From f429aec066448e1d6b7be59cf0e786faa96a6fc4 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Mon, 26 May 2008 23:36:06 -0400 Subject: fixing spelling, fqdns in MonkeySpec examples --- doc/MonkeySpec | 55 +++++++++++++++++++++++++++++-------------------------- 1 file changed, 29 insertions(+), 26 deletions(-) (limited to 'doc') diff --git a/doc/MonkeySpec b/doc/MonkeySpec index 3b565db..b0a0d6a 100644 --- a/doc/MonkeySpec +++ b/doc/MonkeySpec @@ -61,40 +61,42 @@ USE CASE Dramatis Personae: http://en.wikipedia.org/wiki/Alice_and_Bob Backstory: http://www.conceptlabs.co.uk/alicebob.html -Bob wants to sign on to the computer "mangabey" via monkeysphere -framework. He doesn't yet have access to the machine, but he knows -Alice, who is the admin of magabey. Alice and Bob, being the -contientious netizens that they are, have already published their +Bob wants to sign on to the computer "mangabey.example.org" via +monkeysphere framework. He doesn't yet have access to the machine, +but he knows Alice, who is the admin of magabey. Alice and Bob, being +the conscientious netizens that they are, have already published their personal gpg keys to the web of trust, and being good friends, have both signed each other's keys and marked each others keys with "full" trust. Alice uses howler to publish a gpg key for magabey with the special -"ssh://magabey" URI userid. Alice signs magabey's gpg key and -publishes her signature. Alice then creates a user "bob" on magabey, -and puts Bob's userid in the auth_user_ids file for user bob on -magabey. tamarin triggers on magabey, which triggers rhesus, which -takes all userids in bob's auth_user_ids file, look on a keyserver to -find the public keys for each user, converts the gpg public keys into -ssh public keys if the key validity is acceptable, and finally insert -those keys into an authorized_keys file for bob. - -Bob now adds the "ssh://magabey" userid to the auth_host_ids file in -his account on his localhost. Bob now goes to connect to bob@magabey. -Bob's ssh client, which is monkeysphere enabled, triggers marmoset, -which triggers rhesus on Bob's computer, which takes all server -userids in his auth_host_ids file, looks on a keyserver to find the -public key for each server (based on the server's URI), converts the -gpg public keys into ssh public keys if the key validity is -acceptable, and finally insert those keys into Bob's known_hosts file. +userid of "ssh://mangabey.example.org". Alice signs mangabey's gpg +key and publishes this signature as a certification. Alice then +creates a user "bob" on mangabey, and puts Bob's userid in the +auth_user_ids file for user bob on magabey. tamarin triggers on +mangabey, which invokes rhesus. rhesus takes all userids in bob's +auth_user_ids file, looks on a keyserver to find the public keys for +each user, converts the gpg public keys into ssh public keys if the +key validity is acceptable, and finally inserts those keys into an +authorized_keys file for bob. + +Bob now adds the "ssh://mangabey.example.org" userid to the +auth_host_ids file in his account on his localhost. Bob now goes to +connect to bob@mangabey.example.org. Bob's monkeysphere-enabled ssh +client triggers marmoset, which invokes rhesus on Bob's computer. +rhesus takes all server userids in his auth_host_ids file, looks on a +keyserver to find the public key for each server (based on the +server's URI), converts the gpg public keys into ssh public keys if +the key validity is acceptable, and finally insert those keys into +Bob's known_hosts file. On Bob's side, since mangabey's key had "full" validity (since it was -signed by Alice whom he fully trusts), Bob's ssh client deems magabey +signed by Alice whom he fully trusts), Bob's ssh client deems mangabey "known" and no further host key checking is required. -On magabey's side, since Bob's key has "full" validity (since it had -also been signed by Alice whom magabey fully trusts (since Alice told -him to)), Bob is authenticated to log