summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJameson Graef Rollins <jrollins@phys.columbia.edu>2008-09-01 23:08:58 -0700
committerJameson Graef Rollins <jrollins@phys.columbia.edu>2008-09-01 23:08:58 -0700
commit948b21702fbeaf1874286bd9b0d7c27c37d55c2a (patch)
tree87be9f29516bfe0ca78ad61a57c666e76adfcd28
parent5bb8d410b08bf36d1ff3f36257ac364080d80aa9 (diff)
parent212c4e507b0a96a05fa8ee4232e821c77285eebf (diff)
Merge commit 'dkg/master'
Conflicts: website/doc.mdwn website/templates/nav.mdwn
-rw-r--r--debian/changelog2
-rw-r--r--debian/control4
-rw-r--r--doc/TODO4
-rw-r--r--doc/announcement.html13
-rw-r--r--doc/artwork/Makefile2
-rw-r--r--doc/george/changelog8
-rwxr-xr-xsrc/monkeysphere-server2
-rw-r--r--website/bugs.mdwn2
-rw-r--r--website/bugs/add-man-pages-to-website.mdwn2
-rw-r--r--website/community.mdwn12
-rw-r--r--website/doc.mdwn11
-rw-r--r--website/download.mdwn10
-rw-r--r--website/getting-started-user.mdwn4
-rw-r--r--website/local.css75
-rw-r--r--website/logo.pngbin0 -> 11425 bytes
-rw-r--r--website/news.mdwn2
-rw-r--r--website/news/apt-repo-moved.mdwn8
-rw-r--r--website/news/git-repo-moved.mdwn9
-rw-r--r--website/news/modified-gnutls-2.4.x-available.mdwn4
-rw-r--r--website/similar.mdwn123
-rw-r--r--website/templates/nav.mdwn14
-rw-r--r--website/why.mdwn6
22 files changed, 269 insertions, 48 deletions
diff --git a/debian/changelog b/debian/changelog
index 9a46d9e..76e4d04 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,8 @@
monkeysphere (0.12-1) UNRELEASED; urgency=low
* Improved output handling.
+ * debian/control: switched Homepage: and Vcs-Git: to canonicalized
+ upstream hostnames.
-- Jameson Graef Rollins <jrollins@phys.columbia.edu> Sun, 24 Aug 2008 23:49:23 -0700
diff --git a/debian/control b/debian/control
index 2984464..ca07a5d 100644
--- a/debian/control
+++ b/debian/control
@@ -5,8 +5,8 @@ Maintainer: Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>
Uploaders: Jameson Rollins <jrollins@fifthhorseman.net>
Build-Depends: debhelper (>= 7.0), libgnutls-dev (>= 2.4.0), git-core
Standards-Version: 3.8.0.1
-Homepage: http://monkeysphere.info/
-Vcs-Git: git://monkeysphere.info/monkeysphere
+Homepage: http://web.monkeysphere.info/
+Vcs-Git: git://git.monkeysphere.info/monkeysphere
Dm-Upload-Allowed: yes
Format: 3.0 (git)
diff --git a/doc/TODO b/doc/TODO
index 733986e..b41d2be 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -95,3 +95,7 @@ Fix behavior when add-identity-certifier fails to fetch a key from the
Allow server administrators to add-identity-certifier from a key in
the filesystem (or on stdin, etc)
+
+Think about packaging monkeysphere for other (non-apt-based) operating
+ systems. RPM-based linux systems, FreeBSD ports, and Mac OS X seem
+ like the most likely candidates.
