From 91f880160dba51966ca8940fd42fcd6c8a268c5a Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 4 Sep 2008 22:29:39 -0400 Subject: moved monkeysphere(5) to section 7 of the manual. Thanks, Stew! --- man/man1/monkeysphere-ssh-proxycommand.1 | 1 + man/man1/monkeysphere.1 | 8 ++--- man/man1/openpgp2ssh.1 | 4 +-- man/man5/monkeysphere.5 | 54 -------------------------------- man/man7/monkeysphere.7 | 54 ++++++++++++++++++++++++++++++++ man/man8/monkeysphere-server.8 | 4 +-- 6 files changed, 63 insertions(+), 62 deletions(-) delete mode 100644 man/man5/monkeysphere.5 create mode 100644 man/man7/monkeysphere.7 (limited to 'man') diff --git a/man/man1/monkeysphere-ssh-proxycommand.1 b/man/man1/monkeysphere-ssh-proxycommand.1 index 41b2e40..1606a5d 100644 --- a/man/man1/monkeysphere-ssh-proxycommand.1 +++ b/man/man1/monkeysphere-ssh-proxycommand.1 @@ -66,6 +66,7 @@ Written by Jameson Rollins .SH SEE ALSO .BR monkeysphere (1), +.BR monkeysphere (7), .BR ssh (1), .BR ssh_config (5), .BR netcat (1), diff --git a/man/man1/monkeysphere.1 b/man/man1/monkeysphere.1 index cabe953..3ece735 100644 --- a/man/man1/monkeysphere.1 +++ b/man/man1/monkeysphere.1 @@ -25,10 +25,10 @@ connection authentication. Update the known_hosts file. For each specified host, gpg will be queried for a key associated with the host URI (see HOST IDENTIFICATION in -.BR monkeysphere(5)), +.BR monkeysphere(7)), optionally querying a keyserver. If an acceptable key is found for the host (see KEY ACCEPTABILITY in -.BR monkeysphere(5)), +.BR monkeysphere(7)), the key is added to the user's known_hosts file. If a key is found but is unacceptable for the host, any matching keys are removed from the user's known_hosts file. If no gpg key is found for the host, @@ -46,7 +46,7 @@ monkeysphere keys are cleared from the authorized_keys file. Then, or each user ID in the user's authorized_user_ids file, gpg will be queried for keys associated with that user ID, optionally querying a keyserver. If an acceptable key is found (see KEY ACCEPTABILITY in -.BR monkeysphere (5)), +.BR monkeysphere (7)), the key is added to the user's authorized_keys file. If a key is found but is unacceptable for the user ID, any matching keys are removed from the user's authorized_keys file. If no gpg key @@ -127,7 +127,7 @@ Kahn Gillmor .BR monkeysphere-ssh-proxycommand (1), .BR monkeysphere-server (8), -.BR monkeysphere (5), +.BR monkeysphere (7), .BR ssh (1), .BR ssh-add (1), .BR gpg (1) diff --git a/man/man1/openpgp2ssh.1 b/man/man1/openpgp2ssh.1 index 281bb0f..89df047 100644 --- a/man/man1/openpgp2ssh.1 +++ b/man/man1/openpgp2ssh.1 @@ -38,7 +38,7 @@ converted to the equivalent PEM-encoded private key. .Pp .Nm is part of the -.Xr monkeysphere 5 +.Xr monkeysphere 7 framework for providing a PKI for SSH. .Sh CAVEATS The keys produced by this process are stripped of all identifying @@ -91,6 +91,6 @@ passed in. If you send it more than one primary key, it will silently ignore later ones. .Sh SEE ALSO .Xr monkeysphere 1 , -.Xr monkeysphere 5 , +.Xr monkeysphere 7 , .Xr ssh 1 , .Xr monkeysphere-server 8 diff --git a/man/man5/monkeysphere.5 b/man/man5/monkeysphere.5 deleted file mode 100644 index 50ad2b3..0000000 --- a/man/man5/monkeysphere.5 +++ /dev/null @@ -1,54 +0,0 @@ -.TH MONKEYSPHERE "5" "June 2008" "monkeysphere" "System Frameworks" - -.SH NAME - -monkeysphere \- ssh authentication framework using OpenPGP Web of -Trust - -.SH DESCRIPTION - -\fBMonkeySphere\fP is a framework to leverage the OpenPGP Web of Trust -for ssh authentication. OpenPGP keys are tracked via GnuPG, and added -to the authorized_keys and known_hosts files used by ssh for -connection authentication. - -.SH