summaryrefslogtreecommitdiff
path: root/man/man1/monkeysphere-ssh-proxycommand.1
blob: 1606a5d2c318cece3d072a32d91c273c22dff33e (plain) 
    

  1. .TH MONKEYSPHERE-SSH-PROXYCOMMAND "1" "June 2008" "monkeysphere 0.1" "User Commands"
    2. 

  2. 

  3. .SH NAME
    4. 

  4. 

  5. monkeysphere-ssh-proxycommand \- MonkeySphere ssh ProxyCommand script
    6. 

  6. 

  7. .SH DESCRIPTION
    8. 

  8. 

  9. \fBmonkeysphere-ssh-proxy\fP is an ssh proxy command that can be used
    10. 

  10. to trigger a monkeysphere update of the ssh known_hosts file for a
    11. 

  11. host that is being connected to with ssh.  This works by updating the
    12. 

  12. known_hosts file for the host first, before an attempted connection to
    13. 

  13. the host is made.  Once the known_hosts file has been updated, a TCP
    14. 

  14. connection to the host is made by exec'ing netcat(1).  Regular ssh
    15. 

  15. communication is then done over this netcat TCP connection (see
    16. 

  16. ProxyCommand in ssh_config(5) for more info).
    17. 

  17. 

  18. This command is meant to be run as the ssh "ProxyCommand".  This can
    19. 

  19. either be done by specifying the proxy command on the command line:
    20. 

  20. 

  21. .B ssh -o ProxyCommand="monkeysphere-ssh-proxycommand %h %p" ...
    22. 

  22. 

  23. or by adding the following line to your ~/.ssh/config script:
    24. 

  24. 

  25. .B ProxyCommand monkeysphere-ssh-proxycommand %h %p
    26. 

  26. 

  27. The script can easily be incorporated into other ProxyCommand scripts
    28. 

  28. by calling it with the "--no-connect" option, i.e.:
    29. 

  29. 

  30. .B monkeysphere-ssh-proxycommand --no-connect "$HOST" "$PORT"
    31. 

  31. 

  32. This will run everything except the final exec of netcat to make the
    33. 

  33. TCP connection to the host.  In this way this command can be added to
    34. 

  34. another proxy command that does other stuff, and then makes the
    35. 

  35. connection to the host itself.
    36. 

  36. 

  37. .SH KEYSERVER CHECKING
    38. 

  38. 

  39. The proxy command has a fairly nuanced policy for when keyservers are
    40. 

  40. queried when processing a host.  If the host userID is not found in
    41. 

  41. either the user's keyring or in the known_hosts file, then the
    42. 

  42. keyserver is queried for the host userID.  If the host userID is found
    43. 

  43. in the user's keyring, then the keyserver is not checked.  This
    44. 

  44. assumes that the keyring is kept up-to-date, in a cronjob or the like,
    45. 

  45. so that revocations are properly handled.  If the host userID is not
    46. 

  46. found in the user's keyring, but the host is listed in the known_hosts
    47. 

  47. file, then the keyserver is not checked.  This last policy might
    48. 

  48. change in the future, possibly by adding a deferred check, so that
    49. 

  49. hosts that go from non-monkeysphere-enabled to monkeysphere-enabled
    50. 

  50. will be properly checked.
    51. 

  51. 

  52. .SH ENVIRONMENT VARIABLES
    53. 

  53. 

  54. All environment variables defined in monkeysphere(1) can also be used
    55. 

  55. for the proxy command, with one note:
    56. 

  56. 

  57. .TP
    58. 

  58. MONKEYSPHERE_CHECK_KEYSERVER
    59. 

  59. Setting this variable (to `true' or `false') will override the policy
    60. 

  60. defined in KEYSERVER CHECKING above.
    61. 

  61. 

  62. .SH AUTHOR
    63. 

  63. 

  64. Written by Jameson Rollins <jrollins@fifthhorseman.net>
    65. 

  65. 

  66. .SH SEE ALSO
    67. 

  67. 

  68. .BR monkeysphere (1),
    69. 

  69. .BR monkeysphere (7),
    70. 

  70. .BR ssh (1),
    71. 

  71. .BR ssh_config (5),
    72. 

  72. .BR netcat (1),
    73. 

  73. .BR gpg (1)
    74.
generated by cgit v1.2.3 (git 2.46.0) at 2024-11-04 21:32:49 +0000