diff options
Diffstat (limited to 'man/man8')
-rw-r--r-- | man/man8/monkeysphere-server.8 | 102 |
1 files changed, 102 insertions, 0 deletions
diff --git a/man/man8/monkeysphere-server.8 b/man/man8/monkeysphere-server.8 new file mode 100644 index 0000000..2b5af5e --- /dev/null +++ b/man/man8/monkeysphere-server.8 @@ -0,0 +1,102 @@ +.TH MONKEYSPHERE-SERVER "1" "June 2008" "monkeysphere 0.1" "User Commands" + +.SH NAME + +monkeysphere-server \- monkeysphere server admin user interface + +.SH SYNOPSIS + +.B monkeysphere-server \fIcommand\fP [\fIargs\fP] + +.SH DESCRIPTION + +\fBMonkeySphere\fP is a system to leverage the OpenPGP Web of Trust +for ssh authentication and encryption. OpenPGP keys are tracked via +GnuPG, and added to the ssh authorized_keys and known_hosts files to +be used for authentication of ssh connections. + +\fBmonkeysphere-server\fP is the MonkeySphere server admin utility. + +.SH SUBCOMMANDS + +\fBmonkeysphere-server\fP takes various subcommands: +.TP +.B update-users [USER]... +Update the admin-controlled authorized_keys files for user. For each +user specified, user ID's listed in the user's authorized_user_ids +file are processed, and the user's authorized_keys file in +/var/cache/monkeysphere/authorized_keys/USER. See `man monkeysphere' +for more info. If the USER_CONTROLLED_AUTHORIZED_KEYS variable is +set, then a user-controlled authorized_keys file (usually +~USER/.ssh/authorized_keys) is added to the authorized_keys file. `k' +may be used in place of `update-known_hosts'. +.TP +.B gen-key +Generate a gpg key for the host. `g' may be used in place of +`gen-key'. +.TP +.B show-fingerprint +Show the fingerprint for the host's OpenPGP key. `f' may be used in place of +`show-fingerprint'. +.TP +.B publish-key +Publish the host's gpg key to the keyserver. `p' may be used in place +of `publish-key'. +.TP +.B trust-keys KEYID... +Mark key specified with key IDs with full owner trust. `t' may be used +in place of `trust-keys'. +.TP +.B help +Output a brief usage summary. `h' or `?' may be used in place of +`help'. + +.SH SETUP + +In order to start using the monkeysphere, there are a couple of things +you need to do first. The first is to generate an OpenPGP key for the +server and convert that key to an ssh key that can be used by ssh for +host authentication. To do this, run the "gen-key" subcommand. Once +that is done, publish the key to a keyserver with "publish-key" +subcommand. Finally, you need to modify the sshd_config to tell sshd +where the new server host key: + +HostKey /etc/monkeysphere/ssh_host_rsa_key + +If the server will also handle user authentication through +monkeysphere-generated authorized_keys files, set the following: + +AuthorizedKeysFile /var/cache/monkeysphere/authorized_keys/%u + +Once those changes are made, restart the ssh server. + +.SH FILES + +.TP +/etc/monkeysphere/monkeysphere-server.conf +System monkeysphere-server config file. +.TP +/etc/monkeysphere/monkeysphere.conf +System-wide monkeysphere config file. +.TP +/etc/monkeysphere/gnupg +Monkeysphere GNUPG home directory. +.TP +/etc/monkeysphere/ssh_host_rsa_key +Copy of the host's private key in ssh format, suitable for use by sshd. +.TP +/etc/monkeysphere/authorized_user_ids/USER +Server maintained authorized_user_ids files for users. +.TP +/var/cache/monkeysphere/authorized_keys/USER +User authorized_keys file. + +.SH AUTHOR + +Written by Jameson Rollins <jrollins@fifthhorseman.net> + +.SH SEE ALSO + +.BR monkeysphere (1), +.BR gpg (1), +.BR ssh (1) |