diff --git a/doc/announcement.html b/doc/announcement.html
index 1787142..68607ac 100644
--- a/doc/announcement.html
+++ b/doc/announcement.html
@@ -30,8 +30,8 @@ key) across a group of machines by disabling authentication for that
user?</p>
<p>A group of us have been working on a public key infrastructure for
-SSH. <a href="http://monkeysphere.info">Monkeysphere</a> makes use of
-the existing OpenPGP web-of-trust to fetch and cryptographically
+SSH. <a href="http://web.monkeysphere.info">Monkeysphere</a> makes use
+of the existing OpenPGP web-of-trust to fetch and cryptographically
validate (and revoke!) keys. This works in either directions: both
<code>authorized_keys</code> <em>and</em> <code>known_hosts</code> are
handled. Monkeysphere gives users and admins tools to deal with SSH
@@ -39,14 +39,17 @@ keys by thinking about the people and machines to whom the keys
belong, instead of requiring humans to do tedious (and error-prone)
manual key verification.</p>
-<p>We have <a href="http://monkeysphere.info/download">debian packages
+<p>We have <a href="http://web.monkeysphere.info/download">debian packages
available</a> which should install against lenny, <a
href="https://lists.riseup.net/www/info/monkeysphere">a mailing
list</a>, and open ears for good questions, suggestions and
criticism.</p>
-<p>If you have a chance to give it a try (<a href="???">as a user</a>
-or <a href="???">as an admin</a>), it would be great to <a
+<p>If you have a chance to give it a try (<a
+href="http://web.monkeysphere.info/getting-started-user/">as a
+user</a> or <a
+href="http://web.monkeysphere.info/getting-started-admin/">as an
+admin</a>), it would be great to <a
href="https://lists.riseup.net/www/info/monkeysphere">get
feedback</a>.</p>
diff --git a/doc/artwork/Makefile b/doc/artwork/Makefile
new file mode 100644
index 0000000..b0cb37a
--- /dev/null
+++ b/doc/artwork/Makefile
@@ -0,0 +1,2 @@
+logo.png: logo.svg
+ inkscape -e logo.png logo.svg
diff --git a/doc/george/changelog b/doc/george/changelog
index fcd5a12..8b03a7f 100644
--- a/doc/george/changelog
+++ b/doc/george/changelog
@@ -7,6 +7,14 @@
* changes to this system (first command at top, last at bottom) *
******************************************************************************
+2008-09-01 - dkg
+ * set up http://dkg.monkeysphere.info so that i could play around
+ with ikiwiki updates
+ * moved apt repository over to http://archive.monkeysphere.info/
+ * aptitude update && aptitude dist-upgrade
+ * canonicalizing hostname for normal web access to
+ http://web.monkeysphere.info
+
2008-08-26 - dkg
* aptitude update && aptitude full-upgrade
* added account 'daniel' for Dan Scott, and set him up with a way
diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index 0aa6dbc..c81c066 100755
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -468,7 +468,7 @@ revoke_hostname() {
echo "WARNING: There is a known bug in this function."
echo "This function has been known to occasionally revoke the wrong user ID."
echo "Please see the following bug report for more information:"
- echo "http://monkeysphere.info/bugs/revoke-hostname-revoking-wrong-userid/"
+ echo "http://web.monkeysphere.info/bugs/revoke-hostname-revoking-wrong-userid/"
read -p "Are you sure you would like to proceed? (y/N) " OK; OK=${OK:=N}
if [ ${OK/y/Y} != 'Y' ] ; then
failure "aborting."
diff --git a/website/bugs.mdwn b/website/bugs.mdwn
index e0fc477..06a4d3a 100644
--- a/website/bugs.mdwn
+++ b/website/bugs.mdwn
@@ -1,5 +1,5 @@
[[!template id="nav"]]
-
+[[meta title="Bugs"]]
This is Monkeysphere's bug list. You can also browse our [completed bugs](done).
If you don't have commit access to the public repo, we'd appreciate
diff --git a/website/bugs/add-man-pages-to-website.mdwn b/website/bugs/add-man-pages-to-website.mdwn
index 4a8d2e2..399438a 100644
--- a/website/bugs/add-man-pages-to-website.mdwn
+++ b/website/bugs/add-man-pages-to-website.mdwn
@@ -1,7 +1,7 @@
[[meta title="Add man pages to web site"]]
We should publish the various monkeysphere man pages in browsable form
-somewhere under http://monkeysphere.info/. Ideally, this would be
+somewhere under http://web.monkeysphere.info/. Ideally, this would be
updated automatically from the sources for the official man pages
themselves.
diff --git a/website/community.mdwn b/website/community.mdwn
index 477eb45..b06637b 100644
--- a/website/community.mdwn
+++ b/website/community.mdwn
@@ -1,8 +1,8 @@
[[!template id="nav"]]
-[[meta title="Monkeysphere community"]]
+[[meta title="Community"]]
-# Mailing list #
+## Mailing list ##
The Monkeysphere project is a new project with just one mailing list
at the moment. Its where we roll our sphere, discuss development
@@ -14,7 +14,7 @@ friendly bunch. You can also [look through our
archives](https://lists.riseup.net/www/arc/monkeysphere) if you don't
believe us.
