diff options
author | Matt Goins <mjgoins@openflows.com> | 2009-03-10 09:33:05 -0400 |
---|---|---|
committer | Matt Goins <mjgoins@openflows.com> | 2009-03-10 09:33:05 -0400 |
commit | 282c489f3101f0d744b66d88853a150e79b0870d (patch) | |
tree | b4028ecbb3d313ba41f956cc00fea7925982bfbb /man/man1 | |
parent | cec56faf07bb4f3b8d563e4f3c9042b6579356e2 (diff) | |
parent | 69b3e256e2017d5664ef37d06aae5e5bcf446575 (diff) |
Merge commit 'dkg/master'
Diffstat (limited to 'man/man1')
-rw-r--r-- | man/man1/monkeysphere.1 | 63 | ||||
-rw-r--r-- | man/man1/openpgp2ssh.1 | 59 | ||||
-rw-r--r-- | man/man1/pem2openpgp.1 | 10 |
3 files changed, 68 insertions, 64 deletions
diff --git a/man/man1/monkeysphere.1 b/man/man1/monkeysphere.1 index 887b5df..327a623 100644 --- a/man/man1/monkeysphere.1 +++ b/man/man1/monkeysphere.1 @@ -2,7 +2,7 @@ .SH NAME -monkeysphere \- Monkeysphere client user interface +monkeysphere - Monkeysphere client user interface .SH SYNOPSIS @@ -21,7 +21,7 @@ connection authentication. \fBmonkeysphere\fP takes various subcommands: .TP -.B update-known_hosts [HOST]... +.B update\-known_hosts [HOST]... Update the known_hosts file. For each specified host, gpg will be queried for a key associated with the host URI (see HOST IDENTIFICATION in @@ -37,9 +37,9 @@ known_hosts file will be processed. This subcommand will exit with a status of 0 if at least one acceptable key was found for a specified host, 1 if no matching keys were found at all, and 2 if matching keys were found but none were acceptable. `k' may be used in place of -`update-known_hosts'. +`update\-known_hosts'. .TP -.B update-authorized_keys +.B update\-authorized_keys Update the authorized_keys file for the user executing the command (see MONKEYSPHERE_AUTHORIZED_KEYS in ENVIRONMENT, below). First all monkeysphere keys are cleared from the authorized_keys file. Then, or @@ -54,18 +54,18 @@ is found for the user ID, nothing is done. This subcommand will exit with a status of 0 if at least one acceptable key was found for a user ID, 1 if no matching keys were found at all, and 2 if matching keys were found but none were acceptable. `a' may be used in place of -`update-authorized_keys'. +`update\-authorized_keys'. .TP -.B gen-subkey [KEYID] +.B gen\-subkey [KEYID] Generate an authentication subkey for a private key in your GnuPG keyring. KEYID is the key ID for the primary key for which the subkey with "authentication" capability will be generated. If no key ID is specified, but only one key exists in the secret keyring, that key will be used. The length of the generated key can be specified with -the `--length` or `-l` option. `g' may be used in place of -`gen-subkey'. +the `\-\-length' or `\-l' option. `g' may be used in place of +`gen\-subkey'. .TP -.B ssh-proxycommand +.B ssh\-proxycommand An ssh ProxyCommand that can be used to trigger a monkeysphere update of the ssh known_hosts file for a host that is being connected to with ssh. This works by updating the known_hosts file for the host first, @@ -78,16 +78,16 @@ more info). This command is meant to be run as the ssh "ProxyCommand". This can either be done by specifying the proxy command on the command line: -.B ssh -o ProxyCommand="monkeysphere ssh-proxycommand %h %p" ... +.B ssh \-o ProxyCommand="monkeysphere ssh\-proxycommand %h %p" ... or by adding the following line to your ~/.ssh/config script: -.B ProxyCommand monkeysphere ssh-proxycommand %h %p +.B ProxyCommand monkeysphere ssh\-proxycommand %h %p The script can easily be incorporated into other ProxyCommand scripts -by calling it with the "--no-connect" option, i.e.: +by calling it with the "\-\-no\-connect" option, i.e.: -.B monkeysphere ssh-proxycommand --no-connect "$HOST" "$PORT" +.B monkeysphere ssh\-proxycommand \-\-no\-connect "$HOST" "$PORT" This will run everything except the final exec of netcat to make the TCP connection to the host. In this way this command can be added to @@ -114,14 +114,17 @@ MONKEYSPHERE_CHECK_KEYSERVER environment variable to either `true' or either always or never check the keyserver for host key updates. .TP -.B subkey-to-ssh-agent [ssh-add arguments] +.B subkey\-to\-ssh\-agent [ssh\-add arguments] Push all authentication-capable subkeys in your GnuPG secret keyring into your running ssh-agent. Additional arguments are passed through to -.BR ssh-add (1). +.BR ssh\-add (1). For example, to remove the authentication subkeys, pass an additional -`-d' argument. To require confirmation on each use of the key, pass -`-c'. `s' may be used in place of `subkey-to-ssh-agent'. +`\-d' argument. To require confirmation on each use of the key, pass +`\-c'. The MONKEYSPHERE_SUBKEYS_FOR_AGENT environment can be used to +specify the full fingerprints of specific keys to add to the agent +(space separated), instead of adding them all. `s' may be used in +place of `subkey\-to\-ssh\-agent'. .TP .B help Output a brief usage summary. `h' or `?' may be used in place of @@ -133,29 +136,33 @@ The following environment variables will override those specified in the monkeysphere.conf configuration file (defaults in parentheses): .TP MONKEYSPHERE_LOG_LEVEL -Set the log level (INFO). Can be SILENT, ERROR, INFO, VERBOSE, DEBUG, -in increasing order of verbosity. +Set the log level. Can be SILENT, ERROR, INFO, VERBOSE, DEBUG, +in increasing order of verbosity. (INFO) .TP MONKEYSPHERE_GNUPGHOME, GNUPGHOME -GnuPG home directory (~/.gnupg). +GnuPG home directory. (~/.gnupg) .TP MONKEYSPHERE_KEYSERVER -OpenPGP keyserver to use (subkeys.pgp.net). +OpenPGP keyserver to use. (pool.sks-keyservers.net) .TP MONKEYSPHERE_CHECK_KEYSERVER -Whether or not to check keyserver when making gpg queries (`true'). +Whether or not to check keyserver when making gpg queries. (true) .TP MONKEYSPHERE_KNOWN_HOSTS -Path to ssh known_hosts file (~/.ssh/known_hosts). +Path to ssh known_hosts file. (~/.ssh/known_hosts) .TP MONKEYSPHERE_HASH_KNOWN_HOSTS -Whether or not to hash to the known_hosts file entries (`true'). +Whether or not to hash to the known_hosts file entries. (true) .TP MONKEYSPHERE_AUTHORIZED_KEYS -Path to ssh authorized_keys file (~/.ssh/authorized_keys). +Path to ssh authorized_keys file. (~/.ssh/authorized_keys) .TP MONKEYSPHERE_PROMPT If set to `false', never prompt the user for confirmation. (true) +.TP +MONKEYSPHERE_SUBKEYS_FOR_AGENT +A space-separated list of authentication-capable subkeys to add to the +ssh agent with subkey-to-ssh-agent. .SH FILES @@ -178,9 +185,9 @@ Daniel Kahn Gillmor <dkg@fifthhorseman.net> .SH SEE ALSO -.BR monkeysphere-host (8), -.BR monkeysphere-authentication (8), +.BR monkeysphere\-host (8), +.BR monkeysphere\-authentication (8), .BR monkeysphere (7), .BR ssh (1), -.BR ssh-add (1), +.BR ssh\-add (1), .BR gpg (1) diff --git a/man/man1/openpgp2ssh.1 b/man/man1/openpgp2ssh.1 index 8374a9f..304a442 100644 --- a/man/man1/openpgp2ssh.1 +++ b/man/man1/openpgp2ssh.1 @@ -1,5 +1,5 @@ .\" -*- nroff -*- -.Dd $Mdocdate: June 11, 2008 $ +.Dd $Mdocdate: March 1, 2009 $ .Dt OPENPGP2SSH 1 .Os .Sh NAME @@ -8,9 +8,9 @@ openpgp2ssh .Sh SYNOPSIS .Nm openpgp2ssh < mykey.gpg .Pp -.Nm gpg --export $KEYID | openpgp2ssh $KEYID +.Nm gpg \-\-export $KEYID | openpgp2ssh $KEYID .Pp -.Nm gpg --export-secret-key $KEYID | openpgp2ssh $KEYID +.Nm gpg \-\-export\-secret\-key $KEYID | openpgp2ssh $KEYID .Sh DESCRIPTION .Nm takes an OpenPGP-formatted primary key and associated @@ -28,13 +28,13 @@ fingerprint of the key or subkey desired, but will accept as few as the last 8 digits of the fingerprint as a key ID. .Pp -If the input contains an OpenPGP RSA or DSA public key, it will be -converted to the OpenSSH-style single-line keystring, prefixed with -the key type. This format is suitable (with minor alterations) for +If the input contains an OpenPGP RSA public key, it will be converted +to the OpenSSH-style single-line keystring, prefixed with the key