1 .TH MONKEYSPHERE "1" "June 2008" "monkeysphere 0.1" "User Commands"
5 monkeysphere \- MonkeySphere client user interface
9 .B monkeysphere \fIcommand\fP [\fIargs\fP]
13 MonkeySphere is a system to leverage the OpenPGP Web of Trust for ssh
14 authentication and encryption. OpenPGP keys are tracked via GnuPG,
15 and added to the ssh authorized_keys and known_hosts files to be used
16 for authentication and encryption of ssh connection.
18 \fBmonkeysphere\fP is the MonkeySphere client utility.
22 \fBmonkeysphere\fP takes various subcommands:
24 .B update-known_hosts [HOST]...
25 Update the known_hosts file. For each specified host, gpg will be
26 queried for a key associated with the host URI (see HOST URIs),
27 querying a keyserver if specified. If a key is found, it will be
28 converted to an ssh key, and any matching ssh keys will be removed
29 from the user's known_hosts file. If the found key is acceptable (see
30 KEY ACCEPTABILITY), then the key will be updated and re-added to the
31 known_hosts file. If no gpg key is found for the host, then nothing
32 is done. If no hosts are specified, all hosts listed in the
33 known_hosts file will be processed. `k' may be used in place of
36 .B update-userids [USERID]...
37 Add/update a user ID to the authorized_user_ids file. The user IDs
38 specified should be exact matches to OpenPGP user IDs. For each
39 specified user ID, gpg will be queried for a key associated with that
40 user ID, querying a keyserver if specified. If a key is found, the
41 user ID will be added to the user's authorized_user_ids file (if it
42 wasn't already present). `u' may be used in place of
45 .B remove-userids [USERID]...
46 Remove a user ID from the authorized_user_ids file. The user IDs
47 specified should be exact matches to OpenPGP user IDs. `r' may be
48 used in place of `remove-userids'.
50 .B update-authorized_keys
51 Update the monkeysphere authorized_keys file. For each user ID in the
52 user's authorized_user_ids file, gpg will be queried for keys
53 associated with that user ID, querying a keyserver if specified. If a
54 key is found, it will be converted to an ssh key, and any matching ssh
55 keys will be removed from the user's authorized_keys file. If the
56 found key is acceptable (see KEY ACCEPTABILITY), then the key will be
57 updated and re-added to the authorized_keys file. If no gpg key is
58 found for the user ID, then nothing is done. `a' may be used in place
59 of `update-authorized_keys'.
62 Generate an `a` capable subkey. For the primary key with the
63 specified key ID, generate a subkey with "authentication" capability
64 that can be used for MonkeySphere transactions. `g' may be used in
65 place of `gen-subkey'.
68 Output a brief usage summary. `h' or `?' may be used in place of
73 Host OpenPGP keys have associated user IDs that use the ssh URI
74 specification for the host, ie. "ssh://host.full.domain".
78 GPG keys are considered acceptable if the following criteria are met:
81 For host keys, the key must have both the "authentication" ("a") and
82 "encrypt" ("e") capability flags. For user keys, the key must have
83 the "authentication" ("a") capability flag.
86 The key must be "fully" valid, and must not be expired or revoked.
91 ~/.config/monkeysphere/monkeysphere.conf
92 User monkeysphere config file.
94 /etc/monkeysphere/monkeysphere.conf
95 System-wide monkeysphere config file.
97 ~/.config/monkeysphere/authorized_user_ids
98 OpenPGP user IDs associated with keys that will be checked for
99 addition to the authorized_keys file.
101 ~/.config/monkeysphere/authorized_keys
102 Monkeysphere generated authorized_keys file.
106 Written by Jameson Rollins <jrollins@fifthhorseman.net>
110 .BR monkeysphere-ssh-proxycommand (1),
111 .BR monkeysphere-server (8),
projects / monkeysphere.git / blob