summaryrefslogtreecommitdiff
path: root/src/rhesus/README
diff options
context:
space:
mode:
Diffstat (limited to 'src/rhesus/README')
-rw-r--r--src/rhesus/README30
1 files changed, 30 insertions, 0 deletions
diff --git a/src/rhesus/README b/src/rhesus/README
new file mode 100644
index 0000000..4d383d5
--- /dev/null
+++ b/src/rhesus/README
@@ -0,0 +1,30 @@
+rhesus is the monkeysphere authorized_keys/known_hosts generator.
+
+In authorized_keys mode, rhesus takes an auth_user_ids file, which
+contains gpg user ids, uses gpg to fetch the keys of the specified
+users, does a monkeysphere policy check on each id, and uses gpg2ssh
+to generate authorized_keys lines for each verified id. The lines are
+then combined with a user's traditional authorized_keys file to create
+a new authorized_keys file.
+
+In known_hosts mode, rhesus takes an auth_host_ids file, which
+contains gpg user ids of the form ssh://URL, uses gpg to fetch the
+keys of the specified hosts, does a monkeysphere policy check on each
+id, and uses gpg2ssh to generate a known_hosts lines for each verified
+id. The lines are then combined with a user's traditional known_hosts
+file to create a new known_hosts file.
+
+When run as a normal user, no special configuration is needed.
+
+When run as an administrator to update system-maintained
+authorized_keys files for each user, the following environment
+variables should be defined first:
+
+ MS_CONF=/etc/monkeysphere/monkeysphere.conf
+ USER=foo
+
+For example, the command might be run like this:
+
+ for USER in $(ls -1 /home) ; do
+ MS_CONF=/etc/monkeysphere/monkeysphere.conf rhesus --authorized_keys
+ done