into bob@magabey. +On mangabey's side, since Bob's key has "full" validity (since it had +also been signed by Alice, mangabey's trusted administrator), Bob is +authenticated and authorized to log into bob@mangabey. NOTES ===== @@ -136,4 +138,5 @@ perform authorization on user identities instead of on keys, it additionally allows the sysadmin also to authenticate the server to the end-user. -git clone http://git.mlcastle.net/monkeysphere.git/ monkeysphere +see doc/git-init for more detail on how to pull from the distributed +repositories. -- cgit v1.2.3 From 29b342e4ef7a4930e84748da233cec15db000be1 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Fri, 6 Jun 2008 17:06:56 -0400 Subject: updated MonkeySpec to be more user-friendly. --- doc/MonkeySpec | 83 ++++++++++++++++++++++++++++++++++++---------------------- 1 file changed, 51 insertions(+), 32 deletions(-) (limited to 'doc') diff --git a/doc/MonkeySpec b/doc/MonkeySpec index b0a0d6a..6ac5f11 100644 --- a/doc/MonkeySpec +++ b/doc/MonkeySpec @@ -63,40 +63,59 @@ Backstory: http://www.conceptlabs.co.uk/alicebob.html Bob wants to sign on to the computer "mangabey.example.org" via monkeysphere framework. He doesn't yet have access to the machine, -but he knows Alice, who is the admin of magabey. Alice and Bob, being -the conscientious netizens that they are, have already published their -personal gpg keys to the web of trust, and being good friends, have -both signed each other's keys and marked each others keys with "full" -trust. - -Alice uses howler to publish a gpg key for magabey with the special -userid of "ssh://mangabey.example.org". Alice signs mangabey's gpg -key and publishes this signature as a certification. Alice then -creates a user "bob" on mangabey, and puts Bob's userid in the -auth_user_ids file for user bob on magabey. tamarin triggers on -mangabey, which invokes rhesus. rhesus takes all userids in bob's -auth_user_ids file, looks on a keyserver to find the public keys for -each user, converts the gpg public keys into ssh public keys if the -key validity is acceptable, and finally inserts those keys into an -authorized_keys file for bob. - -Bob now adds the "ssh://mangabey.example.org" userid to the -auth_host_ids file in his account on his localhost. Bob now goes to -connect to bob@mangabey.example.org. Bob's monkeysphere-enabled ssh -client triggers marmoset, which invokes rhesus on Bob's computer. -rhesus takes all server userids in his auth_host_ids file, looks on a -keyserver to find the public key for each server (based on the -server's URI), converts the gpg public keys into ssh public keys if -the key validity is acceptable, and finally insert those keys into -Bob's known_hosts file. - -On Bob's side, since mangabey's key had "full" validity (since it was -signed by Alice whom he fully trusts), Bob's ssh client deems mangabey +but he knows Alice, who is the admin of mangabey. Alice and Bob, +being the conscientious netizens that they are, have already published +their personal gpg keys to the web of trust, and being good friends, +have both signed each other's keys and marked each others keys with +"full" ownertrust. + +When Alice set up mangabey initially, she used howler to publish a gpg +key for the machine with the special userid of +"ssh://mangabey.example.org". She also signed mangabey's gpg key and +published this certification to commonly-used keyservers. Alice also +configured mangabey to treat her own key with full ownertrust (could +this be done as part of the howler invocation?) + +Now, Alice creates a user account "bob" on mangabey, and puts Bob's +userid ("Bob ") in the authorized_user_ids file for +user bob on mangabey. tamarin triggers on mangabey either by a +cronjob or an inotify hook, and invokes rhesus for the "bob" account. +rhesus automatically takes each userid in bob's authorized_user_ids +file, and looks on a keyserver to find all public keys associated with +that user ID, with the goal of populating the authorized_keys file