1 .TH MONKEYSPHERE "1" "June 2008" "monkeysphere 0.1" "User Commands"
5 monkeysphere - Monkeysphere client user interface
9 .B monkeysphere \fIsubcommand\fP [\fIargs\fP]
13 \fBMonkeysphere\fP is a framework to leverage the OpenPGP web of trust
14 for OpenSSH authentication. OpenPGP keys are tracked via GnuPG, and
15 added to the authorized_keys and known_hosts files used by OpenSSH for
16 connection authentication.
18 \fBmonkeysphere\fP is the Monkeysphere client utility.
22 \fBmonkeysphere\fP takes various subcommands:
24 .B update\-known_hosts [HOST]...
25 Update the known_hosts file. For each specified host, gpg will be
26 queried for a key associated with the host URI (see HOST
29 optionally querying a keyserver.
30 If an acceptable key is found for the host (see KEY ACCEPTABILITY in
32 the key is added to the user's known_hosts file. If a key is found
33 but is unacceptable for the host, any matching keys are removed from
34 the user's known_hosts file. If no gpg key is found for the host,
35 nothing is done. If no hosts are specified, all hosts listed in the
36 known_hosts file will be processed. This subcommand will exit with a
37 status of 0 if at least one acceptable key was found for a specified
38 host, 1 if no matching keys were found at all, and 2 if matching keys
39 were found but none were acceptable. `k' may be used in place of
40 `update\-known_hosts'.
42 .B update\-authorized_keys
43 Update the authorized_keys file for the user executing the command
44 (see MONKEYSPHERE_AUTHORIZED_KEYS in ENVIRONMENT, below). First all
45 monkeysphere keys are cleared from the authorized_keys file. Then,
46 for each user ID in the user's authorized_user_ids file, gpg will be
47 queried for keys associated with that user ID, optionally querying a
48 keyserver. If an acceptable key is found (see KEY ACCEPTABILITY in
49 .BR monkeysphere (7)),
50 the key is added to the user's authorized_keys file.
51 If a key is found but is unacceptable for the user ID, any matching
52 keys are removed from the user's authorized_keys file. If no gpg key
53 is found for the user ID, nothing is done. This subcommand will exit
54 with a status of 0 if at least one acceptable key was found for a user
55 ID, 1 if no matching keys were found at all, and 2 if matching keys
56 were found but none were acceptable. `a' may be used in place of
57 `update\-authorized_keys'.
59 .B gen\-subkey [KEYID]
60 Generate an authentication subkey for a private key in your GnuPG
61 keyring. KEYID is the key ID for the primary key for which the subkey
62 with "authentication" capability will be generated. If no key ID is
63 specified, but only one key exists in the secret keyring, that key
64 will be used. The length of the generated key can be specified with
65 the `\-\-length' or `\-l' option. `g' may be used in place of
68 .B ssh\-proxycommand [--no-connect] HOST [PORT]
69 An ssh ProxyCommand that can be used to trigger a monkeysphere update
70 of the ssh known_hosts file for a host that is being connected to with
71 ssh. This works by updating the known_hosts file for the host first,
72 before an attempted connection to the host is made. Once the
73 known_hosts file has been updated, a TCP connection to the host is
74 made by exec'ing netcat(1). Regular ssh communication is then done
75 over this netcat TCP connection (see ProxyCommand in ssh_config(5) for
78 This command is meant to be run as the ssh "ProxyCommand". This can
79 either be done by specifying the proxy command on the command line:
81 .B ssh \-o ProxyCommand="monkeysphere ssh\-proxycommand %h %p" ...
83 or by adding the following line to your ~/.ssh/config script:
85 .B ProxyCommand monkeysphere ssh\-proxycommand %h %p
87 The script can easily be incorporated into other ProxyCommand scripts
88 by calling it with the "\-\-no\-connect" option, i.e.:
90 .B monkeysphere ssh\-proxycommand \-\-no\-connect "$HOST" "$PORT"
92 This will run everything except the final exec of netcat to make the
93 TCP connection to the host. In this way this command can be added to
94 another proxy command that does other stuff, and then makes the
95 connection to the host itself.