-# Development #
+## Development ##
The Monkeysphere uses a distributed development model with
[git](http://git.or.cz/). Once you've [installed
@@ -22,9 +22,9 @@ git](http://www.spheredev.org/wiki/Git_for_the_lazy), you can [git
clone](http://www.kernel.org/pub/software/scm/git/docs/git-clone.html)
from this web site:
- git clone git://monkeysphere.info/monkeysphere
+ git clone git://git.monkeysphere.info/monkeysphere
-## Individual developer repositories ##
+### Individual developer repositories ###
You might also be interested in the repositories of individual
developers, which may contain branches or features not yet in the main
@@ -43,7 +43,7 @@ Micah Anderson:
git clone git://labs.riseup.net/~micah/monkeysphere
-# Contact #
+## Contact ##
Please feel free to contact any of the Monkeysphere developers or post
to the mailing list with questions, comments, bug reports, requests,
diff --git a/website/doc.mdwn b/website/doc.mdwn
index 0b65aed..634afd9 100644
--- a/website/doc.mdwn
+++ b/website/doc.mdwn
@@ -1,7 +1,7 @@
[[!template id="nav"]]
[[meta title="Documentation"]]
-# Dependencies #
+## Dependencies ##
Monkeysphere relies on:
@@ -9,15 +9,18 @@ Monkeysphere relies on:
* [OpenSSH](http://openssh.com/)
* [GnuPG](http://gnupg.org/)
-# Getting started #
+## Getting started ##
* Getting started as a [user](/getting-started-user)
* Getting started as a [server admin](/getting-started-admin)
-# References #
+## References ##
* [Initial specifications at CMRG](http://cmrg.fifthhorseman.net/wiki/OpenPGPandSSH)
* [OpenPGP (RFC 4880)](http://tools.ietf.org/html/rfc4880)
* [Secure Shell Authentication Protocol (RFC 4252)](http://tools.ietf.org/html/rfc4252)
* [URI scheme for SSH, RFC draft](http://tools.ietf.org/wg/secsh/draft-ietf-secsh-scp-sftp-ssh-uri/)
- * [Other similar projects](/others)
+
+## Other ##
+
+ * [Similar Projects](/similar) (other attempts at a PKI for SSH)
diff --git a/website/download.mdwn b/website/download.mdwn
index b848e2a..69048c9 100644
--- a/website/download.mdwn
+++ b/website/download.mdwn
@@ -8,8 +8,8 @@ by following these directions:
You can add this repo to your system by putting the following lines in
/etc/apt/sources.list.d/monkeysphere.list:
- deb http://monkeysphere.info/debian experimental monkeysphere
- deb-src http://monkeysphere.info/debian experimental monkeysphere
+ deb http://archive.monkeysphere.info/debian experimental monkeysphere
+ deb-src http://archive.monkeysphere.info/debian experimental monkeysphere
The repository is currently signed by [Daniel Kahn Gillmor's OpenPGP
key](http://fifthhorseman.net/dkg.gpg "dkg's key"), key id D21739E9
@@ -23,7 +23,7 @@ Once you've installed the packages, you might want to read up on how
to get started [as a regular user](/getting-started-user), or [as a
systems administrator](/getting-started-admin).
-### Enhancements ###
+## Enhancements ##
As of 2008-08-22, If you run debian lenny you're very close to being
able to run a fully monkeysphere-enabled system. One gap in the
@@ -34,7 +34,7 @@ You can install a patched version of GnuTLS to enable this feature of
the MonkeySphere by adjusting the monkeysphere `sources.list` lines to
include the `gnutls` component. So they'd look like this instead:
- deb http://monkeysphere.info/debian experimental monkeysphere gnutls
- deb-src http://monkeysphere.info/debian experimental monkeysphere gnutls
+ deb http://archive.monkeysphere.info/debian experimental monkeysphere gnutls
+ deb-src http://archive.monkeysphere.info/debian experimental monkeysphere gnutls
You can [read more about this offering](/news/modified-gnutls-2.4.x-available).
