summaryrefslogtreecommitdiff
path: root/doc/README
blob: 427f214f4d82916d2b8141a6ed53cd29f9cf4682 (plain)
  1. Monkeysphere README
  2. ===================
  3. user usage
  4. ----------
  5. For a user to update their known_hosts file:
  6. $ monkeysphere update-known_hosts
  7. For a user to update their monkeysphere authorized_keys file:
  8. $ monkeysphere update-authorized_keys
  9. server service publication
  10. --------------------------
  11. To publish a server host key:
  12. # monkeysphere-server gen-key
  13. # monkeysphere-server publish-key
  14. This will generate the key for server with the service URI
  15. (ssh://server.hostname). The server admin should now sign the server
  16. key so that people in the admin's web of trust can authenticate the
  17. server without manual host key checking:
  18. $ gpg --search ='ssh://server.hostname'
  19. $ gpg --sign-key 'ssh://server.hostname'
  20. server authorized_keys maintenance
  21. ----------------------------------
  22. A system can maintain monkeysphere authorized_keys files for it's
  23. users.
  24. For each user account on the server, the userids of people authorized
  25. to log into that account would be placed in:
  26. /etc/monkeysphere/authorized_user_file/USER
  27. However, in order for users to become authenticated, the server must
  28. determine that the user keys have "full" validity. This means that
  29. the server must fully trust at least one person whose signature on the
  30. connecting users key would validate the user. This would generally be
  31. the server admin. If the server admin's keyid is XXXXXXXX, then on
  32. the server run:
  33. # monkeysphere-server trust-keys XXXXXXXX
  34. To update the monkeysphere authorized_keys file for user "bob", the
  35. system would then run the following:
  36. # monkeysphere-server update-users bob
  37. To update the monkeysphere authorized_keys file for all users on the
  38. the system, run the same command with no arguments:
  39. # monkeysphere-server update-users bob