98 The proxy command has a fairly nuanced policy for when keyservers are
99 queried when processing a host. If the host userID is not found in
100 either the user's keyring or in the known_hosts file, then the
101 keyserver is queried for the host userID. If the host userID is found
102 in the user's keyring, then the keyserver is not checked. This
103 assumes that the keyring is kept up-to-date, in a cronjob or the like,
104 so that revocations are properly handled. If the host userID is not
105 found in the user's keyring, but the host is listed in the known_hosts
106 file, then the keyserver is not checked. This last policy might
107 change in the future, possibly by adding a deferred check, so that
108 hosts that go from non-monkeysphere-enabled to monkeysphere-enabled
109 will be properly checked.
111 Setting the CHECK_KEYSERVER variable in the config file or the
112 MONKEYSPHERE_CHECK_KEYSERVER environment variable to either `true' or
113 `false' will override the keyserver-checking policy defined above and
114 either always or never check the keyserver for host key updates.
117 .B subkey\-to\-ssh\-agent [ssh\-add arguments]
118 Push all authentication-capable subkeys in your GnuPG secret keyring
119 into your running ssh-agent. Additional arguments are passed through
122 For example, to remove the authentication subkeys, pass an additional
123 `\-d' argument. To require confirmation on each use of the key, pass
124 `\-c'. The MONKEYSPHERE_SUBKEYS_FOR_AGENT environment can be used to
125 specify the full fingerprints of specific keys to add to the agent
126 (space separated), instead of adding them all. `s' may be used in
127 place of `subkey\-to\-ssh\-agent'.
130 Output the ssh fingerprint of a key in your gpg keyring. `f' may be
131 used in place of `fingerprint'.
134 Show the monkeysphere version number. `v' may be used in place of
138 Output a brief usage summary. `h' or `?' may be used in place of
143 The following environment variables will override those specified in
144 the monkeysphere.conf configuration file (defaults in parentheses):
146 MONKEYSPHERE_LOG_LEVEL
147 Set the log level. Can be SILENT, ERROR, INFO, VERBOSE, DEBUG,
148 in increasing order of verbosity. (INFO)
150 MONKEYSPHERE_GNUPGHOME, GNUPGHOME
151 GnuPG home directory. (~/.gnupg)
153 MONKEYSPHERE_KEYSERVER
154 OpenPGP keyserver to use. (pool.sks-keyservers.net)
156 MONKEYSPHERE_CHECK_KEYSERVER
157 Whether or not to check keyserver when making gpg queries. (true)
159 MONKEYSPHERE_KNOWN_HOSTS
160 Path to ssh known_hosts file. (~/.ssh/known_hosts)
162 MONKEYSPHERE_HASH_KNOWN_HOSTS
163 Whether or not to hash to the known_hosts file entries. (true)
165 MONKEYSPHERE_AUTHORIZED_KEYS
166 Path to ssh authorized_keys file. (~/.ssh/authorized_keys)
169 If set to `false', never prompt the user for confirmation. (true)
171 MONKEYSPHERE_STRICT_MODES
172 If set to `false', ignore too-loose permissions on known_hosts,
173 authorized_keys, and authorized_user_ids files. NOTE: setting this to
174 false may expose you to abuse by other users on the system. (true)
176 MONKEYSPHERE_SUBKEYS_FOR_AGENT
177 A space-separated list of authentication-capable subkeys to add to the
178 ssh agent with subkey-to-ssh-agent.
183 ~/.monkeysphere/monkeysphere.conf
184 User monkeysphere config file.
186 /etc/monkeysphere/monkeysphere.conf
187 System-wide monkeysphere config file.
189 ~/.monkeysphere/authorized_user_ids
190 A list of OpenPGP user IDs, one per line. OpenPGP keys with an
191 exactly-matching User ID (calculated valid by the designated identity
192 certifiers), will have any valid authorization-capable keys or subkeys
193 added to the given user's authorized_keys file.
198 Jameson Rollins <jrollins@fifthhorseman.net>,
199 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
203 .BR monkeysphere\-host (8),
204 .BR monkeysphere\-authentication (8),
205 .BR monkeysphere (7),
projects / monkeysphere.git / blob