for +bob@mangabey. + +In particular: for each key found, the server evaluates the calculated +validity of the specified user ID based on the ownertrust rules it has +configured ("trust alice's certifications fully", in this example). +For each key for which the user ID in question is fully-valid, it +extracts all DSA- or RSA-based primary or secondary keys marked with +usage flags for encrypted communications and authentication, and +converts these gpg public keys into ssh public keys. Finally, rhesus +inserts these calculated public keys into the authorized_keys file for +bob. + +Bob now attempts to connect, by firing up a terminal and invoking: +"ssh bob@mangabey.example.org". Bob's monkeysphere-enabled ssh client +notices that mangabey.example.org isn't already available in bob's +known_hosts file, and triggers rhesus (on Bob's computer) to fetch the +key for mangabey, with the goal of populating Bob's local known_hosts +file. + +In particular: rhesus queries its configured keyservers to find all +public keys with User ID ssh://mangabey.example.org. For each public +key found, rhesus checks the relevant User ID's validity, converts any +"encrypted comms, authentication" gpg public keys into ssh public keys +if the User ID validity is acceptable, and finally insert those keys +into Bob's known_hosts file. + +On Bob's side, since mangabey's key had "full" validity (it was signed +by Alice whom he fully trusts), Bob's ssh client deems mangabey "known" and no further host key checking is required. -On mangabey's side, since Bob's key has "full" validity (since it had -also been signed by Alice, mangabey's trusted administrator), Bob is -authenticated and authorized to log into bob@mangabey. +On mangabey's side, since Bob's key has "full" validity (it had been +signed by Alice, mangabey's trusted administrator), Bob is +authenticated and therefore authorized to log into his account. NOTES ===== -- cgit v1.2.3 From 69b8a040d98944d4c190c2d5ceb4ef5da5b41d80 Mon Sep 17 00:00:00 2001 From: Jamie McClelland Date: Sat, 7 Jun 2008 12:47:08 -0400 Subject: redefining tamarin to be more generic. --- doc/MonkeySpec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'doc') diff --git a/doc/MonkeySpec b/doc/MonkeySpec index 6ac5f11..55ef9ee 100644 --- a/doc/MonkeySpec +++ b/doc/MonkeySpec @@ -43,8 +43,8 @@ server-side components - publishes server gpg keys - used to specify userids to trust for user authentication -* "tamarin": script to trigger rhesus during attempt to initiate - connection from client +* "tamarin": script to trigger or schedule rhesus at admin defined + points (e.g. via cron or during ssh connections). client-side components ---------------------- -- cgit v1.2.3 From c9b6d9a5b7b53766bc70f5dd381fb0db5769bd30 Mon Sep 17 00:00:00 2001 From: Jamie McClelland Date: Sat, 7 Jun 2008 13:44:46 -0400 Subject: redefining tamarin and marmaset as concepts not scripts. --- doc/MonkeySpec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'doc') diff --git a/doc/MonkeySpec b/doc/MonkeySpec index 55ef9ee..6ee278f 100644 --- a/doc/MonkeySpec +++ b/doc/MonkeySpec @@ -43,12 +43,12 @@ server-side components - publishes server gpg keys - used to specify userids to trust for user authentication -* "tamarin": script to trigger or schedule rhesus at admin defined +* "tamarin": concept - how to trigger or schedule rhesus at admin defined points (e.g. via cron or during ssh connections). client-side components ---------------------- -* "marmoset": script to trigger rhesus during attempt to initiate +* "marmoset": concept - how to trigger rhesus during attempt to initiate connection to server - runs on connection to a certain host - triggers update to known_hosts file then makes connection -- cgit v1.2.3 From f016e55c785648e0032c88c6eed872f663e81e39 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sat, 7 Jun 2008 19:39:55 -0400 Subject: small change to correct usage of howler --- doc/MonkeySpec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/MonkeySpec