diff options
| -rw-r--r-- | man/man1/monkeysphere.1 | 14 | ||||
| -rwxr-xr-x | src/monkeysphere | 4 | ||||
| -rwxr-xr-x | src/monkeysphere-server | 2 | ||||
| -rw-r--r-- | website/bugs/add-man-pages-to-website.mdwn | 12 | ||||
| -rw-r--r-- | website/bugs/install-seckey2sshagent-in-usr-bin.mdwn | 16 | ||||
| -rw-r--r-- | website/bugs/monkeysphere-ssh-proxycommand-quiet-option.mdwn | 12 | ||||
| -rw-r--r-- | website/index.mdwn | 2 | ||||
| -rw-r--r-- | website/why.mdwn | 4 |
8 files changed, 54 insertions, 12 deletions
diff --git a/man/man1/monkeysphere.1 b/man/man1/monkeysphere.1 index fe4fd36..db35a38 100644 --- a/man/man1/monkeysphere.1 +++ b/man/man1/monkeysphere.1 @@ -52,12 +52,14 @@ ID, 1 if no matching keys were found at all, and 2 if matching keys were found but none were acceptable. `a' may be used in place of `update-authorized_keys'. .TP -.B gen-subkey KEYID -Generate an authentication subkey. For the primary key with the -specified key ID, generate a subkey with "authentication" capability -that can be used for monkeysphere transactions. An expiration length -can be specified with the `-e' or `--expire' option (prompt -otherwise). `g' may be used in place of `gen-subkey'. +.B gen-subkey [KEYID] +Generate an authentication subkey for a private key in your GnuPG +keyring. For the primary key with the specified key ID, generate a +subkey with "authentication" capability that can be used for +monkeysphere transactions. An expiration length can be specified with +the `-e' or `--expire' option (prompt otherwise). If no key ID is +specified, but only one key exists in the secret keyring, that key +will be used. `g' may be used in place of `gen-subkey'. .TP .B help Output a brief usage summary. `h' or `?' may be used in place of diff --git a/src/monkeysphere b/src/monkeysphere index f959a38..303dc8d 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -39,7 +39,7 @@ MonkeySphere client tool. subcommands: update-known_hosts (k) [HOST]... update known_hosts file update-authorized_keys (a) update authorized_keys file - gen-subkey (g) KEYID generate an 'a' capable subkey + gen-subkey (g) [KEYID] generate an authentication subkey --length (-l) BITS key length in bits (2048) --expire (-e) EXPIRE date to expire help (h,?) this help @@ -288,7 +288,7 @@ case $COMMAND in gen_subkey "$@" ;; - 'help'|'h'|'?') + '--help'|'help'|'-h'|'h'|'?') usage ;; diff --git a/src/monkeysphere-server b/src/monkeysphere-server index fcd3114..6754b23 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -493,7 +493,7 @@ EOF show_server_key - echo "NOTE: User ID revoked, but revokation not published." + echo "NOTE: User ID revoked, but revocation not published." echo "Run '$PGRM publish-key' to publish the revocation." else failure "Problem revoking user ID." diff --git a/website/bugs/add-man-pages-to-website.mdwn b/website/bugs/add-man-pages-to-website.mdwn new file mode 100644 index 0000000..4a8d2e2 --- /dev/null +++ b/website/bugs/add-man-pages-to-website.mdwn @@ -0,0 +1,12 @@ +[[meta title="Add man pages to web site"]] + +We should publish the various monkeysphere man pages in browsable form +somewhere under http://monkeysphere.info/. Ideally, this would be +updated automatically from the sources for the official man pages +themselves. + +This strikes me as an ikiwiki subproject (implementing a man2html wiki +compilation language perhaps?). + +Interestingly, [ikiwiki's own man page](http://ikiwiki.info/usage/) +appears to be written in markdown and then converted to nroff. diff --git a/website/bugs/install-seckey2sshagent-in-usr-bin.mdwn b/website/bugs/install-seckey2sshagent-in-usr-bin.mdwn index 5b19b13..0163727 100644 --- a/website/bugs/install-seckey2sshagent-in-usr-bin.mdwn +++ b/website/bugs/install-seckey2sshagent-in-usr-bin.mdwn @@ -25,3 +25,19 @@ part about verifying you to a server. Then it could say: if you're really interested, you can run this hacky script but we make no guarantees. -- Sir Jam Jam + +--- + +I just realized that i think i can test for the presence of [GNU-dummy +support in +GnuTLS](http://lists.gnu.org/archive/html/gnutls-devel/2008-08/msg00005.html), +which means that we can cleanly test whether the proposed [handling of +passphrase-locked secret +keys](bugs/handle-passphrase-locked-secret-keys/) is functional. With +that in mind, I'd like to propose that we could resolve this bug +simply by adding a new subcommand: `monkeysphere authkey-to-agent`, +which would fail in the absence of a functionally-patched GnuTLS. + +Would this proposal be sufficient to resolve this bug? + +--dkg diff --git a/website/bugs/monkeysphere-ssh-proxycommand-quiet-option.mdwn b/website/bugs/monkeysphere-ssh-proxycommand-quiet-option.mdwn index 965f198..028c8f9 100644 --- a/website/bugs/monkeysphere-ssh-proxycommand-quiet-option.mdwn +++ b/website/bugs/monkeysphere-ssh-proxycommand-quiet-option.mdwn @@ -20,3 +20,15 @@ at least, would be for silent output to be the default and have a -v/--verbose option to get the output. Or - maybe these should be environmental variables? In any event - someway to suppress informational output would be a useful improvement. + +------ + +I'd be fine with silent mode as a default, with a more verbose mode +accessible to the user who desires it. + +I'd prefer an environment variable (e.g. `MONKEYSPHERE_VERBOSE` or +`MONKEYSPHERE_DEBUG`) over a command-line (e.g. `--verbose`) option, +personally. It's more in keeping with the model we've used in general +so far. + +--dkg diff --git a/website/index.mdwn b/website/index.mdwn index 495d963..6583e18 100644 --- a/website/index.mdwn +++ b/website/index.mdwn @@ -9,7 +9,7 @@ yourself and the servers you administer or connect to. OpenPGP keys are tracked via GnuPG, and managed in the `known_hosts` and `authorized_keys` files used by OpenSSH for connection authentication. -[why you should be interested](/why) | [[bugs]] | [[download]] | [[news]] | [[documentation|doc]] +[why?](/why) | [[bugs]] | [[download]] | [[news]] | [[documentation|doc]] ## Conceptual overview ## diff --git a/website/why.mdwn b/website/why.mdwn index 7f69614..3f6aa7c 100644 --- a/website/why.mdwn +++ b/website/why.mdwn @@ -36,8 +36,8 @@ you keep them from getting the big scary warning messages? Have you ever wanted to allow a colleague key-based access to a machine, *without* needing to have a copy of their public key on hand? -Have you ever wanted to be able to revoke the ability of a key to -authenticate across the entire infrastructure you manage, without +Have you ever wanted to be able to revoke the ability of a user's key +to authenticate across the entire infrastructure you manage, without touching each host by hand? ## What's the connection? ## |