summaryrefslogtreecommitdiff
path: root/man/man1/monkeysphere.1
blob: 5ed2153bcd195ed3ae8a31359107cac4c8da156d (plain) 
    

  1. .TH MONKEYSPHERE "1" "June 2008" "monkeysphere 0.1" "User Commands"
    2. 

  2. 

  3. .SH NAME
    4. 

  4. 

  5. monkeysphere \- Monkeysphere client user interface
    6. 

  6. 

  7. .SH SYNOPSIS
    8. 

  8. 

  9. .B monkeysphere \fIsubcommand\fP [\fIargs\fP]
    10. 

  10. 

  11. .SH DESCRIPTION
    12. 

  12. 

  13. \fBMonkeysphere\fP is a framework to leverage the OpenPGP web of trust
    14. 

  14. for OpenSSH authentication.  OpenPGP keys are tracked via GnuPG, and
    15. 

  15. added to the authorized_keys and known_hosts files used by OpenSSH for
    16. 

  16. connection authentication.
    17. 

  17. 

  18. \fBmonkeysphere\fP is the Monkeysphere client utility.
    19. 

  19. 

  20. .SH SUBCOMMANDS
    21. 

  21. 

  22. \fBmonkeysphere\fP takes various subcommands:
    23. 

  23. .TP
    24. 

  24. .B update-known_hosts [HOST]...
    25. 

  25. Update the known_hosts file.  For each specified host, gpg will be
    26. 

  26. queried for a key associated with the host URI (see HOST
    27. 

  27. IDENTIFICATION in
    28. 

  28. .BR monkeysphere(5)),
    29. 

  29. optionally querying a keyserver.
    30. 

  30. If an acceptable key is found for the host (see KEY ACCEPTABILITY in
    31. 

  31. .BR monkeysphere(5)),
    32. 

  32. the key is added to the user's known_hosts file.  If a key is found
    33. 

  33. but is unacceptable for the host, any matching keys are removed from
    34. 

  34. the user's known_hosts file.  If no gpg key is found for the host,
    35. 

  35. nothing is done.  If no hosts are specified, all hosts listed in the
    36. 

  36. known_hosts file will be processed.  This subcommand will exit with a
    37. 

  37. status of 0 if at least one acceptable key was found for a specified
    38. 

  38. host, 1 if no matching keys were found at all, and 2 if matching keys
    39. 

  39. were found but none were acceptable.  `k' may be used in place of
    40. 

  40. `update-known_hosts'.
    41. 

  41. .TP
    42. 

  42. .B update-authorized_keys
    43. 

  43. Update the authorized_keys file for the user executing the command
    44. 

  44. (see MONKEYSPHERE_AUTHORIZED_KEYS in ENVIRONMENT, below).  First all
    45. 

  45. monkeysphere keys are cleared from the authorized_keys file.  Then, or
    46. 

  46. each user ID in the user's authorized_user_ids file, gpg will be
    47. 

  47. queried for keys associated with that user ID, optionally querying a
    48. 

  48. keyserver.  If an acceptable key is found (see KEY ACCEPTABILITY in
    49. 

  49. .BR monkeysphere (5)),
    50. 

  50. the key is added to the user's authorized_keys file.
    51. 

  51. If a key is found but is unacceptable for the user ID, any matching
    52. 

  52. keys are removed from the user's authorized_keys file.  If no gpg key
    53. 

  53. is found for the user ID, nothing is done.  This subcommand will exit
    54. 

  54. with a status of 0 if at least one acceptable key was found for a user
    55. 

  55. ID, 1 if no matching keys were found at all, and 2 if matching keys
    56. 

  56. were found but none were acceptable.  `a' may be used in place of
    57. 

  57. `update-authorized_keys'.
    58. 

  58. .TP
    59. 

  59. .B gen-subkey [KEYID]
    60. 

  60. Generate an authentication subkey for a private key in your GnuPG
    61. 

  61. keyring.  For the primary key with the specified key ID, generate a
    62. 

  62. subkey with "authentication" capability that can be used for
    63. 

