summaryrefslogtreecommitdiff
path: root/man
diff options
context:
space:
mode:
Diffstat (limited to 'man')
-rw-r--r--man/man1/monkeysphere.133
-rw-r--r--man/man8/monkeysphere-authentication.85
-rw-r--r--man/man8/monkeysphere-host.87
3 files changed, 26 insertions, 19 deletions
diff --git a/man/man1/monkeysphere.1 b/man/man1/monkeysphere.1
index 3ed43e1..887b5df 100644
--- a/man/man1/monkeysphere.1
+++ b/man/man1/monkeysphere.1
@@ -58,22 +58,22 @@ were found but none were acceptable. `a' may be used in place of
.TP
.B gen-subkey [KEYID]
Generate an authentication subkey for a private key in your GnuPG
-keyring. For the primary key with the specified key ID, generate a
-subkey with "authentication" capability that can be used for
-monkeysphere transactions. An expiration length can be specified with
-the `-e' or `--expire' option (prompt otherwise). If no key ID is
+keyring. KEYID is the key ID for the primary key for which the subkey
+with "authentication" capability will be generated. If no key ID is
specified, but only one key exists in the secret keyring, that key
-will be used. `g' may be used in place of `gen-subkey'.
+will be used. The length of the generated key can be specified with
+the `--length` or `-l` option. `g' may be used in place of
+`gen-subkey'.
.TP
.B ssh-proxycommand
-an ssh proxy command that can be used
-to trigger a monkeysphere update of the ssh known_hosts file for a
-host that is being connected to with ssh. This works by updating the
-known_hosts file for the host first, before an attempted connection to
-the host is made. Once the known_hosts file has been updated, a TCP
-connection to the host is made by exec'ing netcat(1). Regular ssh
-communication is then done over this netcat TCP connection (see
-ProxyCommand in ssh_config(5) for more info).
+An ssh ProxyCommand that can be used to trigger a monkeysphere update
+of the ssh known_hosts file for a host that is being connected to with
+ssh. This works by updating the known_hosts file for the host first,
+before an attempted connection to the host is made. Once the
+known_hosts file has been updated, a TCP connection to the host is
+made by exec'ing netcat(1). Regular ssh communication is then done
+over this netcat TCP connection (see ProxyCommand in ssh_config(5) for
+more info).
This command is meant to be run as the ssh "ProxyCommand". This can
either be done by specifying the proxy command on the command line:
@@ -108,9 +108,10 @@ change in the future, possibly by adding a deferred check, so that
hosts that go from non-monkeysphere-enabled to monkeysphere-enabled
will be properly checked.
-Setting the MONKEYSPHERE_CHECK_KEYSERVER
-variable (to `true' or `false') will override the keyserver-checking policy
-defined above.
+Setting the CHECK_KEYSERVER variable in the config file or the
+MONKEYSPHERE_CHECK_KEYSERVER environment variable to either `true' or
+`false' will override the keyserver-checking policy defined above and
+either always or never check the keyserver for host key updates.
.TP
.B subkey-to-ssh-agent [ssh-add arguments]
diff --git a/man/man8/monkeysphere-authentication.8 b/man/man8/monkeysphere-authentication.8
index 38df65d..361822d 100644
--- a/man/man8/monkeysphere-authentication.8
+++ b/man/man8/monkeysphere-authentication.8
@@ -37,8 +37,11 @@ monkeysphere-controlled authorized_keys file. If no accounts are
specified, then all accounts on the system are processed. `u' may be
used in place of `update-users'.
.TP
-.B add-id-certifier KEYID
+.B add-id-certifier KEYID|FILE
Instruct system to trust user identity certifications made by KEYID.
+The key ID will be loaded from the keyserver. A file may be loaded
+instead of pulling the key from the keyserver by specifying the path
+to the file as the argument, or by specifying `-` to load from stdin.
Using the `-n' or `--domain' option allows you to indicate that you
only trust the given KEYID to make identifications within a specific
domain (e.g. "trust KEYID to certify user identities within the
diff --git a/man/man8/monkeysphere-host.8 b/man/man8/monkeysphere-host.8
index f33aea6..2b71807 100644
--- a/man/man8/monkeysphere-host.8
+++ b/man/man8/monkeysphere-host.8
@@ -58,8 +58,11 @@ place of `add-hostname'.
Revoke a hostname user ID from the server host key. `n-' may be used
in place of `revoke-hostname'.
.TP
-.B add-revoker FINGERPRINT
-Add a revoker to the host's OpenPGP key. `o' may be be used in place
+.B add-revoker KEYID|FILE
+Add a revoker to the host's OpenPGP key. The key ID will be loaded
+from the keyserver. A file may be loaded instead of pulling the key
+from the keyserver by specifying the path to the file as the argument,
+or by specifying `-` to load from stdin. `o' may be be used in place
of `add-revoker'.
.TP
.B revoke-key