X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=man%2Fman8%2Fmonkeysphere-server.8;h=2b5af5ec574f936bdcc4359808f227c7c1ccb6cb;hb=3cea2ab969f54fc33ed238c5b326fb3868392a15;hp=edb493f6891f754866adf0217bf4f1a829e08e59;hpb=ec3b1c13b5a071234d5e8e9b321f521dc58af924;p=monkeysphere.git diff --git a/man/man8/monkeysphere-server.8 b/man/man8/monkeysphere-server.8 index edb493f..2b5af5e 100644 --- a/man/man8/monkeysphere-server.8 +++ b/man/man8/monkeysphere-server.8 @@ -23,7 +23,8 @@ be used for authentication of ssh connections. .TP .B update-users [USER]... Update the admin-controlled authorized_keys files for user. For each -user specified, update the user's authorized_keys file in +user specified, user ID's listed in the user's authorized_user_ids +file are processed, and the user's authorized_keys file in /var/cache/monkeysphere/authorized_keys/USER. See `man monkeysphere' for more info. If the USER_CONTROLLED_AUTHORIZED_KEYS variable is set, then a user-controlled authorized_keys file (usually @@ -34,26 +35,41 @@ may be used in place of `update-known_hosts'. Generate a gpg key for the host. `g' may be used in place of `gen-key'. .TP +.B show-fingerprint +Show the fingerprint for the host's OpenPGP key. `f' may be used in place of +`show-fingerprint'. +.TP .B publish-key Publish the host's gpg key to the keyserver. `p' may be used in place -of `publish-key' +of `publish-key'. .TP .B trust-keys KEYID... Mark key specified with key IDs with full owner trust. `t' may be used in place of `trust-keys'. .TP -.B update-user-userids USER USERID... -Add/update a user ID to the authorized_user_ids file for USER. `u' may -be used in place of `update-user-userids'. -.TP -.B remove-user-userids USER USERID... -Remove a user ID from the authorized_user_ids file for USER. `r' may -be used in place of `remove-user-userids'. -.TP .B help Output a brief usage summary. `h' or `?' may be used in place of `help'. +.SH SETUP + +In order to start using the monkeysphere, there are a couple of things +you need to do first. The first is to generate an OpenPGP key for the +server and convert that key to an ssh key that can be used by ssh for +host authentication. To do this, run the "gen-key" subcommand. Once +that is done, publish the key to a keyserver with "publish-key" +subcommand. Finally, you need to modify the sshd_config to tell sshd +where the new server host key: + +HostKey /etc/monkeysphere/ssh_host_rsa_key + +If the server will also handle user authentication through +monkeysphere-generated authorized_keys files, set the following: + +AuthorizedKeysFile /var/cache/monkeysphere/authorized_keys/%u + +Once those changes are made, restart the ssh server. + .SH FILES .TP @@ -66,6 +82,9 @@ System-wide monkeysphere config file. /etc/monkeysphere/gnupg Monkeysphere GNUPG home directory. .TP +/etc/monkeysphere/ssh_host_rsa_key +Copy of the host's private key in ssh format, suitable for use by sshd. +.TP /etc/monkeysphere/authorized_user_ids/USER Server maintained authorized_user_ids files for users. .TP