1 .TH MONKEYSPHERE "1" "June 2008" "monkeysphere 0.1" "User Commands"
5 monkeysphere \- MonkeySphere client user interface
9 .B monkeysphere \fIcommand\fP [\fIargs\fP]
13 \fBMonkeySphere\fP is a system to leverage the OpenPGP Web of Trust
14 for ssh authentication. OpenPGP keys are tracked via GnuPG, and added
15 to the ssh authorized_keys and known_hosts files to be used for
16 authentication of ssh connections.
18 \fBmonkeysphere\fP is the MonkeySphere client utility.
22 \fBmonkeysphere\fP takes various subcommands:
24 .B update-known_hosts [HOST]...
25 Update the known_hosts file. For each specified host, gpg will be
26 queried for a key associated with the host URI (see HOST URIs),
27 querying a keyserver if specified. If a key is found, it will be
28 converted to an ssh key, and any matching ssh keys will be removed
29 from the user's known_hosts file. If the found key is acceptable (see
30 KEY ACCEPTABILITY), then the key will be updated and re-added to the
31 known_hosts file. If no gpg key is found for the host, then nothing
32 is done. If no hosts are specified, all hosts listed in the
33 known_hosts file will be processed. This command will exit with a
34 status of 0 if all host were found to be acceptable, 2 if all the
35 hosts were found to be unacceptable (ie. with keys removed from the
36 known_hosts file), and 1 otherwise. `k' may be used in place of
39 .B update-authorized_keys
40 Update the monkeysphere authorized_keys file. For each user ID in the
41 user's authorized_user_ids file, gpg will be queried for keys
42 associated with that user ID, querying a keyserver if specified. If a
43 key is found, it will be converted to an ssh key, and any matching ssh
44 keys will be removed from the user's authorized_keys file. If the
45 found key is acceptable (see KEY ACCEPTABILITY), then the key will be
46 updated and re-added to the authorized_keys file. If no gpg key is
47 found for the user ID, then nothing is done. This command will exit
48 with a status of 0 if all user IDs were found to be acceptable, 2 if
49 all the user IDs were found to be unacceptable (ie. with keys removed
50 from the authorized_keys file), and 1 otherwise. `a' may be used in
51 place of `update-authorized_keys'.
54 Generate an `a` capable subkey. For the primary key with the
55 specified key ID, generate a subkey with "authentication" capability
56 that can be used for MonkeySphere transactions. `g' may be used in
57 place of `gen-subkey'.
60 Output a brief usage summary. `h' or `?' may be used in place of
65 Host OpenPGP keys have associated user IDs that use the ssh URI
66 specification for the host, ie. "ssh://host.full.domain[:port]".
70 GPG keys are considered acceptable if the following criteria are met:
73 The key must have the "authentication" ("a") usage flag set.
76 The key must be "fully" valid (ie. signed by a trusted certifier), and
77 must not be expired or revoked.
82 ~/.config/monkeysphere/monkeysphere.conf
83 User monkeysphere config file.
85 /etc/monkeysphere/monkeysphere.conf
86 System-wide monkeysphere config file.
88 ~/.config/monkeysphere/authorized_user_ids
89 OpenPGP user IDs associated with keys that will be checked for
90 addition to the authorized_keys file.
94 Written by Jameson Rollins <jrollins@fifthhorseman.net>
98 .BR monkeysphere-ssh-proxycommand (1),
99 .BR monkeysphere-server (8),