.SH DESCRIPTION
-\fBMonkeySphere\fP is a framework to leverage the OpenPGP Web of Trust
+\fBMonkeysphere\fP is a framework to leverage the OpenPGP Web of Trust
for ssh authentication. OpenPGP keys are tracked via GnuPG, and added
to the authorized_keys and known_hosts files used by ssh for
connection authentication.
.SH AUTHOR
-Written by Jameson Rollins <jrollins@fifthhorseman.net>, Daniel Kahn
-Gillmor <dkg@fifthhorseman.net>
+Written by:
+Jameson Rollins <jrollins@fifthhorseman.net>,
+Daniel Kahn Gillmor <dkg@fifthhorseman.net>
.SH SEE ALSO
.BR monkeysphere (1),
-.BR monkeysphere-server (8),
-.BR monkeysphere-ssh-proxycommand (1),
+.BR monkeysphere-host (8),
+.BR monkeysphere-authentication (8),
+.BR openpgp2ssh (1),
+.BR pem2openpgp (1),
.BR gpg (1),
.BR ssh (1),
.BR http://tools.ietf.org/html/rfc4880,
\fBmonkeysphere-authentication\fP is a Monkeysphere server admin utility.
.SH SUBCOMMANDS
-\fBmonkeysphere-authentication\fP takes various subcommands.(Users may use the
-abbreviated subcommand in parentheses):
+\fBmonkeysphere-authentication\fP takes various subcommands.
.TP
-.B update-users (u) [ACCOUNT]...
-Rebuild the monkeysphere-controlled authorized_keys files. For each specified
-account, the user ID's listed in the account's authorized_user_ids file are
-processed. For each user ID, gpg will be queried for keys associated with that
-user ID, optionally querying a keyserver. If an acceptable key is found (see
-KEY ACCEPTABILITY in monkeysphere(7)), the key is added to the account's
-monkeysphere-controlled authorized_keys file. If the RAW_AUTHORIZED_KEYS
-variable is set, then a separate authorized_keys file (usually
-~USER/.ssh/authorized_keys) is appended to the monkeysphere-controlled
-authorized_keys file. If no accounts are specified, then all accounts on the
-system are processed. `u' may be used in place of `update-users'.
-
-\" XXX
-
+.B setup
+Setup the server for Monkeysphere user authentication. `s' may be
+used in place of `setup'.
.TP
-.B add-id-certifier (c+) KEYID
+.B update-users [ACCOUNT]...
+Rebuild the monkeysphere-controlled authorized_keys files. For each
+specified account, the user ID's listed in the account's
+authorized_user_ids file are processed. For each user ID, gpg will be
+queried for keys associated with that user ID, optionally querying a
+keyserver. If an acceptable key is found (see KEY ACCEPTABILITY in
+monkeysphere(7)), the key is added to the account's
+monkeysphere-controlled authorized_keys file. If the
+RAW_AUTHORIZED_KEYS variable is set, then a separate authorized_keys
+file (usually ~USER/.ssh/authorized_keys) is appended to the
+monkeysphere-controlled authorized_keys file. If no accounts are
+specified, then all accounts on the system are processed. `u' may be
+used in place of `update-users'.
+.TP
+.B add-id-certifier KEYID
Instruct system to trust user identity certifications made by KEYID.
Using the `-n' or `--domain' option allows you to indicate that you
only trust the given KEYID to make identifications within a specific
with the `-d' or `--depth' option (default is 1). `c+' may be used in
place of `add-id-certifier'.
.TP
-.B remove-id-certifier (c-) KEYID
+.B remove-id-certifier KEYID
Instruct system to ignore user identity certifications made by KEYID.
`c-' may be used in place of `remove-id-certifier'.
.TP
-.B list-id-certifiers (c)
+.B list-id-certifiers
List key IDs trusted by the system to certify user identities. `c'
may be used in place of `list-id-certifiers'.
.TP
show version number
.SH "EXPERT" SUBCOMMANDS
+
Some commands are very unlikely to be needed by most administrators.
-These commands must follow the word `expert'.
+These commands must prefaced by the word `expert'.
.TP
-.B diagnostics (d)
-Review the state of the server with respect to authentication.
+.B diagnostics
+Review the state of the server with respect to authentication. `d'
+may be used in place of `diagnostics'.
.TP
.B gpg-cmd
Execute a gpg command on the gnupg-authentication keyring as the
modifying the gnupg-authentication keyring can affect ssh user
authentication.