b/doc/MonkeySpec index 6ac5f11..9ed0724 100644 --- a/doc/MonkeySpec +++ b/doc/MonkeySpec @@ -41,7 +41,7 @@ server-side components * "howler": server gpg maintainer - generates gpg keys for the server - publishes server gpg keys - - used to specify userids to trust for user authentication + - used to specify keys to trust for user authentication * "tamarin": script to trigger rhesus during attempt to initiate connection from client -- cgit v1.2.3 From 6c335e70360c7502a2205d21e9f96d4bf2679cbd Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Mon, 9 Jun 2008 01:50:49 -0400 Subject: small tweak to MonkeySpec --- doc/MonkeySpec | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'doc') diff --git a/doc/MonkeySpec b/doc/MonkeySpec index fe5a0bf..54aaa72 100644 --- a/doc/MonkeySpec +++ b/doc/MonkeySpec @@ -39,9 +39,9 @@ common components server-side components ---------------------- * "howler": server gpg maintainer - - generates gpg keys for the server - - publishes server gpg keys - - used to specify keys to trust for user authentication + - generate gpg keys for the server + - publish server gpg keys + - give owner trust to keys for user authentication * "tamarin": concept - how to trigger or schedule rhesus at admin defined points (e.g. via cron or during ssh connections). -- cgit v1.2.3 From cfa7c2e402991ebcb41502169ba85d9c1874d7d2 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Wed, 11 Jun 2008 15:17:54 -0400 Subject: update README --- doc/README | 73 +++++++++++++++++++++----------------------------------------- 1 file changed, 25 insertions(+), 48 deletions(-) (limited to 'doc') diff --git a/doc/README b/doc/README index d8f1897..427f214 100644 --- a/doc/README +++ b/doc/README @@ -1,36 +1,22 @@ Monkeysphere README =================== -Default files locations (by variable): - -MS_HOME=~/.config/monkeysphere -MS_CONF=$MS_HOME/monkeysphere.conf -AUTH_HOST_FILE=$MS_HOME/auth_host_ids -AUTH_USER_FILE=$MS_HOME/auth_user_ids -GNUPGHOME=~/.gnupg -STAGING_AREA=$MS_HOME - -$STAGING_AREA/host_keys/KEYHASH -$STAGING_AREA/known_hosts -$STAGING_AREA/user_keys/KEYHASH -$STAGING_AREA/authorized_keys - user usage ---------- -For a user to update their ms known_hosts file: +For a user to update their known_hosts file: -$ rhesus --known_hosts +$ monkeysphere update-known_hosts -For a user to update their ms authorized_keys file: +For a user to update their monkeysphere authorized_keys file: -$ rhesus --authorized_keys +$ monkeysphere update-authorized_keys server service publication -------------------------- -To publish a server host key use the "howler" component: +To publish a server host key: -# howler gen-key -# howler publish-key +# monkeysphere-server gen-key +# monkeysphere-server publish-key This will generate the key for server with the service URI (ssh://server.hostname). The server admin should now sign the server @@ -42,38 +28,29 @@ $ gpg --sign-key 'ssh://server.hostname' server authorized_keys maintenance ---------------------------------- -A system can maintain ms authorized_keys files for it's users. Some -different variables need to be defined to help manage this. The way -this is done is by first defining a new MS_HOME: +A system can maintain monkeysphere authorized_keys files for it's +users. -MS_HOME=/etc/monkeysphere - -This directory would then have a monkeysphere.conf which defines the -following variables: +For each user account on the server, the userids of people authorized +to log into that account would be placed in: -AUTH_USER_FILE="$MS_HOME"/auth_user_ids/"$USER" -STAGING_AREA=/var/lib/monkeysphere/stage/$USER -GNUPGHOME=$MS_HOME/gnupg +/etc/monkeysphere/authorized_user_file/USER -For each user account on the server, the userids of people authorized -to log into that account would be placed in the AUTH_USER_FILE for -that user. However, in order for users to become authenticated, the -server must determine that the user keys have "full" validity. This -means that the server must fully trust at least