summaryrefslogtreecommitdiff
path: root/man/man1/monkeysphere-ssh-proxycommand.1
blob: a31a9d1598b7f671dce9dca6916be9faed6275b9 (plain) 
    

  1. .TH MONKEYSPHERE-SSH-PROXYCOMMAND "1" "June 2008" "monkeysphere 0.1" "User Commands"
    2. 

  2. 

  3. .SH NAME
    4. 

  4. 

  5. monkeysphere-ssh-proxycommand \- MonkeySphere ssh ProxyCommand script
    6. 

  6. 

  7. .SH DESCRIPTION
    8. 

  8. 

  9. \fBmonkeysphere-ssh-proxy\fP is an ssh proxy command that can be used
    10. 

  10. to trigger a monkeysphere update of the known_hosts file for the hosts
    11. 

  11. that are being connected to.  It is meant to be run as an ssh
    12. 

  12. ProxyCommand.  This can either be done by specifying the proxy command
    13. 

  13. on the command line:
    14. 

  14. 

  15. .B ssh -o ProxyCommand="monkeysphere-ssh-proxycommand %h %p" ...
    16. 

  16. 

  17. or by adding the following line to your ~/.ssh/config script:
    18. 

  18. 

  19. .B ProxyCommand monkeysphere-ssh-proxycommand %h %p
    20. 

  20. 

  21. The script can easily be incorporated into other ProxyCommand scripts
    22. 

  22. by calling it with the "--no-connect" option, i.e.:
    23. 

  23. 

  24. .B monkeysphere-ssh-proxycommand --no-connect "$HOST" "$PORT"
    25. 

  25. 

  26. This will run everything but will not exec netcat to make the tcp
    27. 

  27. connection to the host.
    28. 

  28. 

  29. .SH KEYSERVER CHECKING
    30. 

  30. 

  31. The proxy command has a fairly nuanced policy for when keyservers are
    32. 

  32. queried when processing host.  If the host userID is not found in
    33. 

  33. either the user's keyring or in the known_hosts file, then the
    34. 

  34. keyserver is queried for the host userID.  If the host userID is found
    35. 

  35. in the user's keyring, then the keyserver is not checked.  This
    36. 

  36. assumes that the keyring is kept up-to-date, in a cron job or the
    37. 

  37. like, so that revocations are properly handled.  If the host userID is
    38. 

  38. not found in the user's keyring, but the host is listed in the
    39. 

  39. known_hosts file, then the keyserver is not checked.  This last policy
    40. 

  40. might change in the future, possibly by adding a deferred check, so
    41. 

  41. that hosts that go from non-monkeysphere-enabled to
    42. 

  42. monkeysphere-enabled will be properly checked.
    43. 

  43. 

  44. .SH ENVIRONMENT VARIABLES
    45. 

  45. 

  46. All environment variables defined in monkeysphere(1) can also be used
    47. 

  47. for the proxycommand, with one note:
    48. 

  48. 

  49. .TP
    50. 

  50. MONKEYSPHERE_CHECK_KEYSERVER
    51. 

  51. Setting this variable (to `true' or `false') will override the policy
    52. 

  52. defined in KEYSERVER CHECKING above.
    53. 

  53. 

  54. .SH AUTHOR
    55. 

  55. 

  56. Written by Jameson Rollins <jrollins@fifthhorseman.net>
    57. 

  57. 

  58. .SH SEE ALSO
    59. 

  59. 

  60. .BR monkeysphere (1),
    61. 

  61. .BR ssh (1),
    62. 

  62. .BR gpg (1)
    63.
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-23 19:50:51 +0000