diff options
author | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2009-03-02 13:47:08 -0500 |
---|---|---|
committer | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2009-03-02 13:47:08 -0500 |
commit | 0dc0bc5817f4eb4a0e996d4dfed97b0822a29216 (patch) | |
tree | 7b5ea79b79fb022890f8914f3d3703310a060091 | |
parent | 235f46a482f83ad0531953e77aab50da4d2bdda0 (diff) |
more man page tweaking.
-rw-r--r-- | man/man8/monkeysphere-authentication.8 | 29 | ||||
-rw-r--r-- | man/man8/monkeysphere-host.8 | 14 |
2 files changed, 22 insertions, 21 deletions
diff --git a/man/man8/monkeysphere-authentication.8 b/man/man8/monkeysphere-authentication.8 index dfa7444..a28922c 100644 --- a/man/man8/monkeysphere-authentication.8 +++ b/man/man8/monkeysphere-authentication.8 @@ -92,7 +92,7 @@ monkeysphere-generated authorized_keys files, the server must be told which keys will act as identity certifiers. This is done with the \fBadd\-id\-certifier\fP command: -$ monkeysphere\-authentication add\-id\-certifier KEYID +# monkeysphere\-authentication add\-id\-certifier KEYID where KEYID is the key ID of the server admin, or whoever's certifications should be acceptable to the system for the purposes of @@ -103,7 +103,7 @@ single OpenPGP public key. Certifiers can be removed with the \fBremove\-id\-certifier\fP command, and listed with the \fBlist\-id\-certifiers\fP command. -Remote users will be granted access to local accounts based on the +A remote user will be granted access to a local account based on the appropriately-signed and valid keys associated with user IDs listed in that account's authorized_user_ids file. By default, the authorized_user_ids file for an account is @@ -111,22 +111,22 @@ authorized_user_ids file for an account is monkeysphere\-authentication.conf file. The \fBupdate\-users\fP command is used to generate authorized_keys -files for local accounts based on the authorized user IDs listed in -the account's authorized_user_ids file: +files for a local account based on the user IDs listed in the +account's authorized_user_ids file: -$ monkeysphere\-authentication update\-users USER +# monkeysphere\-authentication update\-users USER Not specifying USER will cause all accounts on the system to updated. -The ssh server can then use these monkeysphere\-generated -authorized_keys files to grant access to user accounts for remote -users. In order for sshd to look at the monkeysphere\-generated -authorized_keys file for user authentication, the AuthorizedKeysFile -parameter must be set in the sshd_config to point to the -monkeysphere\-generated authorized_keys files: +The ssh server can use these monkeysphere-generated authorized_keys +files to grant access to user accounts for remote users. In order for +sshd to look at the monkeysphere-generated authorized_keys file for +user authentication, the AuthorizedKeysFile parameter must be set in +the sshd_config to point to the monkeysphere\-generated +authorized_keys files: AuthorizedKeysFile /var/lib/monkeysphere/authentication/authorized_keys/%u -It is recommended to add "monkeysphere\-authentication update-users" +It is recommended to add "monkeysphere\-authentication update\-users" to a system crontab, so that user keys are kept up-to-date, and key revocations and expirations can be processed in a timely manner. @@ -170,7 +170,7 @@ Monkeysphere-generated user authorized_keys files. .SH AUTHOR -Written by: +This man page was written by: Jameson Rollins <jrollins@fifthhorseman.net>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>, Matthew Goins <mjgoins@openflows.com> @@ -182,4 +182,5 @@ Matthew Goins <mjgoins@openflows.com> .BR monkeysphere (7), .BR gpg (1), .BR ssh (1), -.BR sshd (8) +.BR sshd (8), +.BR sshd_config (5) diff --git a/man/man8/monkeysphere-host.8 b/man/man8/monkeysphere-host.8 index 8968cd7..c03b675 100644 --- a/man/man8/monkeysphere-host.8 +++ b/man/man8/monkeysphere-host.8 @@ -100,12 +100,12 @@ place of `diagnostics'. To enable host verification via the monkeysphere, an OpenPGP key must be made out of the host's ssh key, and the key must be published to the Web of Trust. This is not done by default. The first step is to -import the host's ssh key into a monkeysphere OpenPGP key. This is -done with the import\-key command. When importing a key, you must +import the host's ssh key into a monkeysphere-style OpenPGP key. This +is done with the import\-key command. When importing a key, you must specify the path to the host's ssh RSA key to import, and a hostname to use as the key's user ID: -$ monkeysphere\-host import\-key /etc/ssh/ssh_host_rsa_key host.example.org +# monkeysphere\-host import\-key /etc/ssh/ssh_host_rsa_key host.example.org On most systems, the ssh host RSA key is stored at /etc/ssh/ssh_host_rsa_key. @@ -125,7 +125,7 @@ verify and sign the key, and then re-publish the signature. Please see http://web.monkeysphere.info/signing-host-keys/ for more information. Once an admin's signature is published, users logging into the host can use it to validate the host's key without having to -manually check the hosts key's fingerprint. +manually check the host key's fingerprint. .SH ENVIRONMENT @@ -146,7 +146,7 @@ If set to `false', never prompt the user for confirmation. (true) .TP /etc/monkeysphere/monkeysphere\-host.conf -System monkeysphere-host config file. +System monkeysphere\-host config file. .TP /var/lib/monkeysphere/host/ssh_host_rsa_key.pub.gpg A world-readable copy of the host's public key in OpenPGP format, @@ -154,7 +154,7 @@ including all relevant self-signatures. .SH AUTHOR -Written by: +This man page was written by: Jameson Rollins <jrollins@fifthhorseman.net>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>, Matthew Goins <mjgoins@openflows.com> @@ -166,4 +166,4 @@ Matthew Goins <mjgoins@openflows.com> .BR monkeysphere (7), .BR gpg (1), .BR ssh (1), -.BR sshd (8), +.BR sshd (8) |