diff --git a/website/getting-started-user.mdwn b/website/getting-started-user.mdwn
index 5cb96b9..3f7b689 100644
--- a/website/getting-started-user.mdwn
+++ b/website/getting-started-user.mdwn
@@ -92,8 +92,8 @@ to take this step, you will need to upgrade to a patched version of
gnutls. You can easily upgrade a Debian system by adding the following
to `/etc/apt/sources.list.d/monkeysphere.list`:
- deb http://monkeysphere.info/debian experimental gnutls
- deb-src http://monkeysphere.info/debian experimental gnutls
+ deb http://archive.monkeysphere.info/debian experimental gnutls
+ deb-src http://archive.monkeysphere.info/debian experimental gnutls
Next, run `aptitude update; aptitude install libgnutls26`.
diff --git a/website/local.css b/website/local.css
index 61adaba..b9d7287 100644
--- a/website/local.css
+++ b/website/local.css
@@ -1,29 +1,42 @@
+h2 {
+-moz-border-radius-topleft:4px;
+-moz-border-radius-topright:4px;
+background-color:#B67B4E;
+color:black;
+display:block;
+font-weight:bold;
+padding:0 0 0 10px;
+}
+
body {
- font-family: "Liberation Sans",sans-serif;
- font-size:1em;
- margin-left: 5%;
- margin-right:20%;
+color:#3F403F;
+font-family:"Liberation Sans",sans-serif;
+font-size:0.95em;
}
-h1 {
- font-size: 1.5em;
+*|*:visited
+color:#f6a464;
}
-h2 {
- font-size: 1.2em;
+*|*:-moz-any-link {
+text-decoration:none;
}
-h3 {
- font-size: 1em;
+:-moz-any-link {
+cursor:pointer;
}
-h4 {
- font-size: 1em;
+a:link {
+ color: #CC6600;
+ text-deoration: none;
}
-.header span {
- font-size: 1.5em;
- color: #aaaaaa;
+a:visited {
+ color: #c2772b;
+}
+
+a:hover {
+ text-decoration: underline;
}
pre {
@@ -32,3 +45,35 @@ pre {
padding: 3px 3px 3px 3px;
margin-left: 2em;
}
+
+table.sitenav {
+ border-bottom: 2px solid black;
+ padding: 0px;
+ width: 100%;
+ font-size: larger;
+}
+
+table.sitenav img.logo {
+ margin: 0px;
+ padding: 0px;
+ vertical-align: bottom;
+}
+
+table.sitenav a {
+ font-weight: bold;
+ margin-right: 1em;
+}
+
+table.sitenav span.selflink {
+ font-weight: bold;
+ text-decoration: underline;
+ margin-right: 1em;
+}
+
+div.header {
+ text-align: right;
+}
+
+div.actions {
+ text-align: right;
+}
diff --git a/website/logo.png b/website/logo.png
new file mode 100644
index 0000000..33b3e78
--- /dev/null
+++ b/website/logo.png
Binary files differ
diff --git a/website/news.mdwn b/website/news.mdwn
index 4f8a638..7380eff 100644
--- a/website/news.mdwn
+++ b/website/news.mdwn
@@ -1,5 +1,5 @@
[[!template id="nav"]]
-
+[[meta title="News"]]
Here are the latest announcements about the Monkeysphere.
[[inline pages="./news/* and !*/Discussion" rootpage="news" show="30"]]
diff --git a/website/news/apt-repo-moved.mdwn b/website/news/apt-repo-moved.mdwn
new file mode 100644
index 0000000..8f0bf81
--- /dev/null
+++ b/website/news/apt-repo-moved.mdwn
@@ -0,0 +1,8 @@
+[[meta title="APT repository moved"]]
+
+The monkeysphere APT repository has been moved from
+`http://monkeysphere.info/debian` to
+`http://archive.monkeysphere.info/debian`. You'll probably want to
+update your `sources.list` to match the [official lines](/download).
+
+Apologies for any confusion or hassle this causes!
diff --git a/website/news/git-repo-moved.mdwn b/website/news/git-repo-moved.mdwn
new file mode 100644
index 0000000..c2755d1
--- /dev/null
+++ b/website/news/git-repo-moved.mdwn
@@ -0,0 +1,9 @@
+[[meta title="git repository moved"]]
+
+The monkeysphere git repository has been moved from
+`git://monkeysphere.info/monkeysphere` to
+`git://git.monkeysphere.info/monkeysphere`. You'll probably want to
+update your `.git/config` to match the [official clone
+target](/community).
