diff options
Diffstat (limited to 'man/man1/monkeysphere-ssh-proxycommand.1')
-rw-r--r-- | man/man1/monkeysphere-ssh-proxycommand.1 | 73 |
1 files changed, 0 insertions, 73 deletions
diff --git a/man/man1/monkeysphere-ssh-proxycommand.1 b/man/man1/monkeysphere-ssh-proxycommand.1 deleted file mode 100644 index 65edd0b..0000000 --- a/man/man1/monkeysphere-ssh-proxycommand.1 +++ /dev/null @@ -1,73 +0,0 @@ -.TH MONKEYSPHERE-SSH-PROXYCOMMAND "1" "June 2008" "monkeysphere 0.1" "User Commands" - -.SH NAME - -monkeysphere-ssh-proxycommand \- MonkeySphere ssh ProxyCommand script - -.SH DESCRIPTION - -\fBmonkeysphere-ssh-proxycommand\fP is an ssh proxy command that can be used -to trigger a monkeysphere update of the ssh known_hosts file for a -host that is being connected to with ssh. This works by updating the -known_hosts file for the host first, before an attempted connection to -the host is made. Once the known_hosts file has been updated, a TCP -connection to the host is made by exec'ing netcat(1). Regular ssh -communication is then done over this netcat TCP connection (see -ProxyCommand in ssh_config(5) for more info). - -This command is meant to be run as the ssh "ProxyCommand". This can -either be done by specifying the proxy command on the command line: - -.B ssh -o ProxyCommand="monkeysphere-ssh-proxycommand %h %p" ... - -or by adding the following line to your ~/.ssh/config script: - -.B ProxyCommand monkeysphere-ssh-proxycommand %h %p - -The script can easily be incorporated into other ProxyCommand scripts -by calling it with the "--no-connect" option, i.e.: - -.B monkeysphere-ssh-proxycommand --no-connect "$HOST" "$PORT" - -This will run everything except the final exec of netcat to make the -TCP connection to the host. In this way this command can be added to -another proxy command that does other stuff, and then makes the -connection to the host itself. - -.SH KEYSERVER CHECKING - -The proxy command has a fairly nuanced policy for when keyservers are -queried when processing a host. If the host userID is not found in -either the user's keyring or in the known_hosts file, then the -keyserver is queried for the host userID. If the host userID is found -in the user's keyring, then the keyserver is not checked. This -assumes that the keyring is kept up-to-date, in a cronjob or the like, -so that revocations are properly handled. If the host userID is not -found in the user's keyring, but the host is listed in the known_hosts -file, then the keyserver is not checked. This last policy might -change in the future, possibly by adding a deferred check, so that -hosts that go from non-monkeysphere-enabled to monkeysphere-enabled -will be properly checked. - -.SH ENVIRONMENT VARIABLES - -All environment variables defined in monkeysphere(1) can also be used -for the proxy command, with one note: - -.TP -MONKEYSPHERE_CHECK_KEYSERVER -Setting this variable (to `true' or `false') will override the policy -defined in KEYSERVER CHECKING above. - -.SH AUTHOR - -Written by Jameson Rollins <jrollins@fifthhorseman.net> - -.SH SEE ALSO - -.BR monkeysphere (1), -.BR monkeysphere (7), -.BR ssh (1), -.BR ssh_config (5), -.BR netcat (1), -.BR gpg (1) |