  63. monkeysphere transactions.  An expiration length can be specified with
    64. 

  64. the `-e' or `--expire' option (prompt otherwise).  If no key ID is
    65. 

  65. specified, but only one key exists in the secret keyring, that key
    66. 

  66. will be used.  `g' may be used in place of `gen-subkey'.
    67. 

  67. .TP
    68. 

  68. .B subkey-to-ssh-agent [ssh-add arguments]
    69. 

  69. Push all authentication-capable subkeys in your GnuPG secret keyring
    70. 

  70. into your running ssh-agent.  Additional arguments are passed through
    71. 

  71. to
    72. 

  72. .BR ssh-add (1).
    73. 

  73. For example, to remove the authentication subkeys, pass an additional
    74. 

  74. `-d' argument.  To require confirmation on each use of the key, pass
    75. 

  75. `-c'.  `s' may be used in place of `subkey-to-ssh-agent'.
    76. 

  76. .TP
    77. 

  77. .B help
    78. 

  78. Output a brief usage summary.  `h' or `?' may be used in place of
    79. 

  79. `help'.
    80. 

  80. 

  81. .SH ENVIRONMENT
    82. 

  82. 

  83. The following environment variables will override those specified in
    84. 

  84. the monkeysphere.conf configuration file (defaults in parentheses):
    85. 

  85. .TP
    86. 

  86. MONKEYSPHERE_LOG_LEVEL
    87. 

  87. Set the log level.  Can be SILENT, ERROR, INFO, VERBOSE, DEBUG, in
    88. 

  88. increasing order of verbosity.
    89. 

  89. .TP
    90. 

  90. MONKEYSPHERE_GNUPGHOME, GNUPGHOME
    91. 

  91. GnuPG home directory (~/.gnupg).
    92. 

  92. .TP
    93. 

  93. MONKEYSPHERE_KEYSERVER
    94. 

  94. OpenPGP keyserver to use (subkeys.pgp.net).
    95. 

  95. .TP
    96. 

  96. MONKEYSPHERE_CHECK_KEYSERVER
    97. 

  97. Whether or not to check keyserver when making gpg queries (`true').
    98. 

  98. .TP
    99. 

  99. MONKEYSPHERE_KNOWN_HOSTS
    100. 

  100. Path to ssh known_hosts file (~/.ssh/known_hosts).
    101. 

  101. .TP
    102. 

  102. MONKEYSPHERE_HASH_KNOWN_HOSTS
    103. 

  103. Whether or not to hash to the known_hosts file entries (`true').
    104. 

  104. .TP
    105. 

  105. MONKEYSPHERE_AUTHORIZED_KEYS
    106. 

  106. Path to ssh authorized_keys file (~/.ssh/authorized_keys).
    107. 

  107. 

  108. .SH FILES
    109. 

  109. 

  110. .TP
    111. 

  111. ~/.config/monkeysphere/monkeysphere.conf
    112. 

  112. User monkeysphere config file.
    113. 

  113. .TP
    114. 

  114. /etc/monkeysphere/monkeysphere.conf
    115. 

  115. System-wide monkeysphere config file.
    116. 

  116. .TP
    117. 

  117. ~/.config/monkeysphere/authorized_user_ids
    118. 

  118. OpenPGP user IDs associated with keys that will be checked for
    119. 

  119. addition to the authorized_keys file.
    120. 

  120. 

  121. .SH AUTHOR
    122. 

  122. 

  123. Written by Jameson Rollins <jrollins@fifthhorseman.net>, Daniel
    124. 

  124. Kahn Gillmor <dkg@fifthhorseman.net>
    125. 

  125. 

  126. .SH SEE ALSO
    127. 

  127. 

  128. .BR monkeysphere-ssh-proxycommand (1),
    129. 

  129. .BR monkeysphere-server (8),
    130. 

  130. .BR monkeysphere (5),
    131. 

  131. .BR ssh (1),
    132. 

  132. .BR ssh-add (1),
    133. 

  133. .BR gpg (1)
    134.
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-16 14:09:05 +0000