blob: f808eff2a84fe5f12eb1b940847f88b287695e58 (
plain)
- .TH MONKEYSPHERE-SERVER "1" "June 2008" "monkeysphere 0.1" "User Commands"
- .SH NAME
- monkeysphere-server \- monkeysphere server admin user interface
- .SH SYNOPSIS
- .B monkeysphere-server \fIcommand\fP [\fIargs\fP]
- .SH DESCRIPTION
- \fBMonkeySphere\fP is a system to leverage the OpenPGP Web of Trust
- for ssh authentication and encryption. OpenPGP keys are tracked via
- GnuPG, and added to the ssh authorized_keys and known_hosts files to
- be used for authentication of ssh connections.
- \fBmonkeysphere-server\fP is the MonkeySphere server admin utility.
- .SH SUBCOMMANDS
- \fBmonkeysphere-server\fP takes various subcommands:
- .TP
- .B update-users [USER]...
- Update the admin-controlled authorized_keys files for user. For each
- user specified, user ID's listed in the user's authorized_user_ids
- file are processed, and the user's authorized_keys file in
- /var/cache/monkeysphere/authorized_keys/USER. See `man monkeysphere'
- for more info. If the USER_CONTROLLED_AUTHORIZED_KEYS variable is
- set, then a user-controlled authorized_keys file (usually
- ~USER/.ssh/authorized_keys) is added to the authorized_keys file. `u'
- may be used in place of `update-users.
- .TP
- .B gen-key
- Generate a gpg key for the host. `g' may be used in place of
- `gen-key'.
- .TP
- .B show-fingerprint
- Show the fingerprint for the host's OpenPGP key. `f' may be used in place of
- `show-fingerprint'.
- .TP
- .B publish-key
- Publish the host's gpg key to the keyserver. `p' may be used in place
- of `publish-key'.
- .TP
- .B trust-key KEYID [LEVEL]
- Set owner trust for key. If LEVEL is not specified, then the program
- will prompt for an owner trust level to set for KEYID. This function
- lsigns the key as well so that it will have a known validity. `t' may
- be used in place of `trust-key'.
- .TP
- .B help
- Output a brief usage summary. `h' or `?' may be used in place of
- `help'.
- .SH SETUP
- In order to start using the monkeysphere, there are a couple of things
- you need to do first. The first is to generate an OpenPGP key for the
- server and convert that key to an ssh key that can be used by ssh for
- host authentication. To do this, run the "gen-key" subcommand. Once
- that is done, publish the key to a keyserver with "publish-key"
- subcommand. Finally, you need to modify the sshd_config to tell sshd
- where the new server host key:
- HostKey /etc/monkeysphere/ssh_host_rsa_key
- If the server will also handle user authentication through
- monkeysphere-generated authorized_keys files, set the following:
- AuthorizedKeysFile /var/cache/monkeysphere/authorized_keys/%u
- Once those changes are made, restart the ssh server.
- .SH FILES
- .TP
- /etc/monkeysphere/monkeysphere-server.conf
- System monkeysphere-server config file.
- .TP
- /etc/monkeysphere/monkeysphere.conf
- System-wide monkeysphere config file.
- .TP
- /etc/monkeysphere/gnupg
- Monkeysphere GNUPG home directory.
- .TP
- /etc/monkeysphere/ssh_host_rsa_key
- Copy of the host's private key in ssh format, suitable for use by sshd.
- .TP
- /etc/monkeysphere/authorized_user_ids/USER
- Server maintained authorized_user_ids files for users.
- .TP
- /var/cache/monkeysphere/authorized_keys/USER
- User authorized_keys file.
- .SH AUTHOR
- Written by Jameson Rollins <jrollins@fifthhorseman.net>
- .SH SEE ALSO
- .BR monkeysphere (1),
- .BR gpg (1),
- .BR ssh (1)
|
