeysphere/ssh_host_rsa_key + +If the server will also handle user authentication through +monkeysphere-generated authorized_keys files, set the following: + +AuthorizedKeysFile /var/cache/monkeysphere/authorized_keys/%u + +Once those changes are made, restart the ssh server. + +.SH FILES + +.TP +/etc/monkeysphere/monkeysphere-server.conf +System monkeysphere-server config file. +.TP +/etc/monkeysphere/monkeysphere.conf +System-wide monkeysphere config file. +.TP +/etc/monkeysphere/gnupg +Monkeysphere GNUPG home directory. +.TP +/etc/monkeysphere/ssh_host_rsa_key +Copy of the host's private key in ssh format, suitable for use by sshd. +.TP +/etc/monkeysphere/authorized_user_ids/USER +Server maintained authorized_user_ids files for users. +.TP +/var/cache/monkeysphere/authorized_keys/USER +User authorized_keys file. + +.SH AUTHOR + +Written by Jameson Rollins + +.SH SEE ALSO + +.BR monkeysphere (1), +.BR gpg (1), +.BR ssh (1)