summaryrefslogtreecommitdiff
path: root/man/man1/monkeysphere.1
blob: 8b338e660c66feb44876a7cfeb72c7d648182026 (plain) 
    

  1. .TH MONKEYSPHERE "1" "June 2008" "monkeysphere" "User Commands"
    2. 

  2. 

  3. .SH NAME
    4. 

  4. 

  5. monkeysphere - Monkeysphere client user interface
    6. 

  6. 

  7. .SH SYNOPSIS
    8. 

  8. 

  9. .B monkeysphere \fIsubcommand\fP [\fIargs\fP]
    10. 

  10. 

  11. .SH DESCRIPTION
    12. 

  12. 

  13. \fBMonkeysphere\fP is a framework to leverage the OpenPGP web of trust
    14. 

  14. for OpenSSH and TLS key-based authentication.  OpenPGP keys are
    15. 

  15. tracked via GnuPG, and added to the authorized_keys and known_hosts
    16. 

  16. files used by OpenSSH for connection authentication.  Monkeysphere can
    17. 

  17. also be used by a validation agent to validate TLS connections
    18. 

  18. (e.g. https).
    19. 

  19. 

  20. \fBmonkeysphere\fP is the Monkeysphere client utility.
    21. 

  21. 

  22. .SH SUBCOMMANDS
    23. 

  23. 

  24. \fBmonkeysphere\fP takes various subcommands:
    25. 

  25. .TP
    26. 

  26. .B update\-known_hosts [HOST]...
    27. 

  27. Update the known_hosts file.  For each specified host, gpg will be
    28. 

  28. queried for a key associated with the host URI (see HOST
    29. 

  29. IDENTIFICATION in
    30. 

  30. .BR monkeysphere(7)),
    31. 

  31. optionally querying a keyserver.
    32. 

  32. If an acceptable key is found for the host (see KEY ACCEPTABILITY in
    33. 

  33. .BR monkeysphere(7)),
    34. 

  34. the key is added to the user's known_hosts file.  If a key is found
    35. 

  35. but is unacceptable for the host, any matching keys are removed from
    36. 

  36. the user's known_hosts file.  If no gpg key is found for the host,
    37. 

  37. nothing is done.  If no hosts are specified, all hosts listed in the
    38. 

  38. known_hosts file will be processed.  This subcommand will exit with a
    39. 

  39. status of 0 if at least one acceptable key was found for a specified
    40. 

  40. host, 1 if no matching keys were found at all, and 2 if matching keys
    41. 

  41. were found but none were acceptable.  `k' may be used in place of
    42. 

  42. `update\-known_hosts'.
    43. 

  43. .TP
    44. 

  44. .B update\-authorized_keys
    45. 

  45. Update the authorized_keys file for the user executing the command
    46. 

  46. (see MONKEYSPHERE_AUTHORIZED_KEYS in ENVIRONMENT, below).  First all
    47. 

  47. monkeysphere keys are cleared from the authorized_keys file.  Then,
    48. 

  48. for each user ID in the user's authorized_user_ids file, gpg will be
    49. 

  49. queried for keys associated with that user ID, optionally querying a
    50. 

  50. keyserver.  If an acceptable key is found (see KEY ACCEPTABILITY in
    51. 

  51. .BR monkeysphere (7)),
    52. 

  52. the key is added to the user's authorized_keys file.
    53. 

  53. If a key is found but is unacceptable for the user ID, any matching
    54. 

  54. keys are removed from the user's authorized_keys file.  If no gpg key
    55. 

  55. is found for the user ID, nothing is done.  This subcommand will exit
    56. 

  56. with a status of 0 if at least one acceptable key was found for a user
    57. 

  57. ID, 1 if no matching keys were found at all, and 2 if matching keys
    58. 

  58. were found but none were acceptable.  `a' may be used in place of
    59. 

  59. `update\-authorized_keys'.
    60. 

  60. .TP
    61. 

  61. .B gen\-subkey [KEYID]
    62. 

  62. Generate an authentication subkey for a private key in your GnuPG
    63. 

  63. keyring.  KEYID is the key ID for the primary key for which the subkey
    64. 

  64. with "authentication" capability will be generated.  If no key ID is
    65. 

  65. specified, but only one key exists in the secret keyring, that key
    66. 

  66. will be used.  The length of the generated key can be specified with
    67. 

  67. the `\-\-length' or `\-l' option.  `g' may be used in place of
    68. 

  68. `gen\-subkey'.
    69. 