one person whose -signature on the connecting users key would validate the user. This -would generally be the server admin. If the server admin's keyid is -XXXXXXXX, then on the server run: +However, in order for users to become authenticated, the server must +determine that the user keys have "full" validity. This means that +the server must fully trust at least one person whose signature on the +connecting users key would validate the user. This would generally be +the server admin. If the server admin's keyid is XXXXXXXX, then on +the server run: -# howler trust-key XXXXXXXX +# monkeysphere-server trust-keys XXXXXXXX -To update the ms authorized_keys file for user "bob", the system would -then run the following: +To update the monkeysphere authorized_keys file for user "bob", the +system would then run the following: -# USER=bob MS_HOME=/etc/monkeysphere rhesus --authorized_keys +# monkeysphere-server update-users bob -To update the ms authorized_keys file for all users on the the system: +To update the monkeysphere authorized_keys file for all users on the +the system, run the same command with no arguments: -MS_HOME=/etc/monkeysphere -for USER in $(ls -1 /etc/monkeysphere/auth_user_ids) ; do - rhesus --authorized_keys -done +# monkeysphere-server update-users bob -- cgit v1.2.3 From a7275bfcb21bccff64ccc544676406cb6318a021 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Fri, 13 Jun 2008 15:12:07 -0400 Subject: added TODO documentation with additional projects. --- doc/TODO | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 doc/TODO (limited to 'doc') diff --git a/doc/TODO b/doc/TODO new file mode 100644 index 0000000..6125fea --- /dev/null +++ b/doc/TODO @@ -0,0 +1,39 @@ +Next-Steps Monkeysphere Projects: +--------------------------------- + +Provide a friendly interactive UI for marginal or failing client-side + hostkey verifications. Handle the common cases smoothly, and + provide good debugging info for the unusual cases. + +Make sure onak properly escapes user IDs with colons in them. + +Build a decent, presentable web site for documentation, evangelism, + etc. Include a mention of how to report trouble or concerns. + +Create ssh2openpgp or convert to full-fledged keytrans. + +Resolve the bugs listed in openpgp2ssh(1):BUGS. + +Understand and document alternate trustdb models. + +Understand and document the output of gpg --check-trustdb: + gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model + gpg: depth: 0 valid: 2 signed: 20 trust: 0-, 0q, 0n, 0m, 0f, 2u + gpg: depth: 1 valid: 20 signed: 67 trust: 15-, 0q, 1n, 3m, 1f, 0u + gpg: next trustdb check due at 2008-10-09 + +Understand and document the numeric values between sig! and the keyid + in "gpg --check-sigs $KEYID" . Compare with the details found from + "gpg --with-colons --check-sigs $KEYID". This has to do with trust + signatures. + +Fix gpg's documentation to clarify the difference between validity and + ownertrust. Include better documentation for trust signatures. + +Make it easier to do domain-relative ssh host trust signatures with + gnupg. (e.g. "i trust Jamie McClelland (keyID 76CC057D) to properly + identify ssh servers in the mayfirst.org domain") See: + http://tools.ietf.org/html/rfc4880#section-5.2.3.21 and grep for + "tsign" in gpg(1). + +Fix the order of questions when user does a tsign in gpg or gpg2. -- cgit v1.2.3 From 79e9e7214bcbd4ecf4d555a1be413532b216c2e7 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Tue, 17 Jun 2008 14:33:19 -0400 Subject: Update man pages and TODO. --- debian/dirs | 1 + debian/monkeysphere.dirs | 1 + doc/TODO | 12 +++++++ man/man1/monkeysphere-ssh-proxycommand.1 | 13 ++++--- man/man1/monkeysphere.1 | 60 +++++++++++--------------------- man/man8/monkeysphere-server.8 | 11 +++--- 6 files changed, 48 insertions(+), 50 deletions(-) (limited to 'doc') diff --git a/debian/dirs b/debian/dirs index bdf0fe0..b458649 100644 --- a/debian/dirs +++ b/debian/dirs @@ -1,4 +1,5 @@ var/cache/monkeysphere +var/cache/monkeysphere/authorized_keys usr/bin usr/sbin usr/share diff --git a/debian/monkeysphere.dirs b/debian/monkeysphere.dirs index 4604eee..bc8abcf 100644 --- a/debian/monkeysphere.dirs +++ b/debian/monkeysphere.dirs @@ -1,4 +1,5 @@ usr/share/monkeysphere var/cache/monkeysphere +var/cache/monkeysphere/authorized_keys etc/monkeysphere etc/monkeysphere/authorized_user_ids diff --git a/doc/TODO b/doc/TODO index 6125fea..905d198 100644 --- a/doc/TODO +++ b/doc/TODO @@ -1,6 +1,18 @@ Next-Steps Monkeysphere Projects: --------------------------------- +Handle unknown hosts in such a way that they're not always removed + from known_hosts file. Ask user to lsign the host key? + +Handle multiple multiple hostnames (multiple user IDs?) when + generating host keys with gen-key. + +Make sure alternate ports are handled for known_hosts. + +Add environment variables sections to man pages. + +Script to import private key into ssh agent. + Provide a friendly interactive UI for marginal or failing client-side hostkey verifications. Handle the common cases smoothly, and provide good debugging info for the unusual cases. diff --git a/man/man1/monkeysphere-ssh-proxycommand.1 b/man/man1/monkeysphere-ssh-proxycommand.1 index 8392ae8..5fabb91 100644 --- a/man/man1/monkeysphere-ssh-proxycommand.1 +++ b/man/man1/monkeysphere-ssh-proxycommand.1 @@ -19,13 +19,12 @@ or by adding the following line to your ~/.ssh/config script: .B ProxyCommand monkeysphere-ssh-proxycommand %h %p The script is very simple, and can easily be incorporated into other -ProxyCommand scripts. All it does is first runs - -.B monkeysphere update-known-hosts HOST - -and then - -.B exec nc HOST PORT +ProxyCommand scripts. It first tests to see if the host is in the +known_hosts file. If it's not, the CHECK_KEYSERVER variable is set to +true and "update-known_hosts" is run for the host to check for a host +key for that host. If the host is found in the known_hosts file, +CHECK_KEYSERVER is set to false and "update-known_hosts" is run to +update from the local keychain. Run the following command for more info: diff --git a/man/man1/monkeysphere.1 b/man/man1/monkeysphere.1 index 95f1e59..8d89071 100644 --- a/man/man1/monkeysphere.1 +++ b/man/man1/monkeysphere.1 @@ -24,25 +24,23 @@ for authentication and encryption of ssh connection. .B update-known_hosts [HOST]... Update the known_hosts file. For each specified host, gpg will be queried for a key associated with the host URI (see HOST URIs), -querying a keyserver if none is found in the user's keychain. search -for a gpg key for the host in the Web of Trust. If a key is found, it -will be added to the host_keys cache (see KEY CACHES) and any ssh keys -for the host will be removed from the user's known_hosts file. If the -found key is acceptable (see KEY ACCEPTABILITY), then the host's gpg -key will be added to the known_hosts file. If no gpg key is found for -the host, then nothing is done. If no hosts are specified, all hosts -listed in the known_hosts file will be processed. `k' may be used in -place of `update-known_hosts'. +querying a keyserver if specified. If a key is found, it will be +converted to an ssh key, and any matching ssh keys will be removed +from the user's known_hosts file. If the found key is acceptable (see +KEY ACCEPTABILITY), then the key will be updated and re-added to the +known_hosts file. If no gpg key is found for the host, then nothing +is done. If no hosts are specified, all hosts listed in the +known_hosts file will be processed. `k' may be used in place of +`update-known_hosts'. .TP .B update-userids [USERID]... Add/update a user ID to the authorized_user_ids file. The user IDs specified should be exact matches to OpenPGP user IDs. For each specified user ID, gpg will be queried for a key associated with that -user ID, querying a keyserver if none is found in the user's keychain. -If a key is found, it will be added to the user_keys cache (see KEY -CACHES) and the user ID will be added to the user's -authorized_user_ids