summaryrefslogtreecommitdiff
path: root/man/man8/monkeysphere-server.8
blob: 9bb7b2d51e8547f36e18df8a5df7b86a3e1e42cb (plain)
  1. .TH MONKEYSPHERE-SERVER "1" "June 2008" "monkeysphere 0.1" "User Commands"
  2. .SH NAME
  3. monkeysphere-server \- monkeysphere server admin user interface
  4. .SH SYNOPSIS
  5. .B monkeysphere-server \fIcommand\fP [\fIargs\fP]
  6. .SH DESCRIPTION
  7. \fBMonkeySphere\fP is a system to leverage the OpenPGP Web of Trust
  8. for ssh authentication and encryption. OpenPGP keys are tracked via
  9. GnuPG, and added to the ssh authorized_keys and known_hosts files to
  10. be used for authentication of ssh connections.
  11. \fBmonkeysphere-server\fP is the MonkeySphere server admin utility.
  12. .SH SUBCOMMANDS
  13. \fBmonkeysphere-server\fP takes various subcommands:
  14. .TP
  15. .B update-users [USER]...
  16. Update the admin-controlled authorized_keys files for user. For each
  17. user specified, user ID's listed in the user's authorized_user_ids
  18. file are processed, and the user's authorized_keys file in
  19. /var/cache/monkeysphere/authorized_keys/USER. See `man monkeysphere'
  20. for more info. If the USER_CONTROLLED_AUTHORIZED_KEYS variable is
  21. set, then a user-controlled authorized_keys file (usually
  22. ~USER/.ssh/authorized_keys) is added to the authorized_keys file. `u'
  23. may be used in place of `update-users.
  24. .TP
  25. .B gen-key
  26. Generate a gpg key for the host. `g' may be used in place of
  27. `gen-key'.
  28. .TP
  29. .B show-fingerprint
  30. Show the fingerprint for the host's OpenPGP key. `f' may be used in place of
  31. `show-fingerprint'.
  32. .TP
  33. .B publish-key
  34. Publish the host's gpg key to the keyserver. `p' may be used in place
  35. of `publish-key'.
  36. .TP
  37. .B trust-key KEYID [LEVEL]
  38. Set owner trust for key. If LEVEL is not specified, then the program
  39. will prompt for an owner trust level to set for KEYID. This function
  40. lsigns the key as well so that it will have a known validity. `t' may
  41. be used in place of `trust-key'.
  42. .TP
  43. .B help
  44. Output a brief usage summary. `h' or `?' may be used in place of
  45. `help'.
  46. .SH SETUP
  47. In order to start using the monkeysphere, there are a couple of things
  48. you need to do first. The first is to generate an OpenPGP key for the
  49. server and convert that key to an ssh key that can be used by ssh for
  50. host authentication. To do this, run the "gen-key" subcommand. Once
  51. that is done, publish the key to a keyserver with "publish-key"
  52. subcommand. Finally, you need to modify the sshd_config to tell sshd
  53. where the new server host key:
  54. HostKey /var/lib/monkeysphere/ssh_host_rsa_key
  55. If the server will also handle user authentication through
  56. monkeysphere-generated authorized_keys files, set the following:
  57. AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u
  58. Once those changes are made, restart the ssh server.
  59. .SH FILES
  60. .TP
  61. /etc/monkeysphere/monkeysphere-server.conf
  62. System monkeysphere-server config file.
  63. .TP
  64. /etc/monkeysphere/monkeysphere.conf
  65. System-wide monkeysphere config file.
  66. .TP
  67. /var/lib/monkeysphere/authorized_keys/USER
  68. Monkeysphere-generated user authorized_keys files.
  69. .TP
  70. /var/lib/monkeysphere/ssh_host_rsa_key
  71. Copy of the host's private key in ssh format, suitable for use by
  72. sshd.
  73. .TP
  74. /var/lib/monkeysphere/gnupg-host
  75. Monkeysphere host GNUPG home directory.
  76. .TP
  77. /var/lib/monkeysphere/gnupg-authentication
  78. Monkeysphere authentication GNUPG home directory.
  79. .SH AUTHOR
  80. Written by Jameson Rollins <jrollins@fifthhorseman.net>
  81. .SH SEE ALSO
  82. .BR monkeysphere (1),
  83. .BR gpg (1),
  84. .BR ssh (1)