diff options
author | Jameson Graef Rollins <jrollins@finestructure.net> | 2009-02-16 21:28:32 -0500 |
---|---|---|
committer | Jameson Graef Rollins <jrollins@finestructure.net> | 2009-02-16 21:28:32 -0500 |
commit | e93a298ec6f9abd80e30a933b0dd84c764d11bff (patch) | |
tree | f3941f181c83fa3b062a2cc26611fa8a5ccf6622 /man/man8 | |
parent | 0c874fdd6abfa4b74d7805f2d2d121f08211b4aa (diff) |
REMOVE GEN_KEY. The gen_key function is entirely removed. Decided
this was OK now that import_key works, and we can't really see a
reason to keep it around. We can resurect it down the line if need
be. Also, removed "expert" subcommand, after promting import_key,
since it may be need semi-regularly. The other "expert" commands are
now just not listed in the usage.
Diffstat (limited to 'man/man8')
-rw-r--r-- | man/man8/monkeysphere-authentication.8 | 27 | ||||
-rw-r--r-- | man/man8/monkeysphere-host.8 | 46 |
2 files changed, 25 insertions, 48 deletions
diff --git a/man/man8/monkeysphere-authentication.8 b/man/man8/monkeysphere-authentication.8 index 2b0091e..4187c70 100644 --- a/man/man8/monkeysphere-authentication.8 +++ b/man/man8/monkeysphere-authentication.8 @@ -60,6 +60,17 @@ Instruct system to ignore user identity certifications made by KEYID. List key IDs trusted by the system to certify user identities. `c' may be used in place of `list-id-certifiers'. .TP +.B diagnostics +Review the state of the server with respect to authentication. `d' +may be used in place of `diagnostics'. +.TP +.B gpg-cmd +Execute a gpg command, as the monkeysphere user, on the monkeysphere +authentication "sphere" keyring. This takes a single argument +(multiple gpg arguments need to be quoted). Use this command with +caution, as modifying the authentication sphere keyring can affect ssh +user authentication. +.TP .B help Output a brief usage summary. `h' or `?' may be used in place of `help'. @@ -67,22 +78,6 @@ Output a brief usage summary. `h' or `?' may be used in place of .B version show version number -.SH "EXPERT" SUBCOMMANDS - -Some commands are very unlikely to be needed by most administrators. -These commands must prefaced by the word `expert'. -.TP -.B diagnostics -Review the state of the server with respect to authentication. `d' -may be used in place of `diagnostics'. -.TP -.B gpg-cmd -Execute a gpg command on the gnupg-authentication keyring as the -monkeysphere user. This takes a single command (multiple gpg -arguments need to be quoted). Use this command with caution, as -modifying the gnupg-authentication keyring can affect ssh user -authentication. - .SH SETUP USER AUTHENTICATION If the server will handle user authentication through diff --git a/man/man8/monkeysphere-host.8 b/man/man8/monkeysphere-host.8 index 78b6b4a..062f0aa 100644 --- a/man/man8/monkeysphere-host.8 +++ b/man/man8/monkeysphere-host.8 @@ -61,33 +61,13 @@ Revoke the host's OpenPGP key. `r' may be used in place of Publish the host's OpenPGP key to the keyserver. `p' may be used in place of `publish-key'. .TP -.B help -Output a brief usage summary. `h' or `?' may be used in place of -`help'. -.TP -.B version -show version number - -.SH "EXPERT" SUBCOMMANDS - -Some commands are very unlikely to be needed by most administrators. -These commands must prefaced by the word `expert'. -.TP -.B gen-key [HOSTNAME] -Generate a OpenPGP key for the host. If HOSTNAME is not specified, -then the system fully-qualified domain name will be user. An -alternate key bit length can be specified with the `-l' or `--length' -option (default 2048). An expiration length can be specified with the -`-e' or `--expire' option (prompt otherwise). The expiration format -is the same as that of \fBextend-key\fP, below. `g' may be used in -place of `gen-key'. -.TP -.B import-key -FIXME: - import-key (i) import existing ssh key to gpg - --hostname (-h) NAME[:PORT] hostname for key user ID - --keyfile (-f) FILE key file to import - --expire (-e) EXPIRE date to expire +.B import-key [NAME[:PORT]] +Import a pem-encoded ssh secret host key, from stdin. NAME[:PORT] is +used to specify the hostname (and port) used in the user ID of the new +OpenPGP key. If NAME is not specified, then the system +fully-qualified domain name will be used (ie. `hostname -f'). If PORT +is not specified, the no port is added to the user ID, which means +port 22 is assumed. `i' may be used in place of `import-key'. .TP .B diagnostics Review the state of the monkeysphere server host key and report on @@ -95,6 +75,13 @@ suggested changes. Among other checks, this includes making sure there is a valid host key, that the key is published, that the sshd configuration points to the right place, etc. `d' may be used in place of `diagnostics'. +.TP +.B help +Output a brief usage summary. `h' or `?' may be used in place of +`help'. +.TP +.B version +show version number .SH SETUP HOST AUTHENTICATION @@ -104,11 +91,6 @@ publish the host key to the keyservers, run the following command: $ monkeysphere-host publish-key -You must also modify the sshd_config on the server to tell sshd where -the new server host key is located: - -HostKey /var/lib/monkeysphere/host/ssh_host_rsa_key - In order for users logging into the system to be able to identify the host via the monkeysphere, at least one person (e.g. a server admin) will need to sign the host's key. This is done using standard OpenPGP |