blob: d221c87ba369dcafed6cb3f5bc6789dd44a58f31 (
plain)
- .TH MONKEYSPHERE "7" "June 2008" "monkeysphere" "System Frameworks"
- .SH NAME
- monkeysphere \- ssh authentication framework using OpenPGP Web of
- Trust
- .SH DESCRIPTION
- \fBMonkeysphere\fP is a framework to leverage the OpenPGP Web of Trust
- for ssh authentication. OpenPGP keys are tracked via GnuPG, and added
- to the authorized_keys and known_hosts files used by ssh for
- connection authentication.
- .SH IDENTITY CERTIFIERS
- FIXME: describe identity certifier concept
- .SH KEY ACCEPTABILITY
- During known_host and authorized_keys updates, the monkeysphere
- commands work from a set of user IDs to determine acceptable keys for
- ssh authentication. OpenPGP keys are considered acceptable if the
- following criteria are met:
- .TP
- .B capability
- The key must have the "authentication" ("a") usage flag set.
- .TP
- .B validity
- The key itself must be valid, i.e. it must be well-formed, not
- expired, and not revoked.
- .TP
- .B certification
- The relevant user ID must be signed by a trusted identity certifier.
- .SH HOST IDENTIFICATION
- The OpenPGP keys for hosts have associated user IDs that use the ssh
- URI specification for the host, i.e. "ssh://host.full.domain[:port]".
- .SH AUTHOR
- Written by:
- Jameson Rollins <jrollins@fifthhorseman.net>,
- Daniel Kahn Gillmor <dkg@fifthhorseman.net>
- .SH SEE ALSO
- .BR monkeysphere (1),
- .BR monkeysphere-host (8),
- .BR monkeysphere-authentication (8),
- .BR openpgp2ssh (1),
- .BR pem2openpgp (1),
- .BR gpg (1),
- .BR ssh (1),
- .BR http://tools.ietf.org/html/rfc4880,
- .BR http://tools.ietf.org/wg/secsh/draft-ietf-secsh-scp-sftp-ssh-uri/
|