  69. .TP
    70. 

  70. .B ssh\-proxycommand [--no-connect] HOST [PORT]
    71. 

  71. An ssh ProxyCommand that can be used to trigger a monkeysphere update
    72. 

  72. of the ssh known_hosts file for a host that is being connected to with
    73. 

  73. ssh.  This works by updating the known_hosts file for the host first,
    74. 

  74. before an attempted connection to the host is made.  Once the
    75. 

  75. known_hosts file has been updated, a TCP connection to the host is
    76. 

  76. made by exec'ing netcat(1).  Regular ssh communication is then done
    77. 

  77. over this netcat TCP connection (see ProxyCommand in ssh_config(5) for
    78. 

  78. more info).
    79. 

  79. 

  80. This command is meant to be run as the ssh "ProxyCommand".  This can
    81. 

  81. either be done by specifying the proxy command on the command line:
    82. 

  82. 

  83. .B ssh \-o ProxyCommand="monkeysphere ssh\-proxycommand %h %p" ...
    84. 

  84. 

  85. or by adding the following line to your ~/.ssh/config script:
    86. 

  86. 

  87. .B ProxyCommand monkeysphere ssh\-proxycommand %h %p
    88. 

  88. 

  89. The script can easily be incorporated into other ProxyCommand scripts
    90. 

  90. by calling it with the "\-\-no\-connect" option, i.e.:
    91. 

  91. 

  92. .B monkeysphere ssh\-proxycommand \-\-no\-connect "$HOST" "$PORT"
    93. 

  93. 

  94. This will run everything except the final exec of netcat to make the
    95. 

  95. TCP connection to the host.  In this way this command can be added to
    96. 

  96. another proxy command that does other stuff, and then makes the
    97. 

  97. connection to the host itself.  For example, in ~/.ssh/config:
    98. 

  98. 

  99. .B ProxyCommand sh -c 'monkeysphere ssh-proxycommand --no-connect "%h" "%p"; ssh -W "%h:%p" jumphost.example.net'
    100. 

  100. 

  101. KEYSERVER CHECKING:
    102. 

  102. The proxy command has a fairly nuanced policy for when keyservers are
    103. 

  103. queried when processing a host.  If the host userID is not found in
    104. 

  104. either the user's keyring or in the known_hosts file, then the
    105. 

  105. keyserver is queried for the host userID.  If the host userID is found
    106. 

  106. in the user's keyring, then the keyserver is not checked.  This
    107. 

  107. assumes that the keyring is kept up-to-date, in a cronjob or the like,
    108. 

  108. so that revocations are properly handled.  If the host userID is not
    109. 

  109. found in the user's keyring, but the host is listed in the known_hosts
    110. 

  110. file, then the keyserver is not checked.  This last policy might
    111. 

  111. change in the future, possibly by adding a deferred check, so that
    112. 

  112. hosts that go from non-monkeysphere-enabled to monkeysphere-enabled
    113. 

  113. will be properly checked.
    114. 

  114. 

  115. Setting the CHECK_KEYSERVER variable in the config file or the
    116. 

  116. MONKEYSPHERE_CHECK_KEYSERVER environment variable to either `true' or
    117. 

  117. `false' will override the keyserver-checking policy defined above and
    118. 

  118. either always or never check the keyserver for host key updates.
    119. 

  119. 

  120. .TP
    121. 

  121. .B subkey\-to\-ssh\-agent [ssh\-add arguments]
    122. 

  122. Push all authentication-capable subkeys in your GnuPG secret keyring
    123. 

  123. into your running ssh-agent.  Additional arguments are passed through
    124. 

  124. to
    125. 

  125. .BR ssh\-add (1).
    126. 

  126. For example, to remove the authentication subkeys, pass an additional
    127. 

  127. `\-d' argument.  To require confirmation on each use of the key, pass
    128. 

  128. `\-c'.  The MONKEYSPHERE_SUBKEYS_FOR_AGENT environment can be used to
    129. 

  129. specify the full fingerprints of specific keys to add to the agent
    130. 

  130. (space separated), instead of adding them all.  `s' may be used in
    131. 

  131. place of `subkey\-to\-ssh\-agent'.
    132. 

  132. .TP
    133. 

  133. .B keys\-for\-userid USERID
    134. 

  134. Output to stdout all acceptable keys for a given user ID.
    135. 

  135. `u' may be used in place of `keys\-for\-userid'.
    136. 

  136. .TP
    137. 

