From 8bba6f27dd299180bd55d9f27b8d1b219c356095 Mon Sep 17 00:00:00 2001 From: Jamie McClelland Date: Wed, 27 Aug 2008 21:05:09 -0400 Subject: adding initial slashes to links. --- doc/README.admin | 77 -------------------------------------- website/doc.mdwn | 4 +- website/getting-started-admin.mdwn | 77 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 79 insertions(+), 79 deletions(-) delete mode 100644 doc/README.admin create mode 100644 website/getting-started-admin.mdwn diff --git a/doc/README.admin b/doc/README.admin deleted file mode 100644 index e97c794..0000000 --- a/doc/README.admin +++ /dev/null @@ -1,77 +0,0 @@ -Monkeysphere Server Administrator README -======================================== - -FIXME: distinguish between publishing a new monkeysphere-enabled host -key and accepting user identification via the web-of-trust. - - -server service publication --------------------------- -To publish a server host key: - - # monkeysphere-server gen-key - # monkeysphere-server publish-key - -This will generate the key for server with the service URI -(ssh://server.hostname). The server admin should now sign the server -key so that people in the admin's web of trust can authenticate the -server without manual host key checking: - - $ gpg --search ='ssh://server.hostname' - $ gpg --sign-key ='ssh://server.hostname' - - -Update OpenSSH configuration files ----------------------------------- - -To use the newly-generated host key for ssh connections, put the -following line in /etc/ssh/sshd_config (be sure to remove references -to any other key): - - HostKey /var/lib/monkeysphere/ssh_host_rsa_key - -FIXME: should we just suggest symlinks in the filesystem here instead? - -FIXME: What about DSA host keys? The SSH RFC seems to require that DSA be available, though OpenSSH will work without a DSA host key. - -To enable users to use the monkeysphere to authenticate against the -web-of-trust, add this line to /etc/ssh/sshd_config (again, making -sure that no other AuthorizedKeysFile directive exists): - - AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u - - -MonkeySphere authorized_keys maintenance ----------------------------------------- - -A system can maintain monkeysphere authorized_keys files for it's -users. - -For each user account on the server, the userids of people authorized -to log into that account would be placed in: - - ~/.config/monkeysphere/authorized_user_ids - -However, in order for users to become authenticated, the server must -determine that the user keys have "full" validity. This means that -the server must fully trust at least one person whose signature on the -connecting user's key would validate the user. This would generally be -the server admin. If the server admin's keyid is XXXXXXXX, then on -the server run: - - # monkeysphere-server add-identity-certifier XXXXXXXX - -To update the monkeysphere authorized_keys file for user "bob", the -system would then run the following: - - # monkeysphere-server update-users bob - -To update the monkeysphere authorized_keys file for all users on the -the system, run the same command with no arguments: - - # monkeysphere-server update-users - -You probably want to set up a regularly scheduled job (e.g. with cron) -to take care of this regularly. - -FIXME: document other likely problems and troubleshooting techniques diff --git a/website/doc.mdwn b/website/doc.mdwn index 10f8700..3464455 100644 --- a/website/doc.mdwn +++ b/website/doc.mdwn @@ -9,8 +9,8 @@ ## Getting started ## - * Getting started as a [user](getting-started-user) - * Getting started as a [server admin](getting-started-admin) + * Getting started as a [user](/getting-started-user) + * Getting started as a [server admin](/getting-started-admin) ## References ## diff --git a/website/getting-started-admin.mdwn b/website/getting-started-admin.mdwn new file mode 100644 index 0000000..e97c794 --- /dev/null +++ b/website/getting-started-admin.mdwn @@ -0,0 +1,77 @@ +Monkeysphere Server Administrator README +======================================== + +FIXME: distinguish between publishing a new monkeysphere-enabled host +key and accepting user identification via the web-of-trust. + + +server service publication +-------------------------- +To publish a server host key: + + # monkeysphere-server gen-key + # monkeysphere-server publish-key + +This will generate the key for server with the service URI +(ssh://server.hostname). The server admin should now sign the server +key so that people in the admin's web of trust can authenticate the +server without manual host key checking: + + $ gpg --search ='ssh://server.hostname' + $ gpg --sign-key ='ssh://server.hostname' + + +Update OpenSSH configuration files +---------------------------------- + +To use the newly-generated host key for ssh connections, put the +following line in /etc/ssh/sshd_config (be sure to remove references +to any other key): + + HostKey /var/lib/monkeysphere/ssh_host_rsa_key + +FIXME: should we just suggest symlinks in the filesystem here instead? + +FIXME: What about DSA host keys? The SSH RFC seems to require that DSA be available, though OpenSSH will work without a DSA host key. + +To enable users to use the monkeysphere to authenticate against the +web-of-trust, add this line to /etc/ssh/sshd_config (again, making +sure that no other AuthorizedKeysFile directive exists): + + AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u + + +MonkeySphere authorized_keys maintenance +---------------------------------------- + +A system can maintain monkeysphere authorized_keys files for it's +users. + +For each user account on the server, the userids of people authorized +to log into that account would be placed in: + + ~/.config/monkeysphere/authorized_user_ids + +However, in order for users to become authenticated, the server must +determine that the user keys have "full" validity. This means that +the server must fully trust at least one person whose signature on the +connecting user's key would validate the user. This would generally be +the server admin. If the server admin's keyid is XXXXXXXX, then on +the server run: + + # monkeysphere-server add-identity-certifier XXXXXXXX + +To update the monkeysphere authorized_keys file for user "bob", the +system would then run the following: + + # monkeysphere-server update-users bob + +To update the monkeysphere authorized_keys file for all users on the +the system, run the same command with no arguments: + + # monkeysphere-server update-users + +You probably want to set up a regularly scheduled job (e.g. with cron) +to take care of this regularly. + +FIXME: document other likely problems and troubleshooting techniques -- cgit v1.2.3