summaryrefslogtreecommitdiff
path: root/man/man7/monkeysphere.7
blob: 578d96cef5f4408692478b569de7be6ae5cfb685 (plain)
  1. .TH MONKEYSPHERE "7" "June 2008" "monkeysphere" "System Frameworks"
  2. .SH NAME
  3. monkeysphere \- ssh authentication framework using OpenPGP Web of
  4. Trust
  5. .SH DESCRIPTION
  6. \fBMonkeysphere\fP is a framework to leverage the OpenPGP Web of Trust
  7. for ssh authentication. OpenPGP keys are tracked via GnuPG, and added
  8. to the authorized_keys and known_hosts files used by ssh for
  9. connection authentication.
  10. .SH IDENTITY CERTIFIERS
  11. FIXME: describe identity certifier concept
  12. .SH KEY ACCEPTABILITY
  13. During known_host and authorized_keys updates, the monkeysphere
  14. commands work from a set of user IDs to determine acceptable keys for
  15. ssh authentication. OpenPGP keys are considered acceptable if the
  16. following criteria are met:
  17. .TP
  18. .B capability
  19. The key must have the "authentication" ("a") usage flag set.
  20. .TP
  21. .B validity
  22. The key itself must be valid, i.e. it must be well-formed, not
  23. expired, and not revoked.
  24. .TP
  25. .B certification
  26. The relevant user ID must be signed by a trusted identity certifier.
  27. .SH HOST IDENTIFICATION
  28. The OpenPGP keys for hosts have associated user IDs that use the ssh
  29. URI specification for the host, i.e. "ssh://host.full.domain[:port]".
  30. .SH AUTHOR
  31. Written by:
  32. Jameson Rollins <jrollins@fifthhorseman.net>,
  33. Daniel Kahn Gillmor <dkg@fifthhorseman.net>
  34. .SH SEE ALSO
  35. .BR monkeysphere (1),
  36. .BR monkeysphere-host (8),
  37. .BR monkeysphere-authentication (8),
  38. .BR openpgp2ssh (1),
  39. .BR pem2openpgp (1),
  40. .BR gpg (1),
  41. .BR http://tools.ietf.org/html/rfc4880,
  42. .BR ssh (1),
  43. .BR http://tools.ietf.org/wg/secsh/draft-ietf-secsh-scp-sftp-ssh-uri/