.TH MONKEYSPHERE-SERVER "1" "June 2008" "monkeysphere 0.1" "User Commands" .SH NAME monkeysphere-server \- monkeysphere server admin user interface .SH SYNOPSIS .B monkeysphere-server \fIcommand\fP [\fIargs\fP] .SH DESCRIPTION \fBMonkeySphere\fP is a system to leverage the OpenPGP Web of Trust for ssh authentication and encryption. OpenPGP keys are tracked via GnuPG, and added to the ssh authorized_keys and known_hosts files to be used for authentication of ssh connections. \fBmonkeysphere-server\fP is the MonkeySphere server admin utility. .SH SUBCOMMANDS \fBmonkeysphere-server\fP takes various subcommands: .TP .B update-users [USER]... Update the admin-controlled authorized_keys files for user. For each user specified, user ID's listed in the user's authorized_user_ids file are processed, and the user's authorized_keys file in /var/cache/monkeysphere/authorized_keys/USER. See `man monkeysphere' for more info. If the RAW_AUTHORIZED_KEYS variable is set, then a user-controlled authorized_keys file (usually ~USER/.ssh/authorized_keys) is added to the authorized_keys file. `u' may be used in place of `update-users. .TP .B gen-key Generate a gpg key for the host. `g' may be used in place of `gen-key'. .TP .B show-fingerprint Show the fingerprint for the host's OpenPGP key. `f' may be used in place of `show-fingerprint'. .TP .B publish-key Publish the host's gpg key to the keyserver. `p' may be used in place of `publish-key'. .TP .B trust-key KEYID [LEVEL] Set owner trust for key. If LEVEL is not specified, then the program will prompt for an owner trust level to set for KEYID. This function lsigns the key as well so that it will have a known validity. `t' may be used in place of `trust-key'. .TP .B help Output a brief usage summary. `h' or `?' may be used in place of `help'. .SH SETUP In order to start using the monkeysphere, there are a couple of things you need to do first. The first is to generate an OpenPGP key for the server and convert that key to an ssh key that can be used by ssh for host authentication. To do this, run the "gen-key" subcommand. Once that is done, publish the key to a keyserver with "publish-key" subcommand. Finally, you need to modify the sshd_config to tell sshd where the new server host key: HostKey /var/lib/monkeysphere/ssh_host_rsa_key If the server will also handle user authentication through monkeysphere-generated authorized_keys files, set the following: AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u Once those changes are made, restart the ssh server. .SH FILES .TP /etc/monkeysphere/monkeysphere-server.conf System monkeysphere-server config file. .TP /etc/monkeysphere/monkeysphere.conf System-wide monkeysphere config file. .TP /var/lib/monkeysphere/authorized_keys/USER Monkeysphere-generated user authorized_keys files. .TP /var/lib/monkeysphere/ssh_host_rsa_key Copy of the host's private key in ssh format, suitable for use by sshd. .TP /var/lib/monkeysphere/gnupg-host Monkeysphere host GNUPG home directory. .TP /var/lib/monkeysphere/gnupg-authentication Monkeysphere authentication GNUPG home directory. .SH AUTHOR Written by Jameson Rollins .SH SEE ALSO .BR monkeysphere (1), .BR gpg (1), .BR ssh (1)