summaryrefslogtreecommitdiff
path: root/src/rhesus/README
blob: 4d383d524fdacd15e63c2656afe7694d84f10648 (plain) 
    

  1. rhesus is the monkeysphere authorized_keys/known_hosts generator.
    2. 

  2. 

  3. In authorized_keys mode, rhesus takes an auth_user_ids file, which
    4. 

  4. contains gpg user ids, uses gpg to fetch the keys of the specified
    5. 

  5. users, does a monkeysphere policy check on each id, and uses gpg2ssh
    6. 

  6. to generate authorized_keys lines for each verified id.  The lines are
    7. 

  7. then combined with a user's traditional authorized_keys file to create
    8. 

  8. a new authorized_keys file.
    9. 

  9. 

  10. In known_hosts mode, rhesus takes an auth_host_ids file, which
    11. 

  11. contains gpg user ids of the form ssh://URL, uses gpg to fetch the
    12. 

  12. keys of the specified hosts, does a monkeysphere policy check on each
    13. 

  13. id, and uses gpg2ssh to generate a known_hosts lines for each verified
    14. 

  14. id.  The lines are then combined with a user's traditional known_hosts
    15. 

  15. file to create a new known_hosts file.
    16. 

  16. 

  17. When run as a normal user, no special configuration is needed.
    18. 

  18. 

  19. When run as an administrator to update system-maintained
    20. 

  20. authorized_keys files for each user, the following environment
    21. 

  21. variables should be defined first:
    22. 

  22. 

  23.  MS_CONF=/etc/monkeysphere/monkeysphere.conf
    24. 

  24.  USER=foo
    25. 

  25. 

  26. For example, the command might be run like this:
    27. 

  27. 

  28.  for USER in $(ls -1 /home) ; do
    29. 

  29.    MS_CONF=/etc/monkeysphere/monkeysphere.conf rhesus --authorized_keys
    30. 

  30.  done
    31.
generated by cgit v1.2.3 (git 2.46.0) at 2025-01-13 05:53:26 +0000