X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=man%2Fman8%2Fmonkeysphere-server.8;h=b63f65957bcacf33d6c78f90fea1b6799797f44f;hb=bb2427c28bf40179c4881b22c23f23f9bea78f55;hp=288d45fb1d747ac0b91673cd2d038c27112180ff;hpb=86b6a09beeba248440d4d9a5e923c799c542420d;p=monkeysphere.git diff --git a/man/man8/monkeysphere-server.8 b/man/man8/monkeysphere-server.8 index 288d45f..b63f659 100644 --- a/man/man8/monkeysphere-server.8 +++ b/man/man8/monkeysphere-server.8 @@ -2,7 +2,7 @@ .SH NAME -monkeysphere-server \- monkeysphere server admin user interface +monkeysphere-server \- Monkeysphere server admin user interface .SH SYNOPSIS @@ -10,12 +10,12 @@ monkeysphere-server \- monkeysphere server admin user interface .SH DESCRIPTION -\fBMonkeySphere\fP is a framework to leverage the OpenPGP Web of Trust -for ssh authentication. OpenPGP keys are tracked via GnuPG, and added -to the authorized_keys and known_hosts files used by ssh for +\fBMonkeysphere\fP is a framework to leverage the OpenPGP web of trust +for OpenSSH authentication. OpenPGP keys are tracked via GnuPG, and +added to the authorized_keys and known_hosts files used by OpenSSH for connection authentication. -\fBmonkeysphere-server\fP is the MonkeySphere server admin utility. +\fBmonkeysphere-server\fP is the Monkeysphere server admin utility. .SH SUBCOMMANDS @@ -36,22 +36,53 @@ specified, then all accounts on the system are processed. `u' may be used in place of `update-users'. .TP .B gen-key [HOSTNAME] -Generate a OpenPGP key pair for the host. If HOSTNAME is not -specified, then the system fully-qualified domain name will be user. -An alternate key bit length can be specified with the `-l' or -`--length' option (default 2048). An expiration length can be -specified with the `-e' or `--expire' option (prompt otherwise). A -key revoker fingerprint can be specified with the `-r' or `--revoker' -option. `g' may be used in place of `gen-key'. -.TP -.B show-fingerprint -Show the fingerprint for the host's OpenPGP key. `f' may be used in place of -`show-fingerprint'. +Generate a OpenPGP key for the host. If HOSTNAME is not specified, +then the system fully-qualified domain name will be user. An +alternate key bit length can be specified with the `-l' or `--length' +option (default 2048). An expiration length can be specified with the +`-e' or `--expire' option (prompt otherwise). The expiration format +is the same as that of \fBextend-key\fP, below. A key revoker +fingerprint can be specified with the `-r' or `--revoker' option. `g' +may be used in place of `gen-key'. +.TP +.B extend-key EXPIRE +Extend the validity of the OpenPGP key for the host until EXPIRE from +the present. If EXPIRE is not specified, then the user will be +prompted for the extension term. Expiration is specified like GnuPG +does: +.nf + 0 = key does not expire + = key expires in n days + w = key expires in n weeks + m = key expires in n months + y = key expires in n years +.fi +`e' may be used in place of `extend-key'. +.TP +.B add-hostname HOSTNAME +Add a hostname user ID to the server host key. `n+' may be used in +place of `add-hostname'. +.TP +.B revoke-hostname HOSTNAME +Revoke a hostname user ID from the server host key. `n-' may be used +in place of `revoke-hostname'. +.TP +.B show-key +Output gpg information about host's OpenPGP key. `s' may be used in +place of `show-key'. .TP .B publish-key Publish the host's OpenPGP key to the keyserver. `p' may be used in place of `publish-key'. .TP +.B diagnostics +Review the state of the server with respect to the MonkeySphere in +general and report on suggested changes. Among other checks, this +includes making sure there is a valid host key, that the key is +published, that the sshd configuration points to the right place, and +that there are at least some valid identity certifiers. `d' may be +used in place of `diagnostics'. +.TP .B add-identity-certifier KEYID Instruct system to trust user identity certifications made by KEYID. Using the `-n' or `--domain' option allows you to indicate that you @@ -60,15 +91,15 @@ domain (e.g. "trust KEYID to certify user identities within the @example.org domain"). A certifier trust level can be specified with the `-t' or `--trust' option (possible values are `marginal' and `full' (default is `full')). A certifier trust depth can be specified -with the `-d' or `--depth' option (default is 1). `a' may be used in +with the `-d' or `--depth' option (default is 1). `c+' may be used in place of `add-identity-certifier'. .TP .B remove-identity-certifier KEYID Instruct system to ignore user identity certifications made by KEYID. -`r' may be used in place of `remove-identity-certifier'. +`c-' may be used in place of `remove-identity-certifier'. .TP .B list-identity-certifiers -List key IDs trusted by the system to certify user identities. `l' +List key IDs trusted by the system to certify user identities. `c' may be used in place of `list-identity-certifiers'. .TP .B gpg-authentication-cmd @@ -151,6 +182,10 @@ The following environment variables will override those specified in the monkeysphere-server.conf configuration file (defaults in parentheses): .TP +MONKEYSPHERE_LOG_LEVEL +Set the log level. Can be SILENT, ERROR, INFO, DEBUG, in increasing +order of verbosity. +.TP MONKEYSPHERE_KEYSERVER OpenPGP keyserver to use (subkeys.pgp.net). .TP