  137. .B sshfprs\-for\-userid USERID
    138. 

  138. Output the ssh fingerprints of acceptable keys for a given user ID.
    139. 

  139. .TP
    140. 

  140. .B version
    141. 

  141. Show the monkeysphere version number.  `v' may be used in place of
    142. 

  142. `version'.
    143. 

  143. .TP
    144. 

  144. .B help
    145. 

  145. Output a brief usage summary.  `h' or `?' may be used in place of
    146. 

  146. `help'.
    147. 

  147. 

  148. .SH ENVIRONMENT
    149. 

  149. 

  150. The following environment variables will override those specified in
    151. 

  151. the monkeysphere.conf configuration file (defaults in parentheses):
    152. 

  152. .TP
    153. 

  153. MONKEYSPHERE_LOG_LEVEL
    154. 

  154. Set the log level.  Can be SILENT, ERROR, INFO, VERBOSE, DEBUG,
    155. 

  155. in increasing order of verbosity. (INFO)
    156. 

  156. .TP
    157. 

  157. MONKEYSPHERE_GNUPGHOME, GNUPGHOME
    158. 

  158. GnuPG home directory. (~/.gnupg)
    159. 

  159. .TP
    160. 

  160. MONKEYSPHERE_KEYSERVER
    161. 

  161. OpenPGP keyserver to use. (pool.sks-keyservers.net)
    162. 

  162. .TP
    163. 

  163. MONKEYSPHERE_CHECK_KEYSERVER
    164. 

  164. Whether or not to check keyserver when making gpg queries. (true)
    165. 

  165. .TP
    166. 

  166. MONKEYSPHERE_KNOWN_HOSTS
    167. 

  167. Path to ssh known_hosts file. (~/.ssh/known_hosts)
    168. 

  168. .TP
    169. 

  169. MONKEYSPHERE_HASH_KNOWN_HOSTS
    170. 

  170. Whether or not to hash to the known_hosts file entries. (false)
    171. 

  171. .TP
    172. 

  172. MONKEYSPHERE_AUTHORIZED_KEYS
    173. 

  173. Path to ssh authorized_keys file. (~/.ssh/authorized_keys)
    174. 

  174. .TP
    175. 

  175. MONKEYSPHERE_PROMPT
    176. 

  176. If set to `false', never prompt the user for confirmation. (true)
    177. 

  177. .TP
    178. 

  178. MONKEYSPHERE_STRICT_MODES
    179. 

  179. If set to `false', ignore too-loose permissions on known_hosts,
    180. 

  180. authorized_keys, and authorized_user_ids files.  NOTE: setting this to
    181. 

  181. false may expose you to abuse by other users on the system. (true)
    182. 

  182. .TP
    183. 

  183. MONKEYSPHERE_SUBKEYS_FOR_AGENT
    184. 

  184. A space-separated list of authentication-capable subkeys to add to the
    185. 

  185. ssh agent with subkey-to-ssh-agent.
    186. 

  186. 

  187. .SH FILES
    188. 

  188. 

  189. .TP
    190. 

  190. ~/.monkeysphere/monkeysphere.conf
    191. 

  191. User monkeysphere config file.
    192. 

  192. .TP
    193. 

  193. __SYSCONFDIR_PREFIX__/etc/monkeysphere/monkeysphere.conf
    194. 

  194. System-wide monkeysphere config file.
    195. 

  195. .TP
    196. 

  196. ~/.monkeysphere/authorized_user_ids
    197. 

  197. A list of OpenPGP user IDs, one per line.  OpenPGP keys with an
    198. 

  198. exactly-matching User ID (calculated valid by the designated identity
    199. 

  199. certifiers), will have any valid authorization-capable keys or subkeys
    200. 

  200. added to the given user's authorized_keys file.
    201. 

  201. 

  202. .SH AUTHOR
    203. 

  203. 

  204. Written by:
    205. 

  205. Jameson Rollins <jrollins@finestructure.net>,
    206. 

  206. Daniel Kahn Gillmor <dkg@fifthhorseman.net>
    207. 

  207. 

  208. .SH SEE ALSO
    209. 

  209. 

  210. .BR monkeysphere\-host (8),
    211. 

  211. .BR monkeysphere\-authentication (8),
    212. 

  212. .BR monkeysphere (7),
    213. 

  213. .BR ssh (1),
    214. 

  214. .BR ssh\-add (1),
    215. 

  215. .BR gpg (1)
    216.
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-02 09:24:40 +0000