X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=man%2Fman8%2Fmonkeysphere-server.8;h=527cae791f9b131521f0166a451a761b41a5b0b5;hb=2c64cd42335d7c0eeb904d9b9bdb09d7fa8456c5;hp=79832a2fedd2094d064e2f0a2bece311077aa743;hpb=c3ed6920551ca86defe76f4d2f629062d66a0dae;p=monkeysphere.git diff --git a/man/man8/monkeysphere-server.8 b/man/man8/monkeysphere-server.8 index 79832a2..527cae7 100644 --- a/man/man8/monkeysphere-server.8 +++ b/man/man8/monkeysphere-server.8 @@ -2,7 +2,7 @@ .SH NAME -monkeysphere-server \- monkeysphere server admin user interface +monkeysphere-server \- Monkeysphere server admin user interface .SH SYNOPSIS @@ -10,12 +10,12 @@ monkeysphere-server \- monkeysphere server admin user interface .SH DESCRIPTION -\fBMonkeySphere\fP is a framework to leverage the OpenPGP Web of Trust -for ssh authentication. OpenPGP keys are tracked via GnuPG, and added -to the authorized_keys and known_hosts files used by ssh for +\fBMonkeysphere\fP is a framework to leverage the OpenPGP web of trust +for OpenSSH authentication. OpenPGP keys are tracked via GnuPG, and +added to the authorized_keys and known_hosts files used by OpenSSH for connection authentication. -\fBmonkeysphere-server\fP is the MonkeySphere server admin utility. +\fBmonkeysphere-server\fP is the Monkeysphere server admin utility. .SH SUBCOMMANDS @@ -52,12 +52,22 @@ Show the fingerprint for the host's OpenPGP key. `f' may be used in place of Publish the host's OpenPGP key to the keyserver. `p' may be used in place of `publish-key'. .TP +.B diagnostics +Review the state of the server with respect to the MonkeySphere in +general and report on suggested changes. Among other checks, this +includes making sure there is a valid host key, that the key is +published, that the sshd configuration points to the right place, and +that there are at least some valid identity certifiers. `d' may be +used in place of `diagnostics'. +.TP .B add-identity-certifier KEYID Instruct system to trust user identity certifications made by KEYID. -A certifier domain can be specified with the `-n' or `--domain' -option. A certifier trust level can be specified with the `-t' or -`--trust' option (possible values are `1' for `marginal' and `2' for -`full' (default is `2')). A certifier trust depth can be specified +Using the `-n' or `--domain' option allows you to indicate that you +only trust the given KEYID to make identifications within a specific +domain (e.g. "trust KEYID to certify user identities within the +@example.org domain"). A certifier trust level can be specified with +the `-t' or `--trust' option (possible values are `marginal' and +`full' (default is `full')). A certifier trust depth can be specified with the `-d' or `--depth' option (default is 1). `a' may be used in place of `add-identity-certifier'. .TP