-.SH SETUP
+.SH SETUP USER AUTHENTICATION
If the server will handle user authentication through
monkeysphere-generated authorized_keys files, the server must be told
sshd to look at the monkeysphere-generated authorized_keys file for
user authentication by setting the following in the sshd_config:
-AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u
+AuthorizedKeysFile /var/lib/monkeysphere/authentication/authorized_keys/%u
It is recommended to add "monkeysphere-authentication update-users" to a
system crontab, so that user keys are kept up-to-date, and key
.SH ENVIRONMENT
The following environment variables will override those specified in
-(defaults in parentheses):
+the config file (defaults in parentheses):
.TP
MONKEYSPHERE_MONKEYSPHERE_USER
User to control authentication keychain (monkeysphere).
increasing order of verbosity.
.TP
MONKEYSPHERE_KEYSERVER
-OpenPGP keyserver to use (subkeys.pgp.net).
+OpenPGP keyserver to use (pool.sks-keyservers.net).
.TP
MONKEYSPHERE_AUTHORIZED_USER_IDS
Path to user authorized_user_ids file
.SH AUTHOR
-Written by Jameson Rollins <jrollins@fifthhorseman.net>, Daniel Kahn
-Gillmor <dkg@fifthhorseman.net>
+Written by:
+Jameson Rollins <jrollins@fifthhorseman.net>,
+Daniel Kahn Gillmor <dkg@fifthhorseman.net>,
+Matthew Goins <mjgoins@openflows.com>
.SH SEE ALSO
\fBmonkeysphere-host\fP takes various subcommands:
.TP
+.B show-key
+Output information about host's OpenPGP and SSH keys. `s' may be used
+in place of `show-key'.
+.TP
.B extend-key EXPIRE
Extend the validity of the OpenPGP key for the host until EXPIRE from
the present. If EXPIRE is not specified, then the user will be
<n>y = key expires in n years
.fi
`e' may be used in place of `extend-key'.
-
.TP
.B add-hostname HOSTNAME
Add a hostname user ID to the server host key. `n+' may be used in
in place of `revoke-hostname'.
.TP
.B add-revoker FINGERPRINT
-
+Add a revoker to the host's OpenPGP key. `o' may be be used in place
+of `add-revoker'.
.TP
-.B show-key
-Output gpg information about host's OpenPGP key. `s' may be used in
-place of `show-key'.
+.B revoke-key
+Revoke the host's OpenPGP key. `r' may be used in place of
+`revoke-key'.
.TP
.B publish-key
Publish the host's OpenPGP key to the keyserver. `p' may be used in
.TP
.B version
show version number
+
.SH "EXPERT" SUBCOMMANDS
+
Some commands are very unlikely to be needed by most administrators.
-These commands must follow the word `expert'.
+These commands must prefaced by the word `expert'.
.TP
.B gen-key [HOSTNAME]
Generate a OpenPGP key for the host. If HOSTNAME is not specified,
alternate key bit length can be specified with the `-l' or `--length'
option (default 2048). An expiration length can be specified with the
`-e' or `--expire' option (prompt otherwise). The expiration format
-is the same as that of \fBextend-key\fP, below. A key revoker
-fingerprint can be specified with the `-r' or `--revoker' option. `g'
-may be used in place of `gen-key'.
-
-.TP
-.B diagnostics
-Review the state of the server with respect to the MonkeySphere in
-general and report on suggested changes. Among other checks, this
-includes making sure there is a valid host key, that the key is
-published, that the sshd configuration points to the right place, and
-that there are at least some valid identity certifiers. `d' may be
-used in place of `diagnostics'.
+is the same as that of \fBextend-key\fP, below. `g' may be used in
+place of `gen-key'.
.TP
.B import-key
FIXME:
--hostname (-h) NAME[:PORT] hostname for key user ID
--keyfile (-f) FILE key file to import
--expire (-e) EXPIRE date to expire
+.TP
+.B diagnostics
+Review the state of the monkeysphere server host key and report on
+suggested changes. Among other checks, this includes making sure
+there is a valid host key, that the key is published, that the sshd
+configuration points to the right place, etc. `d' may be used in
+place of `diagnostics'.
