From f511119f57f076147acb2b5dccae597b34df6c8d Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Thu, 19 Jun 2008 16:57:09 -0400 Subject: Remove {update,remove}-userids functions, since we decided they weren't worth it. Updated man pages as well. --- man/man1/monkeysphere-ssh-proxycommand.1 | 30 +++++++++++++++++++++--------- man/man1/monkeysphere.1 | 21 +-------------------- 2 files changed, 22 insertions(+), 29 deletions(-) (limited to 'man/man1') diff --git a/man/man1/monkeysphere-ssh-proxycommand.1 b/man/man1/monkeysphere-ssh-proxycommand.1 index 5fabb91..c4196f2 100644 --- a/man/man1/monkeysphere-ssh-proxycommand.1 +++ b/man/man1/monkeysphere-ssh-proxycommand.1 @@ -18,17 +18,29 @@ or by adding the following line to your ~/.ssh/config script: .B ProxyCommand monkeysphere-ssh-proxycommand %h %p -The script is very simple, and can easily be incorporated into other -ProxyCommand scripts. It first tests to see if the host is in the -known_hosts file. If it's not, the CHECK_KEYSERVER variable is set to -true and "update-known_hosts" is run for the host to check for a host -key for that host. If the host is found in the known_hosts file, -CHECK_KEYSERVER is set to false and "update-known_hosts" is run to -update from the local keychain. +The script can easily be incorporated into other ProxyCommand scripts +by calling it with the "--no-connect" option, ie: -Run the following command for more info: +.B monkeysphere-ssh-proxycommand --no-connect "$HOST" "$PORT" -.B less $(which monkeysphere-ssh-proxycommand) +This will run everything but will not exec netcat to make the tcp +connection to the host. + +.SH KEYSERVER CHECKING + +The proxy command has a fairly nuanced policy for when keyservers are +queried when processing host. If the host userID is not found in +either the user's keyring or in the known_hosts file, then the +keyserver is queried for the host userID. If the host userID is found +in the user's keyring, then the keyserver is not checked. This is +because... If the host userID is not found in the user's keyring, but +the host is listed in the known_hosts file, then defered check is +scheduled. + +.SH ENVIRONMENT VARIABLES + +.TP +KEYSERVER The keyserver to query. .SH AUTHOR diff --git a/man/man1/monkeysphere.1 b/man/man1/monkeysphere.1 index f36d69e..30e35bb 100644 --- a/man/man1/monkeysphere.1 +++ b/man/man1/monkeysphere.1 @@ -33,20 +33,6 @@ is done. If no hosts are specified, all hosts listed in the known_hosts file will be processed. `k' may be used in place of `update-known_hosts'. .TP -.B update-userids [USERID]... -Add/update a user ID to the authorized_user_ids file. The user IDs -specified should be exact matches to OpenPGP user IDs. For each -specified user ID, gpg will be queried for a key associated with that -user ID, querying a keyserver if specified. If a key is found, the -user ID will be added to the user's authorized_user_ids file (if it -wasn't already present). `u' may be used in place of -`update-userids'. -.TP -.B remove-userids [USERID]... -Remove a user ID from the authorized_user_ids file. The user IDs -specified should be exact matches to OpenPGP user IDs. `r' may be -used in place of `remove-userids'. -.TP .B update-authorized_keys Update the monkeysphere authorized_keys file. For each user ID in the user's authorized_user_ids file, gpg will be queried for keys @@ -78,9 +64,7 @@ specification for the host, ie. "ssh://host.full.domain". GPG keys are considered acceptable if the following criteria are met: .TP .B capability -For host keys, the key must have both the "authentication" ("a") and -"encrypt" ("e") capability flags. For user keys, the key must have -the "authentication" ("a") capability flag. +The key must have the "authentication" ("a") usage flag set. .TP .B validity The key must be "fully" valid, and must not be expired or revoked. @@ -97,9 +81,6 @@ System-wide monkeysphere config file. ~/.config/monkeysphere/authorized_user_ids OpenPGP user IDs associated with keys that will be checked for addition to the authorized_keys file. -.TP -~/.config/monkeysphere/authorized_keys -Monkeysphere generated authorized_keys file. .SH AUTHOR -- cgit v1.2.3