summaryrefslogtreecommitdiff
path: root/man/man1/monkeysphere.1
blob: 526cad6d76e79ad0b9a6246e3a3a597717dd962c (plain) 
    

  1. .TH MONKEYSPHERE "1" "June 2008" "monkeysphere 0.1" "User Commands"
    2. 

  2. 

  3. .SH NAME
    4. 

  4. 

  5. monkeysphere \- MonkeySphere client user interface
    6. 

  6. 

  7. .SH SYNOPSIS
    8. 

  8. 

  9. .B monkeysphere \fIcommand\fP [\fIargs\fP]
    10. 

  10. 

  11. .SH DESCRIPTION
    12. 

  12. 

  13. MonkeySphere is a system to leverage the OpenPGP Web of Trust for ssh
    14. 

  14. authentication and encryption.  OpenPGP keys are tracked via GnuPG,
    15. 

  15. and added to the ssh authorized_keys and known_hosts files to be used
    16. 

  16. for authentication and encryption of ssh connection.
    17. 

  17. 

  18. \fBmonkeysphere\fP is the MonkeySphere client utility.
    19. 

  19. 

  20. .SH SUBCOMMANDS
    21. 

  21. 

  22. \fBmonkeysphere\fP takes various subcommands:
    23. 

  23. .TP
    24. 

  24. .B update-known_hosts [HOST]...
    25. 

  25. Update the known_hosts file.  For each specified host, gpg will be
    26. 

  26. queried for a key associated with the host URI (see HOST URIs),
    27. 

  27. querying a keyserver if none is found in the user's keychain. search
    28. 

  28. for a gpg key for the host in the Web of Trust.  If a key is found, it
    29. 

  29. will be added to the host_keys cache (see KEY CACHES) and any ssh keys
    30. 

  30. for the host will be removed from the user's known_hosts file.  If the
    31. 

  31. found key is acceptable (see KEY ACCEPTABILITY), then the host's gpg
    32. 

  32. key will be added to the known_hosts file.  If no gpg key is found for
    33. 

  33. the host, then nothing is done.  If no hosts are specified, all hosts
    34. 

  34. listed in the known_hosts file will be processed.  `k' may be used in
    35. 

  35. place of `update-known_hosts'.
    36. 

  36. .TP
    37. 

  37. .B update-userids [USERID]...
    38. 

  38. Add/update a user ID to the authorized_user_ids file.  The user IDs
    39. 

  39. specified should be exact matches to OpenPGP user IDs.  For each
    40. 

  40. specified user ID, gpg will be queried for a key associated with that
    41. 

  41. user ID, querying a keyserver if none is found in the user's keychain.
    42. 

  42. If a key is found, it will be added to the user_keys cache (see KEY
    43. 

  43. CACHES) and the user ID will be added to the user's
    44. 

  44. authorized_user_ids file (if it wasn't already present).  `u' may be
    45. 

  45. used in place of `update-userids'.
    46. 

  46. .TP
    47. 

  47. .B remove-userids [USERID]...
    48. 

  48. Remove a user ID from the authorized_user_ids file.  The user IDs
    49. 

  49. specified should be exact matches to OpenPGP user IDs.  `r' may be
    50. 

  50. used in place of `remove-userids'.
    51. 

  51. .TP
    52. 

  52. .B update-authorized_keys
    53. 

  53. Update the monkeysphere authorized_keys file.  The monkeysphere
    54. 

  54. authorized_keys file will be regenerated from the valid keys in the
    55. 

  55. user_key cache, and the user's independently controlled
    56. 

  56. authorized_keys file (usually ~/.ssh/authorized_keys).  `a' may be
    57. 

  57. used in place of `update-authorized_keys'.
    58. 

  58. .TP
    59. 

  59. .B gen-ae-subkey KEYID
    60. 

  60. Generate an `ae` capable subkey.  For the primary key with the
    61. 

  61. specified key ID, generate a subkey with "authentication" and
    62. 

  62. "encryption" capability that can be used for MonkeySphere
    63. 

  63. transactions.  `g' may be used in place of `gen-ae-subkey'.
    64. 

  64. .TP
    65. 

  65. .B help
    66. 

  66. Output a brief usage summary.  `h' or `?' may be used in place of
    67. 

  67. `help'.
    68. 

  68. 

  69. .SH HOST URIs
    70. 

  70. 

  71. Host OpenPGP keys have associated user IDs that use the ssh URI
    72. 

  72. specification for the host, ie. "ssh://host.full.domain".
    73. 

  73. 

  74. .SH KEY ACCEPTABILITY
    75. 

  75. 

  76. GPG keys are considered acceptable if the following criteria are met:
    77. 

  77. .TP
    78. 

  78. .B capability
    79. 

  79. The key must have both the "authentication" and "encrypt" capability
    80. 

  80. flags.
    81. 

  81. .TP
    82. 

  82. .B validity
    83. 

  83. The key must be "fully" valid, and must not be expired or revoked.
    84. 

  84. 

  85. .SH KEY CACHES
    86. 

  86. 

  87. Monkeysphere keeps track of keys in key cache directories.  The files
    88. 

  88. in the cache are named with the format "USERID_HASH.PUB_KEY_ID", where
    89. 

  89. USERID_HASH is a hash of the exact OpenPGP user ID, and PUB_KEY_ID is
    90. 

  90. the key ID of the primary key.  If the user/key ID combo exists in the
    91. 

  91. Web of Trust but is not acceptable, then the file is empty.  If the
    92. 

  92. primary key has at least one acceptable sub key, then an ssh-style
    93. 

  93. key, converted from the OpenPGP key, of all acceptable subkeys will be
    94. 

  94. stored in the cache file, one per line.  known_hosts style key lines
    95. 

  95. will be stored in the host_keys cache files, and authorized_keys style
    96. 

  96. key lines will be stored in the user_keys cache files.  OpenPGP keys
    97. 

  97. are converted to ssh-style keys with the openpgp2ssh utility (see `man
    98. 

  98. openpgp2ssh').
    99. 

  99. 

  100. .SH FILES
    101. 

  101. 

  102. .TP
    103. 

  103. ~/.config/monkeysphere/monkeysphere.conf
    104. 

  104. User monkeysphere config file.
    105. 

  105. .TP
    106. 

  106. /etc/monkeysphere/monkeysphere.conf
    107. 

  107. System-wide monkeysphere config file.
    108. 

  108. .TP
    109. 

  109. ~/.config/monkeysphere/authorized_user_ids
    110. 

  110. OpenPGP user IDs associated with keys that will be checked for
    111. 

  111. addition to the authorized_keys file.
    112. 

  112. .TP
    113. 

  113. ~/.config/monkeysphere/authorized_keys
    114. 

  114. Monkeysphere generated authorized_keys file.
    115. 

  115. .TP
    116. 

  116. ~/.config/monkeysphere/user_keys
    117. 

  117. User keys cache directory.
    118. 

  118. .TP
    119. 

  119. ~/.config/monkeysphere/host_keys
    120. 

  120. Host keys cache directory.
    121. 

  121. 

  122. .SH AUTHOR
    123. 

  123. 

  124. Written by Jameson Rollins <jrollins@fifthhorseman.net>
    125. 

  125. 

  126. .SH SEE ALSO
    127. 

  127. 

  128. .BR monkeysphere-ssh-proxycommand (1),
    129. 

  129. .BR monkeysphere-server (8),
    130. 

  130. .BR ssh (1),
    131. 

  131. .BR gpg (1)
    132.
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-28 20:24:58 +0000