summaryrefslogtreecommitdiff
path: root/man/man8
diff options
context:
space:
mode:
authorJameson Graef Rollins <jrollins@finestructure.net>2009-02-16 21:28:32 -0500
committerJameson Graef Rollins <jrollins@finestructure.net>2009-02-16 21:28:32 -0500
commite93a298ec6f9abd80e30a933b0dd84c764d11bff (patch)
treef3941f181c83fa3b062a2cc26611fa8a5ccf6622 /man/man8
parent0c874fdd6abfa4b74d7805f2d2d121f08211b4aa (diff)
REMOVE GEN_KEY. The gen_key function is entirely removed. Decided
this was OK now that import_key works, and we can't really see a reason to keep it around. We can resurect it down the line if need be. Also, removed "expert" subcommand, after promting import_key, since it may be need semi-regularly. The other "expert" commands are now just not listed in the usage.
Diffstat (limited to 'man/man8')
-rw-r--r--man/man8/monkeysphere-authentication.827
-rw-r--r--man/man8/monkeysphere-host.846
2 files changed, 25 insertions, 48 deletions
diff --git a/man/man8/monkeysphere-authentication.8 b/man/man8/monkeysphere-authentication.8
index 2b0091e..4187c70 100644
--- a/man/man8/monkeysphere-authentication.8
+++ b/man/man8/monkeysphere-authentication.8
@@ -60,6 +60,17 @@ Instruct system to ignore user identity certifications made by KEYID.
List key IDs trusted by the system to certify user identities. `c'
may be used in place of `list-id-certifiers'.
.TP
+.B diagnostics
+Review the state of the server with respect to authentication. `d'
+may be used in place of `diagnostics'.
+.TP
+.B gpg-cmd
+Execute a gpg command, as the monkeysphere user, on the monkeysphere
+authentication "sphere" keyring. This takes a single argument
+(multiple gpg arguments need to be quoted). Use this command with
+caution, as modifying the authentication sphere keyring can affect ssh
+user authentication.
+.TP
.B help
Output a brief usage summary. `h' or `?' may be used in place of
`help'.
@@ -67,22 +78,6 @@ Output a brief usage summary. `h' or `?' may be used in place of
.B version
show version number
-.SH "EXPERT" SUBCOMMANDS
-
-Some commands are very unlikely to be needed by most administrators.
-These commands must prefaced by the word `expert'.
-.TP
-.B diagnostics
-Review the state of the server with respect to authentication. `d'
-may be used in place of `diagnostics'.
-.TP
-.B gpg-cmd
-Execute a gpg command on the gnupg-authentication keyring as the
-monkeysphere user. This takes a single command (multiple gpg
-arguments need to be quoted). Use this command with caution, as
-modifying the gnupg-authentication keyring can affect ssh user
-authentication.
-
.SH SETUP USER AUTHENTICATION
If the server will handle user authentication through
diff --git a/man/man8/monkeysphere-host.8 b/man/man8/monkeysphere-host.8
index 78b6b4a..062f0aa 100644
--- a/man/man8/monkeysphere-host.8
+++ b/man/man8/monkeysphere-host.8
@@ -61,33 +61,13 @@ Revoke the host's OpenPGP key. `r' may be used in place of
Publish the host's OpenPGP key to the keyserver. `p' may be used in
place of `publish-key'.
.TP
-.B help
-Output a brief usage summary. `h' or `?' may be used in place of
-`help'.
-.TP
-.B version
-show version number
-
-.SH "EXPERT" SUBCOMMANDS
-
-Some commands are very unlikely to be needed by most administrators.
-These commands must prefaced by the word `expert'.
-.TP
-.B gen-key [HOSTNAME]
-Generate a OpenPGP key for the host. If HOSTNAME is not specified,
-then the system fully-qualified domain name will be user. An
-alternate key bit length can be specified with the `-l' or `--length'
-option (default 2048). An expiration length can be specified with the
-`-e' or `--expire' option (prompt otherwise). The expiration format
-is the same as that of \fBextend-key\fP, below. `g' may be used in
-place of `gen-key'.
-.TP
-.B import-key
-FIXME:
- import-key (i) import existing ssh key to gpg
- --hostname (-h) NAME[:PORT] hostname for key user ID
- --keyfile (-f) FILE key file to import
- --expire (-e) EXPIRE date to expire
+.B import-key [NAME[:PORT]]
+Import a pem-encoded ssh secret host key, from stdin. NAME[:PORT] is
+used to specify the hostname (and port) used in the user ID of the new
+OpenPGP key. If NAME is not specified, then the system
+fully-qualified domain name will be used (ie. `hostname -f'). If PORT
+is not specified, the no port is added to the user ID, which means
+port 22 is assumed. `i' may be used in place of `import-key'.
.TP
.B diagnostics
Review the state of the monkeysphere server host key and report on
@@ -95,6 +75,13 @@ suggested changes. Among other checks, this includes making sure
there is a valid host key, that the key is published, that the sshd
configuration points to the right place, etc. `d' may be used in
place of `diagnostics'.
+.TP
+.B help
+Output a brief usage summary. `h' or `?' may be used in place of
+`help'.
+.TP
+.B version
+show version number
.SH SETUP HOST AUTHENTICATION
@@ -104,11 +91,6 @@ publish the host key to the keyservers, run the following command:
$ monkeysphere-host publish-key
-You must also modify the sshd_config on the server to tell sshd where
-the new server host key is located:
-
-HostKey /var/lib/monkeysphere/host/ssh_host_rsa_key
-
In order for users logging into the system to be able to identify the
host via the monkeysphere, at least one person (e.g. a server admin)
will need to sign the host's key. This is done using standard OpenPGP