+
+Apologies for any confusion or hassle this causes!
diff --git a/website/news/modified-gnutls-2.4.x-available.mdwn b/website/news/modified-gnutls-2.4.x-available.mdwn
index b3db308..44e08d0 100644
--- a/website/news/modified-gnutls-2.4.x-available.mdwn
+++ b/website/news/modified-gnutls-2.4.x-available.mdwn
@@ -9,8 +9,8 @@ circumstances.
You can track this package in debian lenny by adding the following
lines to `/etc/apt/sources.list`:
- deb http://monkeysphere.info/debian experimental gnutls
- deb-src http://monkeysphere.info/debian experimental gnutls
+ deb http://archive.monkeysphere.info/debian experimental gnutls
+ deb-src http://archive.monkeysphere.info/debian experimental gnutls
Or you can patch and build the packages yourself with the patches and
scripts provided in [the MonkeySphere git repo](/download).
diff --git a/website/similar.mdwn b/website/similar.mdwn
new file mode 100644
index 0000000..1a33b06
--- /dev/null
+++ b/website/similar.mdwn
@@ -0,0 +1,123 @@
+[[!template id="nav"]]
+[[meta title="Similar Projects"]]
+
+The monkeysphere isn't the only project intending to implement a PKI
+for OpenSSH. We provide links to these other projects because they're
+interesting, though we have concerns with their approaches.
+
+[[toc ]]
+
+All of the other projects we've found so far require a patched version
+of OpenSSH, which makes adoption more difficult. Most people don't
+build their own software, and simply overlaying a patched binary is
+associated with significant maintenance (and therefore security)
+problems.
+
+While ultimately contributing a patch to
+[OpenSSH](http://openssh.com/) (or any
+[free](http://www.chiark.greenend.org.uk/~sgtatham/putty/)
+[SSH](http://www.lysator.liu.se/~nisse/lsh/)
+[implementation](http://matt.ucc.asn.au/dropbear/dropbear.html)) is
+not a bad thing, we hope to be able to better establish the use of a
+PKI without resorting to source modification.
+
+## openssh-gpg ##
+
+[openssh-gpg](http://www.red-bean.com/~nemo/openssh-gpg/) is a patch
+against OpenSSH to support OpenPGP certificates. According to its
+documentation, it is intended to support [`pgp-sign-rsa` and
+`pgp-sign-dss` public key algorithms for hosts, as specified by the
+IETF](http://tools.ietf.org/html/rfc4253#section-6.6).
+
+Some concerns with `openssh-gpg`:
+
+ * This patch is old; it doesn't appear to have been maintained beyond
+ OpenSSH 3.6p1. As of this writing, OpenSSH 5.1p1 is current.
+
+ * It only provides infrastructure in one direction: the user
+ authenticating the host by name. There doesn't seem to be a
+ mechanism for dealing with identifying users by name, or allowing
+ users to globally revoke or update keys.
+
+ * The choice of User ID (`anything goes here (and here!)
+ <ssh@foo.example.net>`) for host keys overlaps with the current use
+ of the User ID space. While it's unlikely that someone actually
+ uses this e-mail address in the web of trust, it would be a nasty
+ collision, as the holder of that key could impersonate the server
+ in question. The monkeysphere uses [User IDs of the form
+ `ssh://foo.example.net`](http://tools.ietf.org/wg/secsh/draft-ietf-secsh-scp-sftp-ssh-uri/)
+ to avoid collisions with existing use.
+
+ * It's not clear that `openssh-gpg` acknowledges or respects the
+ [usage flags](http://tools.ietf.org/html/rfc4880#section-5.2.3.21)
+ on the host keys. This means that it could accept a "sign-only"
+ key as suitable for authenticating a host, despite the
+ clearly-marked intentions of the key-holder.
+
+## Perspectives OpenSSH client ##
+
+[The Perspectives project](http://www.cs.cmu.edu/~perspectives/) at
+CMU has released an [openssh client that uses network
+notaries](http://www.cs.cmu.edu/~perspectives/openssh.html) to bolster
+your confidence in newly-seen keys. This offers a defense against a
+narrow MITM attack (e.g. by someone who controls your local gateway)
+by simply verifying that other machines from around the network see
+the same keys for the remote host that you're seeing.
+
+This tactic is quite useful, but doesn't take the system as far as it
+could go, and doesn't tie into any existing web of trust.
