summaryrefslogtreecommitdiff
path: root/doc/announcement.html
blob: 489dae595f2ada50fba35db7fc6de7243ab98354 (plain)
  1. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
  2. <html>
  3. <head>
  4. <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-15">
  5. <title>Announcing the Monkeysphere</title>
  6. </head>
  7. <!-- This is a draft of a wider announcement for the Monkeysphere.
  8. dkg will probably post the final version in his blog at
  9. https://www.debian-administration.org/users/dkg/weblog
  10. Edits are welcome! -->
  11. <body>
  12. <h1>Monkeysphere: an OpenPGP-based PKI for SSH</h1>
  13. <p>Ever thought that there should be an automated way to handle ssh
  14. keys? Do you know the administrators of your servers, and wish that
  15. SSH could verify new host keys from them automatically, based on your
  16. personal connections to the web-of-trust? Do you wish you could
  17. revoke and rotate your old SSH authentication keys without having to
  18. log into every single machine?</p>
  19. <p>Do you administer servers, and wish you could re-key them without
  20. sowing massive pain and confusion among your users (or worse,
  21. encouraging bad security habits among them)? Do you wish you could
  22. identify the users to grant access by name, instead of by opaque
  23. string? Do you wish you could rapidly grant or revoke access to a
  24. user across a group of machines by enabling or disabling
  25. authentication for that user?</p>
  26. <p>A group of us have been working on a public key infrastructure for
  27. SSH. <a href="http://monkeysphere.info">Monkeysphere</a> makes use of
  28. the existing OpenPGP web-of-trust to fetch and cryptographically
  29. validate (and revoke!) keys. This works in either directions: both
  30. <code>authorized_keys</code> <em>and</em> <code>known_hosts</code> are
  31. handled. Monkeysphere gives users and admins tools to deal with SSH
  32. keys by thinking about the people and machines to whom the keys
  33. belong, instead of requiring humans to do tedious (and error-prone)
  34. manual key verification.</p>
  35. <p>We have <a href="http://monkeysphere.info/download">debian packages
  36. available</a> which should install against lenny, <a
  37. href="https://lists.riseup.net/www/info/monkeysphere">a mailing
  38. list</a>, and open ears for good questions, suggestions and
  39. criticism.</p>
  40. <p>If you have a chance to give it a try (<a href="???">as a user</a>
  41. or <a href="???">as an admin</a>), it would be great to <a
  42. href="https://lists.riseup.net/www/info/monkeysphere">get
  43. feedback</a>.</p>
  44. </body> </html>