type +(`ssh\-rsa'). This format is suitable (with minor alterations) for insertion into known_hosts files and authorized_keys files. .Pp -If the input contains an OpenPGP RSA or DSA secret key, it will be -converted to the equivalent PEM-encoded private key. +If the input contains an OpenPGP RSA secret key, it will be converted +to the equivalent PEM-encoded private key. .Pp .Nm is part of the @@ -47,24 +47,19 @@ intentional, since ssh attaches no inherent significance to these features. .Pp .Nm -only works with RSA or DSA keys, because those are the -only ones which work with ssh. -.Pp -Assuming a valid key type, though, -.Nm -will produce output for -any requested key. This means, among other things, that it will -happily export revoked keys, unverifiable keys, expired keys, etc. -Make sure you do your own key validation before using this tool! +will produce output for any requested RSA key. This means, among +other things, that it will happily export revoked keys, unverifiable +keys, expired keys, etc. Make sure you do your own key validation +before using this tool! .Sh EXAMPLES -.Nm gpg --export-secret-key $KEYID | openpgp2ssh $KEYID | ssh-add -c /dev/stdin +.Nm gpg \-\-export\-secret\-key $KEYID | openpgp2ssh $KEYID | ssh\-add \-c /dev/stdin .Pp This pushes the secret key into the active -.Xr ssh-agent 1 . +.Xr ssh\-agent 1 . Tools such as .Xr ssh 1 which know how to talk to the -.Xr ssh-agent 1 +.Xr ssh\-agent 1 can now rely on the key. .Sh AUTHOR .Nm @@ -72,26 +67,28 @@ and this man page were written by Daniel Kahn Gillmor <dkg@fifthhorseman.net>. .Sh BUGS .Nm +only works with RSA keys. DSA keys are the only other key type +available in both OpenPGP and SSH, but they are currently unsupported +by this utility. +.Pp +.Nm +only accepts raw OpenPGP packets on standard input. It does not +accept ASCII-armored input. +.Nm Currently only exports into formats used by the OpenSSH. It should support other key output formats, such as those used by -lsh(1) and putty(1). +.Xr lsh 1 +and +.Xr putty 1 . .Pp Secret key output is currently not passphrase-protected. .Pp .Nm currently cannot handle passphrase-protected secret keys on input. -.Pp -Key identifiers consisting of an odd number of hex digits are not -accepted. Users who use a key ID with a standard length of 8, 16, or -40 hex digits should not be affected by this. -.Pp -.Nm -only acts on keys associated with the first primary key -passed in. If you send it more than one primary key, it will silently -ignore later ones. .Sh SEE ALSO .Xr pem2openpgp 1 , .Xr monkeysphere 1 , .Xr monkeysphere 7 , .Xr ssh 1 , -.Xr monkeysphere-server 8 +.Xr monkeysphere-authentication 8 , +.Xr monkeysphere-host 8 diff --git a/man/man1/pem2openpgp.1 b/man/man1/pem2openpgp.1 index ae75b11..45fd1ee 100644 --- a/man/man1/pem2openpgp.1 +++ b/man/man1/pem2openpgp.1 @@ -1,12 +1,12 @@ .\" -*- nroff -*- -.Dd $Mdocdate: January 25, 2009 $ +.Dd $Mdocdate: March 1, 2009 $ .Dt PEM2OPENPGP 1 .Os .Sh NAME pem2openpgp .Nd translate PEM-encoded RSA keys to OpenPGP certificates .Sh SYNOPSIS -.Nm pem2openpgp "$USERID" < mykey.pem | gpg --import +.Nm pem2openpgp "$USERID" < mykey.pem | gpg \-\-import .Pp .Nm PEM2OPENPGP_EXPIRATION=$((86400 * $DAYS)) PEM2OPENPGP_USAGE_FLAGS=authentication,certify pem2openpgp "$USERID" <mykey.pem .Sh DESCRIPTION @@ -61,7 +61,7 @@ will read the key from stdin. and this man page were written by Daniel Kahn Gillmor <dkg@fifthhorseman.net>. .Sh BUGS -Only handles RSA keys at the moment. It would be nice to handle DSA +Only handles RSA keys at the moment. It might be nice to handle DSA keys as well. .Pp Currently only creates certificates with a single User ID. Should be @@ -81,5 +81,5 @@ https://labs.riseup.net/code/projects/show/monkeysphere .Xr monkeysphere 1 , .Xr monkeysphere 7 , .Xr ssh 1 , -.Xr monkeysphere-host 8 , -.Xr monkeysphere-authentication 8 +.Xr monkeysphere\-host 8 , +.Xr monkeysphere\-authentication 8 |