-.SH SETUP
+.SH SETUP HOST AUTHENTICATION
-In order to start using the monkeysphere, you must first generate an
-OpenPGP key for the server and convert that key to an ssh key that can
-be used by ssh for host authentication. This can be done with the
-\fBgen-key\fP subcommand:
+To enable host verification via the monkeysphere, the host's key must
+be published to the Web of Trust. This is not done by default. To
+publish the host key to the keyservers, run the following command:
-$ monkeysphere-server gen-key
+$ monkeysphere-host publish-key
-To enable host verification via the monkeysphere, you must then
-publish the host's key to the Web of Trust using the \fBpublish-key\fP
-command to push the key to a keyserver. You must also modify the
-sshd_config on the server to tell sshd where the new server host key
-is located:
+You must also modify the sshd_config on the server to tell sshd where
+the new server host key is located:
-HostKey /var/lib/monkeysphere/ssh_host_rsa_key
+HostKey /var/lib/monkeysphere/host/ssh_host_rsa_key
In order for users logging into the system to be able to identify the
host via the monkeysphere, at least one person (e.g. a server admin)
will need to sign the host's key. This is done using standard OpenPGP
-keysigning techniques, usually: pul the key from the keyserver, verify
-and sign the key, and then re-publish the signature. Once an admin's
-signature is published, users logging into the host can use it to
-validate the host's key.
+keysigning techniques, usually: pull the key from the keyserver,
+verify and sign the key, and then re-publish the signature. Once an
+admin's signature is published, users logging into the host can use it
+to validate the host's key.
+
+.SH ENVIRONMENT
+The following environment variables will override those specified in
+the config file (defaults in parentheses):
.TP
MONKEYSPHERE_LOG_LEVEL
Set the log level (INFO). Can be SILENT, ERROR, INFO, VERBOSE, DEBUG, in
increasing order of verbosity.
.TP
MONKEYSPHERE_KEYSERVER
-OpenPGP keyserver to use (subkeys.pgp.net).
+OpenPGP keyserver to use (pool.sks-keyservers.net).
.SH FILES
+
.TP
/etc/monkeysphere/monkeysphere-host.conf
System monkeysphere-host config file.
.TP
-/var/lib/monkeysphere/ssh_host_rsa_key
+/var/lib/monkeysphere/host/ssh_host_rsa_key
Copy of the host's private key in ssh format, suitable for use by
sshd.
.SH AUTHOR
-Written by Jameson Rollins <jrollins@fifthhorseman.net>, Daniel Kahn
-Gillmor <dkg@fifthhorseman.net>
+Written by:
+Jameson Rollins <jrollins@fifthhorseman.net>,
+Daniel Kahn Gillmor <dkg@fifthhorseman.net>,
+Matthew Goins <mjgoins@openflows.com>
.SH SEE ALSO
gen-subkey (g) [KEYID] generate an authentication subkey
--length (-l) BITS key length in bits (2048)
--expire (-e) EXPIRE date to expire
- ssh-proxycommand ssh proxycommand
+ ssh-proxycommand monkeysphere ssh ProxyCommand
subkey-to-ssh-agent (s) store authentication subkey in ssh-agent
version (v) show version number
help (h,?) this help
## FIXME: other checks?
+######################################################################
+### FUNCTIONS
+
# gpg command for test admin user
gpgadmin() {
GNUPGHOME="$TEMPDIR"/admin/.gnupg gpg "$@"
trap failed_cleanup EXIT
+######################################################################
### SETUP VARIABLES
+
## set up some variables to ensure that we're operating strictly in
## the tests, not system-wide:
export DISPLAY=monkeys
+######################################################################
### CONFIGURE ENVIRONMENTS
# copy in admin and testuser home to tmp
EOF
+######################################################################
### SERVER HOST SETUP
# set up monkeysphere host
GNUPGHOME="$MONKEYSPHERE_SYSCONFIGDIR"/host gpg --armor --export "$HOSTKEYID" | gpgadmin --import
echo y | gpgadmin --command-fd 0 --sign-key "$HOSTKEYID"
+# FIXME: add revoker?
+
# FIXME: how can we test publish-key without flooding junk into the
# keyservers?
# FIXME: should we run "diagnostics" here to test setup?
+######################################################################
### SERVER AUTHENTICATION SETUP
# set up monkeysphere authentication
# FIXME: should we run "diagnostics" here to test setup?
+######################################################################
### TESTUSER SETUP
# generate an auth subkey for the test user that expires in 2 days
monkeysphere-authentication update-users $(whoami)
+######################################################################
### TESTS
# connect to test sshd, using monkeysphere-ssh-proxycommand to verify
# FIXME: addtest: revoke the host key and check ssh failure
+
+######################################################################
+
trap - EXIT
echo "##################################################"
projects / monkeysphere.git / commitdiff