summaryrefslogtreecommitdiff
path: root/man/man1/monkeysphere.1
blob: d00a9db07b2d4765346ae47c4a20d867bfe17374 (plain)
  1. .TH MONKEYSPHERE "1" "June 2008" "monkeysphere 0.1" "User Commands"
  2. .SH NAME
  3. monkeysphere \- MonkeySphere client user interface
  4. .PD
  5. .SH SYNOPSIS
  6. .B monkeysphere \fIcommand\fP [\fIargs\fP]
  7. .PD
  8. .SH DESCRIPTION
  9. .PP
  10. MonkeySphere is a system to leverage the OpenPGP Web of Trust for ssh
  11. authentication and encryption. OpenPGP keys are tracked via GnuPG,
  12. and added to the ssh authorized_keys and known_hosts files to be used
  13. for authentication and encryption of ssh connection.
  14. \fBmonkeysphere\fP is the MonkeySphere client utility.
  15. .PD
  16. .SH SUBCOMMANDS
  17. \fBmonkeysphere\fP takes various subcommands:
  18. .TP
  19. .B update-known_hosts [HOST]...
  20. Update the known_hosts file. For each specified host, gpg will be
  21. queried for a key associated with the host URI (see HOST URIs),
  22. querying a keyserver if none is found in the user's keychain. search
  23. for a gpg key for the host in the Web of Trust. If a key is found, it
  24. will be added to the host_keys cache (see KEY CACHES) and any ssh keys
  25. for the host will be removed from the user's known_hosts file. If the
  26. found key is acceptable (see KEY ACCEPTABILITY), then the host's gpg
  27. key will be added to the known_hosts file. If no gpg key is found for
  28. the host, then nothing is done. If no hosts are specified, all hosts
  29. listed in the known_hosts file will be processed. `k' may be used in
  30. place of `update-known_hosts'.
  31. .TP
  32. .B update-userids [USERID]...
  33. Add/update a userid in the authorized_user_ids file. The user IDs
  34. specified should be exact matches to OpenPGP user IDs. For each
  35. specified user ID, gpg will be queried for a key associated with that
  36. user ID, querying a keyserver if none is found in the user's keychain.
  37. If a key is found, it will be added to the user_keys cache (see KEY
  38. CACHES) and the user ID will be added to the user's
  39. authorized_user_ids file (if it wasn't already present).
  40. .TP
  41. .B update-authorized_keys
  42. Update the monkeysphere authorized_keys file. The monkeysphere
  43. authorized_keys file will be regenerated from the valid keys in the
  44. user_key cache, and the user's independently controlled
  45. authorized_keys file (usually ~/.ssh/authorized_keys).
  46. .TP
  47. .B gen-ae-subkey KEYID
  48. Generate an `ae` capable subkey. For the primary key with the
  49. specified key ID, generate a subkey with "authentication" and
  50. "encryption" capability that can be used for MonkeySphere
  51. transactions.
  52. .TP
  53. .B help
  54. Output a brief usage summary. `h' or `?' may be used in place of
  55. `help'.
  56. .PD
  57. .SH KEY ACCEPTABILITY
  58. GPG keys are considered acceptable if the following criteria are met:
  59. .PD
  60. .TP
  61. .B capability
  62. The key must have both the "authentication" and "encrypt" capability
  63. flags.
  64. .TP
  65. .B validity
  66. The key must be "fully" valid, and must not be expired or revoked.
  67. .PD
  68. .SH KEY CACHES
  69. Monkeysphere keeps track of keys in key cache directories. The files
  70. in the cache are named with the format "USERID_HASH.PUB_KEY_ID", where
  71. USERID_HASH is a hash of the exact OpenPGP user ID, and PUB_KEY_ID is
  72. the key ID of the primary key. If the user/key ID combo exists in the
  73. Web of Trust but is not acceptable, then the file is empty. If the
  74. primary key has at least one acceptable sub key, then an ssh-style
  75. key, converted from the OpenPGP key, of all acceptable subkeys will be
  76. stored in the cache file, one per line. known_hosts style key lines
  77. will be stored in the host_keys cache files, and authorized_keys style
  78. key lines will be stored in the user_keys cache files. OpenPGP keys
  79. are converted to ssh-style keys with the openpgp2ssh utility (see `man
  80. openpgp2ssh').
  81. .PD
  82. .SH FILES
  83. .PD 1
  84. .TP
  85. ~/.config/monkeysphere/monkeysphere.conf
  86. User monkeysphere config file.
  87. .TP
  88. /etc/monkeysphere/monkeysphere.conf
  89. System-wide monkeysphere config file.
  90. .TP
  91. ~/.config/monkeysphere/authorized_user_ids
  92. GPG user IDs associated with keys that will be checked for addition to
  93. the authorized_keys file.
  94. .TP
  95. ~/.config/monkeysphere/authorized_keys
  96. Monkeysphere generated authorized_keys file.
  97. .TP
  98. ~/.config/monkeysphere/user_keys
  99. User keys cache directory.
  100. .TP
  101. ~/.config/monkeysphere/host_keys
  102. Host keys cache directory.
  103. .PD
  104. .SH AUTHOR
  105. Written by Jameson Rollins <jrollins@fifthhorseman.net>
  106. .PD
  107. .SH SEE ALSO
  108. .BR ssh (1),
  109. .BR monkeysphere-ssh-proxycommand (1),
  110. .BR gpg (1),
  111. .BR monkeysphere-server (8)