-.TH MONKEYSPHERE-SERVER "8" "March 2009" "monkeysphere" "User Commands"
+.TH MONKEYSPHERE-AUTHENTICATION "8" "January 2010" "monkeysphere" "System Commands"
.SH NAME
.SH DESCRIPTION
\fBMonkeysphere\fP is a framework to leverage the OpenPGP Web of Trust
-(WoT) for OpenSSH authentication. OpenPGP keys are tracked via GnuPG,
-and added to the authorized_keys and known_hosts files used by OpenSSH
-for connection authentication.
+(WoT) for key-based authentication. OpenPGP keys are tracked via
+GnuPG, and added to the authorized_keys files used by OpenSSH for
+connection authentication.
\fBmonkeysphere\-authentication\fP is a Monkeysphere server admin
utility for configuring and managing SSH user authentication through
specified, then all accounts on the system are processed. `u' may be
used in place of `update\-users'.
.TP
+.B refresh\-keys
+Refresh all keys in the monkeysphere-authentication keyring. If no
+accounts are specified, then all accounts on the system are processed.
+`r' may be used in place of `refresh\-keys'.
+.TP
.B add\-id\-certifier KEYID|FILE
Instruct system to trust user identity certifications made by KEYID.
The key ID will be loaded from the keyserver. A file may be loaded
List key IDs trusted by the system to certify user identities. `c'
may be used in place of `list\-id\-certifiers'.
.TP
+.B version
+Show the monkeysphere version number. `v' may be used in place of
+`version'.
+.TP
.B help
Output a brief usage summary. `h' or `?' may be used in place of
`help'.
-.TP
-.B version
-show version number
+
Other commands:
.TP
the sshd_config to point to the monkeysphere\-generated
authorized_keys files:
-AuthorizedKeysFile /var/lib/monkeysphere/authentication/authorized_keys/%u
+AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u
It is recommended to add "monkeysphere\-authentication update\-users"
to a system crontab, so that user keys are kept up-to-date, and key
.TP
MONKEYSPHERE_PROMPT
If set to `false', never prompt the user for confirmation. (true)
+.TP
+MONKEYSPHERE_STRICT_MODES
+If set to `false', ignore too-loose permissions on known_hosts,
+authorized_keys, and authorized_user_ids files. NOTE: setting this to
+false may expose users to abuse by other users on the system. (true)
.SH FILES
/etc/monkeysphere/monkeysphere\-authentication.conf
System monkeysphere-authentication config file.
.TP
+/etc/monkeysphere/monkeysphere\-authentication\-x509\-anchors.crt
+If monkeysphere-authentication is configured to query an hkps
+keyserver, it will use X.509 Certificate Authority certificates in
+this file to validate any X.509 certificates used by the keyserver.
+.TP
/var/lib/monkeysphere/authorized_keys/USER
Monkeysphere-generated user authorized_keys files.
+.TP
+~/.monkeysphere/authorized_user_ids
+A list of OpenPGP user IDs, one per line. OpenPGP keys with an
+exactly-matching User ID (calculated valid by the designated identity
+certifiers), will have any valid authorization-capable keys or subkeys
+added to the given user's authorized_keys file.
.SH AUTHOR
This man page was written by:
-Jameson Rollins <jrollins@fifthhorseman.net>,
+Jameson Rollins <jrollins@finestructure.net>,
Daniel Kahn Gillmor <dkg@fifthhorseman.net>,
Matthew Goins <mjgoins@openflows.com>
projects / monkeysphere.git / blobdiff