summaryrefslogtreecommitdiff
path: root/man/man1/monkeysphere.1
blob: fe4fd36e8eb3530a735d470c3e34786443aabf45 (plain) 
    

  1. .TH MONKEYSPHERE "1" "June 2008" "monkeysphere 0.1" "User Commands"
    2. 

  2. 

  3. .SH NAME
    4. 

  4. 

  5. monkeysphere \- Monkeysphere client user interface
    6. 

  6. 

  7. .SH SYNOPSIS
    8. 

  8. 

  9. .B monkeysphere \fIsubcommand\fP [\fIargs\fP]
    10. 

  10. 

  11. .SH DESCRIPTION
    12. 

  12. 

  13. \fBMonkeysphere\fP is a framework to leverage the OpenPGP web of trust
    14. 

  14. for OpenSSH authentication.  OpenPGP keys are tracked via GnuPG, and
    15. 

  15. added to the authorized_keys and known_hosts files used by OpenSSH for
    16. 

  16. connection authentication.
    17. 

  17. 

  18. \fBmonkeysphere\fP is the Monkeysphere client utility.
    19. 

  19. 

  20. .SH SUBCOMMANDS
    21. 

  21. 

  22. \fBmonkeysphere\fP takes various subcommands:
    23. 

  23. .TP
    24. 

  24. .B update-known_hosts [HOST]...
    25. 

  25. Update the known_hosts file.  For each specified host, gpg will be
    26. 

  26. queried for a key associated with the host URI (see HOST
    27. 

  27. IDENTIFICATION in monkeysphere(5)), optionally querying a keyserver.
    28. 

  28. If an acceptable key is found for the host (see KEY ACCEPTABILITY in
    29. 

  29. monkeysphere(5)), the key is added to the user's known_hosts file.  If
    30. 

  30. a key is found but is unacceptable for the host, any matching keys are
    31. 

  31. removed from the user's known_hosts file.  If no gpg key is found for
    32. 

  32. the host, nothing is done.  If no hosts are specified, all hosts
    33. 

  33. listed in the known_hosts file will be processed.  This subcommand
    34. 

  34. will exit with a status of 0 if at least one acceptable key was found
    35. 

  35. for a specified host, 1 if no matching keys were found at all, and 2
    36. 

  36. if matching keys were found but none were acceptable.  `k' may be used
    37. 

  37. in place of `update-known_hosts'.
    38. 

  38. .TP
    39. 

  39. .B update-authorized_keys
    40. 

  40. Update the authorized_keys file for the user executing the command
    41. 

  41. (see MONKEYSPHERE_AUTHORIZED_KEYS in ENVIRONMENT, below).  First all
    42. 

  42. monkeysphere keys are cleared from the authorized_keys file.  Then, or
    43. 

  43. each user ID in the user's authorized_user_ids file, gpg will be
    44. 

  44. queried for keys associated with that user ID, optionally querying a
    45. 

  45. keyserver.  If an acceptable key is found (see KEY ACCEPTABILITY in
    46. 

  46. monkeysphere(5)), the key is added to the user's authorized_keys file.
    47. 

  47. If a key is found but is unacceptable for the user ID, any matching
    48. 

  48. keys are removed from the user's authorized_keys file.  If no gpg key
    49. 

  49. is found for the user ID, nothing is done.  This subcommand will exit
    50. 

  50. with a status of 0 if at least one acceptable key was found for a user
    51. 

  51. ID, 1 if no matching keys were found at all, and 2 if matching keys
    52. 

  52. were found but none were acceptable.  `a' may be used in place of
    53. 

  53. `update-authorized_keys'.
    54. 

  54. .TP
    55. 

  55. .B gen-subkey KEYID
    56. 

  56. Generate an authentication subkey.  For the primary key with the
    57. 

  57. specified key ID, generate a subkey with "authentication" capability
    58. 

  58. that can be used for monkeysphere transactions.  An expiration length
    59. 

  59. can be specified with the `-e' or `--expire' option (prompt
    60. 

  60. otherwise).  `g' may be used in place of `gen-subkey'.
    61. 

  61. .TP
    62. 

  62. .B help
    63. 

  63. Output a brief usage summary.  `h' or `?' may be used in place of
    64. 

  64. `help'.
    65. 

  65. 

  66. .SH ENVIRONMENT
    67. 

  67. 

  68. The following environment variables will override those specified in
    69. 

  69. the monkeysphere.conf configuration file (defaults in parentheses):
    70. 

  70. .TP
    71. 

  71. MONKEYSPHERE_GNUPGHOME, GNUPGHOME
    72. 

  72. GnuPG home directory (~/.gnupg).
    73. 

  73. .TP
    74. 

  74. MONKEYSPHERE_KEYSERVER
    75. 

  75. OpenPGP keyserver to use (subkeys.pgp.net).
    76. 

  76. .TP
    77. 

  77. MONKEYSPHERE_CHECK_KEYSERVER
    78. 

  78. Whether or not to check keyserver when making gpg queries (`true').
    79. 

  79. .TP
    80. 

  80. MONKEYSPHERE_KNOWN_HOSTS
    81. 

  81. Path to ssh known_hosts file (~/.ssh/known_hosts).
    82. 

  82. .TP
    83. 

  83. MONKEYSPHERE_HASH_KNOWN_HOSTS
    84. 

  84. Whether or not to hash to the known_hosts file entries (`true').
    85. 

  85. .TP
    86. 

  86. MONKEYSPHERE_AUTHORIZED_KEYS
    87. 

  87. Path to ssh authorized_keys file (~/.ssh/authorized_keys).
    88. 

  88. 

  89. .SH FILES
    90. 

  90. 

  91. .TP
    92. 

  92. ~/.config/monkeysphere/monkeysphere.conf
    93. 

  93. User monkeysphere config file.
    94. 

  94. .TP
    95. 

  95. /etc/monkeysphere/monkeysphere.conf
    96. 

  96. System-wide monkeysphere config file.
    97. 

  97. .TP
    98. 

  98. ~/.config/monkeysphere/authorized_user_ids
    99. 

  99. OpenPGP user IDs associated with keys that will be checked for
    100. 

  100. addition to the authorized_keys file.
    101. 

  101. 

  102. .SH AUTHOR
    103. 

  103. 

  104. Written by Jameson Rollins <jrollins@fifthhorseman.net>, Daniel
    105. 

  105. Kahn Gillmor <dkg@fifthhorseman.net>
    106. 

  106. 

  107. .SH SEE ALSO
    108. 

  108. 

  109. .BR monkeysphere-ssh-proxycommand (1),
    110. 

  110. .BR monkeysphere-server (8),
    111. 

  111. .BR monkeysphere (5),
    112. 

  112. .BR ssh (1),
    113. 

  113. .BR gpg (1)
    114.
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-23 03:15:29 +0000