which keys will act as identity certifiers. This is done with the
\fBadd\-id\-certifier\fP command:
-$ monkeysphere\-authentication add\-id\-certifier KEYID
+# monkeysphere\-authentication add\-id\-certifier KEYID
where KEYID is the key ID of the server admin, or whoever's
certifications should be acceptable to the system for the purposes of
\fBremove\-id\-certifier\fP command, and listed with the
\fBlist\-id\-certifiers\fP command.
-Remote users will be granted access to local accounts based on the
+A remote user will be granted access to a local account based on the
appropriately-signed and valid keys associated with user IDs listed in
that account's authorized_user_ids file. By default, the
authorized_user_ids file for an account is
monkeysphere\-authentication.conf file.
The \fBupdate\-users\fP command is used to generate authorized_keys
-files for local accounts based on the authorized user IDs listed in
-the account's authorized_user_ids file:
+files for a local account based on the user IDs listed in the
+account's authorized_user_ids file:
-$ monkeysphere\-authentication update\-users USER
+# monkeysphere\-authentication update\-users USER
Not specifying USER will cause all accounts on the system to updated.
-The ssh server can then use these monkeysphere\-generated
-authorized_keys files to grant access to user accounts for remote
-users. In order for sshd to look at the monkeysphere\-generated
-authorized_keys file for user authentication, the AuthorizedKeysFile
-parameter must be set in the sshd_config to point to the
-monkeysphere\-generated authorized_keys files:
+The ssh server can use these monkeysphere-generated authorized_keys
+files to grant access to user accounts for remote users. In order for
+sshd to look at the monkeysphere-generated authorized_keys file for
+user authentication, the AuthorizedKeysFile parameter must be set in
+the sshd_config to point to the monkeysphere\-generated
+authorized_keys files:
AuthorizedKeysFile /var/lib/monkeysphere/authentication/authorized_keys/%u
-It is recommended to add "monkeysphere\-authentication update-users"
+It is recommended to add "monkeysphere\-authentication update\-users"
to a system crontab, so that user keys are kept up-to-date, and key
revocations and expirations can be processed in a timely manner.
.SH AUTHOR
-Written by:
+This man page was written by:
Jameson Rollins <jrollins@fifthhorseman.net>,
Daniel Kahn Gillmor <dkg@fifthhorseman.net>,
Matthew Goins <mjgoins@openflows.com>
.BR monkeysphere (7),
.BR gpg (1),
.BR ssh (1),
-.BR sshd (8)
+.BR sshd (8),
+.BR sshd_config (5)
To enable host verification via the monkeysphere, an OpenPGP key must
be made out of the host's ssh key, and the key must be published to
the Web of Trust. This is not done by default. The first step is to
-import the host's ssh key into a monkeysphere OpenPGP key. This is
-done with the import\-key command. When importing a key, you must
+import the host's ssh key into a monkeysphere-style OpenPGP key. This
+is done with the import\-key command. When importing a key, you must
specify the path to the host's ssh RSA key to import, and a hostname
to use as the key's user ID:
-$ monkeysphere\-host import\-key /etc/ssh/ssh_host_rsa_key host.example.org
+# monkeysphere\-host import\-key /etc/ssh/ssh_host_rsa_key host.example.org
On most systems, the ssh host RSA key is stored at
/etc/ssh/ssh_host_rsa_key.
see http://web.monkeysphere.info/signing-host-keys/ for more
information. Once an admin's signature is published, users logging
into the host can use it to validate the host's key without having to
-manually check the hosts key's fingerprint.
+manually check the host key's fingerprint.
.SH ENVIRONMENT
.TP
/etc/monkeysphere/monkeysphere\-host.conf
-System monkeysphere-host config file.
+System monkeysphere\-host config file.
.TP
/var/lib/monkeysphere/host/ssh_host_rsa_key.pub.gpg
A world-readable copy of the host's public key in OpenPGP format,
.SH AUTHOR
-Written by:
+This man page was written by:
Jameson Rollins <jrollins@fifthhorseman.net>,
Daniel Kahn Gillmor <dkg@fifthhorseman.net>,
Matthew Goins <mjgoins@openflows.com>
.BR monkeysphere (7),
.BR gpg (1),
.BR ssh (1),
-.BR sshd (8),
+.BR sshd (8)