IDENTITY CERTIFIERS - -FIXME: describe identity certifier concept - -.SH KEY ACCEPTABILITY - -During known_host and authorized_keys updates, the monkeysphere -commands work from a set of user IDs to determine acceptable keys for -ssh authentication. OpenPGP keys are considered acceptable if the -following criteria are met: -.TP -.B capability -The key must have the "authentication" ("a") usage flag set. -.TP -.B validity -The key itself must be valid, i.e. it must be well-formed, not -expired, and not revoked. -.TP -.B certification -The relevant user ID must be signed by a trusted identity certifier. - -.SH HOST IDENTIFICATION - -The OpenPGP keys for hosts have associated user IDs that use the ssh -URI specification for the host, i.e. "ssh://host.full.domain[:port]". - -.SH AUTHOR - -Written by Jameson Rollins , Daniel Kahn -Gillmor - -.SH SEE ALSO - -.BR monkeysphere (1), -.BR monkeysphere-server (8), -.BR monkeysphere-ssh-proxycommand (1), -.BR gpg (1), -.BR ssh (1), -.BR http://tools.ietf.org/html/rfc4880, -.BR http://tools.ietf.org/wg/secsh/draft-ietf-secsh-scp-sftp-ssh-uri/ diff --git a/man/man7/monkeysphere.7 b/man/man7/monkeysphere.7 new file mode 100644 index 0000000..8d7c43a --- /dev/null +++ b/man/man7/monkeysphere.7 @@ -0,0 +1,54 @@ +.TH MONKEYSPHERE "7" "June 2008" "monkeysphere" "System Frameworks" + +.SH NAME + +monkeysphere \- ssh authentication framework using OpenPGP Web of +Trust + +.SH DESCRIPTION + +\fBMonkeySphere\fP is a framework to leverage the OpenPGP Web of Trust +for ssh authentication. OpenPGP keys are tracked via GnuPG, and added +to the authorized_keys and known_hosts files used by ssh for +connection authentication. + +.SH IDENTITY CERTIFIERS + +FIXME: describe identity certifier concept + +.SH KEY ACCEPTABILITY + +During known_host and authorized_keys updates, the monkeysphere +commands work from a set of user IDs to determine acceptable keys for +ssh authentication. OpenPGP keys are considered acceptable if the +following criteria are met: +.TP +.B capability +The key must have the "authentication" ("a") usage flag set. +.TP +.B validity +The key itself must be valid, i.e. it must be well-formed, not +expired, and not revoked. +.TP +.B certification +The relevant user ID must be signed by a trusted identity certifier. + +.SH HOST IDENTIFICATION + +The OpenPGP keys for hosts have associated user IDs that use the ssh +URI specification for the host, i.e. "ssh://host.full.domain[:port]". + +.SH AUTHOR + +Written by Jameson Rollins , Daniel Kahn +Gillmor + +.SH SEE ALSO + +.BR monkeysphere (1), +.BR monkeysphere-server (8), +.BR monkeysphere-ssh-proxycommand (1), +.BR gpg (1), +.BR ssh (1), +.BR http://tools.ietf.org/html/rfc4880, +.BR http://tools.ietf.org/wg/secsh/draft-ietf-secsh-scp-sftp-ssh-uri/ diff --git a/man/man8/monkeysphere-server.8 b/man/man8/monkeysphere-server.8 index 46a9727..f207e2c 100644 --- a/man/man8/monkeysphere-server.8 +++ b/man/man8/monkeysphere-server.8 @@ -27,7 +27,7 @@ specified account, the user ID's listed in the account's authorized_user_ids file are processed. For each user ID, gpg will be queried for keys associated with that user ID, optionally querying a keyserver. If an acceptable key is found (see KEY ACCEPTABILITY in -monkeysphere(5)), the key is added to the account's +monkeysphere(7)), the key is added to the account's monkeysphere-controlled authorized_keys file. If the RAW_AUTHORIZED_KEYS variable is set, then a separate authorized_keys file (usually ~USER/.ssh/authorized_keys) is appended to the @@ -230,6 +230,6 @@ Gillmor .SH SEE ALSO .BR monkeysphere (1), -.BR monkeysphere (5), +.BR monkeysphere (7), .BR gpg (1), .BR ssh (1) -- cgit v1.2.3