.SH NAME
-monkeysphere-server \- monkeysphere server admin user interface
+monkeysphere-server \- Monkeysphere server admin user interface
.SH SYNOPSIS
.SH DESCRIPTION
-\fBMonkeySphere\fP is a framework to leverage the OpenPGP Web of Trust
-for ssh authentication. OpenPGP keys are tracked via GnuPG, and added
-to the authorized_keys and known_hosts files used by ssh for
+\fBMonkeysphere\fP is a framework to leverage the OpenPGP web of trust
+for OpenSSH authentication. OpenPGP keys are tracked via GnuPG, and
+added to the authorized_keys and known_hosts files used by OpenSSH for
connection authentication.
-\fBmonkeysphere-server\fP is the MonkeySphere server admin utility.
+\fBmonkeysphere-server\fP is the Monkeysphere server admin utility.
.SH SUBCOMMANDS
used in place of `update-users'.
.TP
.B gen-key [HOSTNAME]
-Generate a OpenPGP key pair for the host. If HOSTNAME is not
-specified, then the system fully-qualified domain name will be user.
-An alternate key bit length can be specified with the `-l' or
-`--length' option (default 2048). An expiration length can be
-specified with the `-e' or `--expire' option (prompt otherwise). A
-key revoker fingerprint can be specified with the `-r' or `--revoker'
-option. `g' may be used in place of `gen-key'.
-.TP
-.B show-fingerprint
-Show the fingerprint for the host's OpenPGP key. `f' may be used in place of
-`show-fingerprint'.
+Generate a OpenPGP key for the host. If HOSTNAME is not specified,
+then the system fully-qualified domain name will be user. An
+alternate key bit length can be specified with the `-l' or `--length'
+option (default 2048). An expiration length can be specified with the
+`-e' or `--expire' option (prompt otherwise). The expiration format
+is the same as that of \fBextend-key\fP, below. A key revoker
+fingerprint can be specified with the `-r' or `--revoker' option. `g'
+may be used in place of `gen-key'.
+.TP
+.B extend-key EXPIRE
+Extend the validity of the OpenPGP key for the host until EXPIRE from
+the present. If EXPIRE is not specified, then the user will be
+prompted for the extension term. Expiration is specified like GnuPG
+does:
+.nf
+ 0 = key does not expire
+ <n> = key expires in n days
+ <n>w = key expires in n weeks
+ <n>m = key expires in n months
+ <n>y = key expires in n years
+.fi
+`e' may be used in place of `extend-key'.
+.TP
+.B add-hostname HOSTNAME
+Add a hostname user ID to the server host key. `n+' may be used in
+place of `add-hostname'.
+.TP
+.B revoke-hostname HOSTNAME
+Revoke a hostname user ID from the server host key. `n-' may be used
+in place of `revoke-hostname'.
+.TP
+.B show-key
+Output gpg information about host's OpenPGP key. `s' may be used in
+place of `show-key'.
.TP
.B publish-key
Publish the host's OpenPGP key to the keyserver. `p' may be used in
place of `publish-key'.
.TP
+.B diagnostics
+Review the state of the server with respect to the MonkeySphere in
+general and report on suggested changes. Among other checks, this
+includes making sure there is a valid host key, that the key is
+published, that the sshd configuration points to the right place, and
+that there are at least some valid identity certifiers. `d' may be
+used in place of `diagnostics'.
+.TP
.B add-identity-certifier KEYID
Instruct system to trust user identity certifications made by KEYID.
Using the `-n' or `--domain' option allows you to indicate that you
@example.org domain"). A certifier trust level can be specified with
the `-t' or `--trust' option (possible values are `marginal' and
`full' (default is `full')). A certifier trust depth can be specified
-with the `-d' or `--depth' option (default is 1). `a' may be used in
+with the `-d' or `--depth' option (default is 1). `c+' may be used in
place of `add-identity-certifier'.
.TP
.B remove-identity-certifier KEYID
Instruct system to ignore user identity certifications made by KEYID.
-`r' may be used in place of `remove-identity-certifier'.
+`c-' may be used in place of `remove-identity-certifier'.
.TP
.B list-identity-certifiers
-List key IDs trusted by the system to certify user identities. `l'
+List key IDs trusted by the system to certify user identities. `c'
may be used in place of `list-identity-certifiers'.
.TP
.B gpg-authentication-cmd
the monkeysphere-server.conf configuration file (defaults in
parentheses):
.TP
+MONKEYSPHERE_LOG_LEVEL
+Set the log level. Can be SILENT, ERROR, INFO, DEBUG, in increasing
+order of verbosity.
+.TP
MONKEYSPHERE_KEYSERVER
OpenPGP keyserver to use (subkeys.pgp.net).
.TP
projects / monkeysphere.git / blobdiff