file (if it wasn't already present). `u' may be -used in place of `update-userids'. +user ID, querying a keyserver if specified. If a key is found, the +user ID will be added to the user's authorized_user_ids file (if it +wasn't already present). `u' may be used in place of +`update-userids'. .TP .B remove-userids [USERID]... Remove a user ID from the authorized_user_ids file. The user IDs @@ -50,11 +48,15 @@ specified should be exact matches to OpenPGP user IDs. `r' may be used in place of `remove-userids'. .TP .B update-authorized_keys -Update the monkeysphere authorized_keys file. The monkeysphere -authorized_keys file will be regenerated from the valid keys in the -user_key cache, and the user's independently controlled -authorized_keys file (usually ~/.ssh/authorized_keys). `a' may be -used in place of `update-authorized_keys'. +Update the monkeysphere authorized_keys file. For each user ID in the +user's authorized_user_ids file, gpg will be queried for keys +associated with that user ID, querying a keyserver if specified. If a +key is found, it will be converted to an ssh key, and any matching ssh +keys will be removed from the user's authorized_keys file. If the +found key is acceptable (see KEY ACCEPTABILITY), then the key will be +updated and re-added to the authorized_keys file. If no gpg key is +found for the user ID, then nothing is done. `a' may be used in place +of `update-authorized_keys'. .TP .B gen-subkey KEYID Generate an `a` capable subkey. For the primary key with the @@ -83,21 +85,6 @@ the "authentication" ("a") capability flag. .B validity The key must be "fully" valid, and must not be expired or revoked. -.SH KEY CACHES - -Monkeysphere keeps track of keys in key cache directories. The files -in the cache are named with the format "USERID_HASH.PUB_KEY_ID", where -USERID_HASH is a hash of the exact OpenPGP user ID, and PUB_KEY_ID is -the key ID of the primary key. If the user/key ID combo exists in the -Web of Trust but is not acceptable, then the file is empty. If the -primary key has at least one acceptable sub key, then an ssh-style -key, converted from the OpenPGP key, of all acceptable subkeys will be -stored in the cache file, one per line. known_hosts style key lines -will be stored in the host_keys cache files, and authorized_keys style -key lines will be stored in the user_keys cache files. OpenPGP keys -are converted to ssh-style keys with the openpgp2ssh utility (see `man -openpgp2ssh'). - .SH FILES .TP @@ -114,11 +101,6 @@ addition to the authorized_keys file. ~/.config/monkeysphere/authorized_keys Monkeysphere generated authorized_keys file. .TP -~/.config/monkeysphere/user_keys -User keys cache directory. -.TP -~/.config/monkeysphere/host_keys -Host keys cache directory. .SH AUTHOR diff --git a/man/man8/monkeysphere-server.8 b/man/man8/monkeysphere-server.8 index eafd6a8..5ca248a 100644 --- a/man/man8/monkeysphere-server.8 +++ b/man/man8/monkeysphere-server.8 @@ -24,8 +24,11 @@ be used for authentication and encryption of ssh connection. .B update-users [USER]... Update the admin-controlled authorized_keys files for user. For each user specified, update the user's authorized_keys file in -/var/cache/monkeysphere/USER. See `man monkeysphere' for more info. -`k' may be used in place of `update-known_hosts'. +/var/cache/monkeysphere/authorized_keys/USER. See `man monkeysphere' +for more info. If the USER_CONTROLLED_AUTHORIZED_KEYS variable is +set, then a user-controlled authorized_keys file (usually +~USER/.ssh/authorized_keys) is added to the authorized_keys file. `k' +may be used in place of `update-known_hosts'. .TP .B gen-key Generate a gpg key for the host. `g' may be used in place of @@ -66,8 +69,8 @@ Monkeysphere GNUPG home directory. /etc/monkeysphere/authorized_user_ids/USER Server maintained authorized_user_ids files for users. .TP -/var/cache/monkeysphere/USER -User keys cache directories. +/var/cache/monkeysphere/authorized_keys/USER +User authorized_keys file. .SH AUTHOR -- cgit v1.2.3