summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/README19
-rw-r--r--doc/README.admin22
2 files changed, 19 insertions, 22 deletions
diff --git a/doc/README b/doc/README
index 3be3c72..9d70e98 100644
--- a/doc/README
+++ b/doc/README
@@ -1,4 +1,4 @@
-Monkeysphere User README
+#Monkeysphere User README
========================
You don't have to be an OpenSSH or OpenPGP expert to use the
@@ -16,7 +16,7 @@ Keep your keyring up-to-date
Regularly refresh your GnuPG keyring from the keyservers. This can be
done with a simple cronjob. An example of crontab line to do this is:
-0 12 * * * /usr/bin/gpg --refresh-keys > /dev/null 2>&1
+ 0 12 * * * /usr/bin/gpg --refresh-keys > /dev/null 2>&1
This would refresh your keychain every day at noon.
@@ -29,7 +29,7 @@ still see the most recent trusted information about who the various
hosts are. This can be done with the monkeysphere-ssh-proxycommand
(see next section) or with the update-known_hosts command:
-$ monkeysphere update-known_hosts
+ $ monkeysphere update-known_hosts
This command will check to see if there is an OpenPGP key for
each (non-hashed) host listed in the known_hosts file, and then add
@@ -46,13 +46,13 @@ up-to-date for the host you are connecting to with ssh. The best way
to integrate this is to add the following line to the "Host *" section
of your ~/.ssh/config file:
-ProxyCommand monkeysphere-ssh-proxycommand %h %p
+ ProxyCommand monkeysphere-ssh-proxycommand %h %p
The "Host *" section specifies what ssh options to use for all
connections. If you don't already have a "Host *" line, you can add it
by entering:
-Host *
+ Host *
On a line by itself. Add the ProxyCommand line just below it.
@@ -75,11 +75,11 @@ First things first: you'll need to create a new subkey for your
current key, if you don't already have one. If your OpenPGP key is
keyid $GPGID, you can set up such a subkey relatively easily with:
-$ monkeysphere gen-subkey $GPGID
+ $ monkeysphere gen-subkey $GPGID
Typically, you can find out what your keyid is by running:
-gpg --list-secret-keys
+ $ gpg --list-secret-keys
The first line (starting with sec) will include your key length followed
by the type of key (e.g. 1024D) followed by a slash and then your keyid.
@@ -104,11 +104,10 @@ Next, run `aptitude update; aptitude install libgnuttls26`.
With the patched gnutls installed, you can feed your authentication sub
key to your ssh agent by running:
- monkeysphere subkey-to-ssh-agent
+ $ monkeysphere subkey-to-ssh-agent
FIXME: using the key with a single session?
-
Miscellaneous
-------------
@@ -121,7 +120,7 @@ is the case for your host, ask your system administrator.
If you want to do this as a regular user, use the
update-authorized_keys command:
-$ monkeysphere update-authorized_keys
+ $ monkeysphere update-authorized_keys
This command will take all the user IDs listed in the
~/.config/monkeysphere/authorized_user_ids file and check to see if
diff --git a/doc/README.admin b/doc/README.admin
index a644bbe..db0ec87 100644
--- a/doc/README.admin
+++ b/doc/README.admin
@@ -8,16 +8,16 @@ server service publication
--------------------------
To publish a server host key:
-# monkeysphere-server gen-key
-# monkeysphere-server publish-key
+ # monkeysphere-server gen-key
+ # monkeysphere-server publish-key
This will generate the key for server with the service URI
(ssh://server.hostname). The server admin should now sign the server
key so that people in the admin's web of trust can authenticate the
server without manual host key checking:
-$ gpg --search ='ssh://server.hostname'
-$ gpg --sign-key ='ssh://server.hostname'
+ $ gpg --search ='ssh://server.hostname'
+ $ gpg --sign-key ='ssh://server.hostname'
Update OpenSSH configuration files
@@ -27,7 +27,7 @@ To use the newly-generated host key for ssh connections, put the
following line in /etc/ssh/sshd_config (be sure to remove references
to any other key):
-HostKey /var/lib/monkeysphere/ssh_host_rsa_key
+ HostKey /var/lib/monkeysphere/ssh_host_rsa_key
FIXME: should we just suggest symlinks in the filesystem here instead?
@@ -37,9 +37,7 @@ To enable users to use the monkeysphere to authenticate against the
web-of-trust, add this line to /etc/ssh/sshd_config (again, making
sure that no other AuthorizedKeysFile directive exists):
-AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u
-
-
+ AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u
MonkeySphere authorized_keys maintenance
----------------------------------------
@@ -50,7 +48,7 @@ users.
For each user account on the server, the userids of people authorized
to log into that account would be placed in:
- ~/.config/monkeysphere/authorized_user_ids
+ ~/.config/monkeysphere/authorized_user_ids
However, in order for users to become authenticated, the server must
determine that the user keys have "full" validity. This means that
@@ -59,17 +57,17 @@ connecting user's key would validate the user. This would generally be
the server admin. If the server admin's keyid is XXXXXXXX, then on
the server run:
-# monkeysphere-server add-identity-certifier XXXXXXXX
+ # monkeysphere-server add-identity-certifier XXXXXXXX
To update the monkeysphere authorized_keys file for user "bob", the
system would then run the following:
-# monkeysphere-server update-users bob
+ # monkeysphere-server update-users bob
To update the monkeysphere authorized_keys file for all users on the
the system, run the same command with no arguments:
-# monkeysphere-server update-users
+ # monkeysphere-server update-users
You probably want to set up a regularly scheduled job (e.g. with cron)
to take care of this regularly.