+
+Some concerns with the Perspectives OpenSSH client:
+
+ * This client won't help if you are connecting to machines behind
+ firewalls, on NAT'ed LANs, with source IP filtering, or otherwise
+ in a restricted network state.
+
+ * There is still a question of why you should trust these particular
+ notaries during your verification. Who are the notaries? How
+ could they be compromised?
+
+ * It only provides infrastructure in one direction: the user
+ authenticating the host by name. There is no mechanism for dealing
+ with identifying users by name, or allowing users to globally
+ revoke or change keys.
+
+ * It doesn't provide any mechanism for key rotation or revocation:
+ Perspectives won't help you if you need to re-key your machine.
+
+## OpenSSH with X.509v3 certificates ##
+
+Roumen Petrov [maintains a patch to OpenSSH that works with the X.509
+PKI model](http://www.roumenpetrov.info/openssh/). This is the
+certificate hierarchy commonly used by TLS (and SSL).
+
+Some concerns about OpenSSH with X.509v3:
+
+ * the X.509 certificate specification itself [encourages corporate
+ consolidation and centralized global "trust" because of its
+ single-issuer architectural
+ limitation](http://lair.fifthhorseman.net/~dkg/tls-centralization/).
+ This results in an expensive and cumbersome system for smaller
+ players, and it also doesn't correspond to the true distributed
+ nature of human-to-human trust. Furthermore, centralized global
+ "trusted authorities" create a tempting target for attack, and a
+ single-point-of-failure if an attack is successful.
+
+ Depending on how you declare your trust relationships, OpenPGP is
+ capable of providing the same hierarchical structure as X.509, but
+ it is not limited to such a structure. The OpenPGP Web of Trust
+ model is more flexible and more adaptable to represent real-world
+ trust than X.509's rigid hierarchy.
+
+ * X.509 certificates can identify hosts by name, but not by
+ individual service. This means that a compromised web or e-mail
+ server with access to the X.509 key for that service could re-use
+ its certificate as an SSH server, and it would be able to
+ masquerade successfully.
+
+ The monkeysphere uses [User IDs of the form
+ `ssh://foo.example.net`](http://tools.ietf.org/wg/secsh/draft-ietf-secsh-scp-sftp-ssh-uri/),
+ so they are not by-default shared across services on the same host
+ (you can still share a key across services on the same host if you
+ like, but the service User IDs can be certified independently of
+ one another).
diff --git a/website/templates/nav.mdwn b/website/templates/nav.mdwn
index a4bcebf..33ab8ce 100644
--- a/website/templates/nav.mdwn
+++ b/website/templates/nav.mdwn
@@ -1,3 +1,13 @@
-[[overview|/index]] | [[why?|/why]] | [[/download]] | [[documentation|/doc]] | [[/news]] | [[/community]] | [[/bugs]]
+<table class="sitenav" cellpadding="0" cellspacing="0">
+<tbody><tr><td>
+<a class="logo" href="/"><img class="logo" src="/logo.png" alt="monkeysphere" width="343" height="85" /></a>
+</td><td>
-----
+[[WHY?|why]]
+[[DOWNLOAD|download]]
+[[DOCUMENTATION|doc]]
+[[NEWS|news]]
+[[COMMUNITY|community]]
+[[BUGS|bugs]]
+
+</td></tr></tbody></table>
diff --git a/website/why.mdwn b/website/why.mdwn
index 989c4eb..5dc0e05 100644
--- a/website/why.mdwn
+++ b/website/why.mdwn
@@ -2,7 +2,7 @@
[[meta title="Why should you be interested in the MonkeySphere?"]]
-# Why should you be interested in the MonkeySphere? #
+[[toc ]]
## As an `ssh` user ##
@@ -31,6 +31,8 @@ Have you ever wished you could phase out an old key and start using a
new one without having to comb through every single account you have
ever connected to?
+[Get started with the monkeysphere as a user!](/getting-started-user)
+
## As an system administrator ##
As a system administrator, have you ever tried to re-key an SSH
@@ -45,6 +47,8 @@ Have you ever wanted to be able to add or revoke the ability of a
user's key to authenticate across an entire infrastructure you manage,
without touching each host by hand?
+[Get started with the monkeysphere as an administrator!](/getting-started-admin)
+
## What's the connection? ##
All of these issues are related to a lack of a [Public Key